Market Spotlight: Indian outsourcing firms
|
Wednesday, April 30, 2008 |
|
The outsourcing of technology jobs has been a lucrative and controversial trend over the past 10 years. But with the dollar declining against foreign currencies, it's getting more expensive for U.S. firms to pay for foreign labor, a factor that has increasingly become a source of concern for Wall Street analysts.
According to Janney Montgomery Scott analyst Joseph D. Foresi, outsourcing is based almost solely on labor arbitrage; if U.S. companies can hire labor cheaper in India and other developing countries, they will continue to take their business there.
"So far, there has been a pinch on margins for U.S. companies, but it is still less expensive for them," he said.
There has even been some relief as the rupee depreciated against the dollar during the quarter ended March 31, making it more affordable for U.S. companies to hire Indian firms. A drop in the rupee's value has not come fast enough for Satyam Computer Services Ltd., one of India's largest technology outsourcing companies. Its U.S.-traded shares fell more than 5 percent April 22 after the company reported fiscal fourth-quarter profit below Wall Street expectations.