Outsourcing IT

In the current business environment with ever-increasing organizational complexity, the use of outsourcing services has become almost necessary to simplify the operations. Regardless of its scale and scope, IT is definitely one of the most important choice for outsourcing that can help organizations to stay up-to-date with the latest technologies, reduce complexities, lower the costs and do the things more efficiently. IT outsourcing services should be designed with flexibility, scalability and agility in mind to properly provide first-class support for the various sizes of enterprises. With proper planning and execution, outsourcing IT services would allow enterprises to focus at their core businesses while enjoying the great benefits that vary from cost saving to risk reduction.

There are several different functions within IT services that could be outsourced to move the enterprises away from complex IT environments. Most obvious and mostly outsourced IT service is service desk outsourcing. Service desk outsourcing is designed to address client issues promptly and effectively either with on site or remote support capabilities. Outsourcing companies can ensure consistent quality by keeping highly qualified service desk staff in a shared talent pool to help enterprises get the best services at a reduced cost. Another common IT outsourcing option is cloud based services. Cloud based services can help enterprises to reduce the operating costs, mitigate risks, improve utilization and reduce complexity. Cloud based services can offer software, storage, computing and other types of IT infrastructure under a monthly billed operational expense instead of a capital expense. Network outsourcing would be another option for enterprises that would like to minimize the network downtime and reduce the network operating costs while establishing more secure and robust network infrastructure. In network outsourcing, enterprises have the option of outsourcing the entire network or a part of it at different levels of operations such as outsourcing only the network administration, virtualization or hosting the entire network. IT security outsourcing is yet another outsourcing option to ensure highly secure internal and external IT networks with frequently conducted security audits for constant improvement. IT departments in organization would manage a high volume of assets including hardware, software, services and contracts. Asset management outsourcing services would address the total lifecycle of these assets to to provide a rapid return on investments. By properly managing assets, organization could lower the asset costs and place themselves on the safe side for the software license audits. A lesser known outsourcing option is business analyst outsourcing. A business analyst is an IT professional who analyses and studies an organization’s business processes to enable efficient and accurate IT implementation. Business analyst outsourcing comes into play when enterprises who want to meet the needs of businesses without moving away from their core business focus, use outsourcing support for finding and developing business systems and services. Other IT outsourcing options may include IT consulting, IT audit, IT equipment rental, etc. Furthermore, some enterprises might not have the internal resources to quickly comply with new regulations; flexible, scalable and agile IT outsourcing companies would help in such cases to provide outsourcing services in specific areas such as e-invoice, e-archive hosting services.

In summary, IT outsourcing would help companies to reduce their IT operation costs, mitigate risks, help focusing their core operations, get access to a larger knowledge base and talent pool, free up internal resources to put in to effective use for other purposes, gain access to resources that might now available internally. No matter what reason is behind for practicing outsourcing option, benefits are similar for most of the enterprises and IT outsourcing quickly become a core component of their business strategies.

Advertisements

Developing World Class IT Infrastructure

When it comes to IT infrastructure, people think that it only consists of the hardware, software and other infrastructure items such as cabling, conduits etc. IT is actually no different from the other internal functions, IT infrastructure also include processes and services. How IT processes and services are managed and delivered impacts the overall goal of all corporations to develop a world class infrastructure.

In order to help achieving a world-class infrastructure in IT perspective, planning should be made very carefully. Planning phases could be divided in 3 categories:

  • Short term: what are the low hanging fruits and how the quick improvements can be made.
  • Mid-term: what areas require or would benefit from quick communication to recognize that the issue is acknowledged and rectification will be made.
  • Long term:  what areas require more long term focus and strategic planning.

All IT should be aware of its assets, service portfolio management is a part of this process to define existing and even retired IT services and applications.
IT should make plans into increasing the accessibility of all of its assets and better streamlining the existing assets, increasing number of training sessions for the target users.
It is crucial to help develop and maintain share of knowledge, extending access rights and providing more automation to systems and tools to all levels would accelerate decision making and ensure timeliness. Protecting information from the staff is a practice from the last century, today, organizations go more flat and no staff is deprived from the information resources. It is important that for all colleagues to stay current to build up their competency levels to manage and sustain innovation.

Of course, for the long run, corporations strategically work toward a more integrated system to reduce the manual work by increasing the automation. IT nowadays create strategies to work more closely with the business units to identify non-value added processes, duplication of work, critical business processes, improvement opportunities, etc.

The Dark Side of Connectivity

As we rely on computers and connectivity for an increasing number of reasons and connect a substantial number of devices to the Internet, our lives get exposed and vulnerable to a greater extent. There are various ways to damage or exploit one’s computer, mobile or other connected devices.

The best known threat of all is the viruses. With harmful intentions, viruses are tiny computer programs that are not intended to be run by the device owner. Automatically and without users’ permission, they copy and run themselves and they always have another additional motive that would range from harmless message spreading to crashing the entire system. There is a never-ending race between the security companies and the virus developers. In a vicious circle, virus developers create an unknown virus, while security companies write a protection against it as soon as the virus is out. Some viruses are extremely simple and easy to attain protection while some others are elaborately written with high technology coding techniques. There is even an advanced virus called Mytob that is not only spreads itself to the computer, but also alters the virus protection programs on the computer to disguise itself as legitimate. Another interesting virus called GPCoder encodes all the files in the computer, asks for money to reveal the encryption password. This virus is the first blackmailer in the history of the computer viruses that is now categorized as RansomWare.

Similar to viruses; worms, malicious macros and trojans somehow copy themselves to the systems and forward themselves to the other victims in the same network. Worms specifically utilize the mailing systems or networks, attaining the addresses in the vicinity, they copy or send themselves to the every system in the environment. In some cases, they basically spread messages, other times they execute harmful actions such as bringing the entirety of the network to its knees. Macros spread themselves with Office programs or similar macro-using software. For example, one can receive a spreadsheet from a known source and open to process it, all of a sudden a macro runs automatically and perform an action that is not intended in the first place. With users’ insecure download habits, trojans are easy to distribute. There are a significant number of computer users who incautiously open, receive or download email messages from other sources. Some of these files are considered to be Trojans, the user thinks it is just an amusing video or his/her favorite mp3 song, however along with this intended content, these files also have vicious content that would harm the computer, this is called malware. Just as the historical Trojan horse, thought to be a gift in reality there were soldiers inside it. In order to collect private information such as account numbers and passwords, trojans are opening the necessary ports to allow external connections. These types of trojans are also called Spyware. Taking control of the network, spywares are redirecting victims to some not pleasant addresses instantaneously, for example, the user would click to open a newspaper site in contrary the spyware redirects to the user to a porn site.

Another widely common security threat is the email spams. An immense number of unwanted email messages are distributed to users’ mailboxes by the second. These types of unwanted emails are called spams. Number of people or companies exercise spam as a naive marketing tool. Supposing, if they send enough number of emails, they would have a chance to let people acknowledge about their company and products and they will have a market share as an outcome. Over the time, it becomes annoying to receive unrelated emails, even the ones that would be beneficial treated as junk mails. Furthermore, some spam emails contain malware to harm the hosting systems. Another email using scheme is called phishing. This term comes from fishing, it is exactly same as throwing a line into the sea and wait for someone to get hooked. Relying on people’s ignorance, phishers send vast number of email messages and expect someone to fall for it. In their messages, they either claim they are from a bank or they are in need of the target’s financial assistance to transfer a vast amount of money through the bank account. Sometimes, they even claim the lottery winner and ask for filling out a form which usually contains personal and financial data to claim the prize. Phishing is also called on-line identity theft, their primary motive is to steal as much personal and financial information as possible.

With the rise of number connected machines and increase our dependencies to these devices, the stakes are getting higher. Not only are these threats affecting our computers, network systems and mobile devices, other online devices such as smart TVs, smart home systems and other connected devices that are collectively called Internet of Things (IoT) would be adversely affected. Of course, using anti-virus programs, firewalls or having strong passwords would facilitate to reduce the risks; however, no matter how much money is invested and how top of the line security systems are installed, eventually, it always comes to the people. The users should always be aware of these types of threats, maintain their systems up-to-date, utilize the passwords cautiously, not submit personal, security or financial data through mails or Internet no matter how authentic and reliable the sources may appear.

The 5 Aspects of Service Design

  1. Service solutions: Include all of the functional requirements, resources and capabilities needed and agreed upon
  2. Service Management systems and tools: To ensure consistency with other services and guarantee that supporting and dependent services are adequate to maintain on-going reliable service delivery
  3. Technology architectures and management systems: To ensure they are consistent with the new service and are suitable to operate and maintain it
  4. Processes: To ensure that the process, roles and responsibilities are adequate to operate, support and maintain the new or changed service
  5. Measurement methods and metrics: To ensure that the methods can provide the required metrics on the service.

Business Continuity Planning

Business Continuity Planning (BCP) is a proactive planning process to pinpoint all the critical functions of a corporation, identify the priorities and define likely situations that would present an obstacle to these functions. After identifying all these, standard procedures are set up formally to raise the awareness and proactively prevent the damages that would create.

Most corporations make the plans ahead of the time to ensure all critical operations will continue uninterrupted during and after an emergency situation and in case of sudden interruptions reestablishing these critical operations is formalized. An effective plan not only make sure the critical down time is shorter but also help increasing the safety, improving the productivity, helping the employee moral, improving the corporate image in customers’ and other parties’ eyes and complying the contractual or regulatory policies.

BCP should be designed to be a clear and efficient guideline to limit the magnitude of any adverse affects, to minimize the service interruptions, to standardize the communication, to meet the legal and regulatory requirements and to improve health and safety of all staff.

Information Security Management

The purpose of the Information Security Management process is to align IT security with business security and ensure that information security is effectively managed in all service and
Service Management activities, such that:
• Information is available and usable when required (availability)
• Information is observed by or disclosed to only those who have a right to know (confidentiality)
• Information is complete, accurate and protected against unauthorized modification (integrity)
• Business transactions, as well as information exchanges, can be trusted (authenticity and nonrepudiation).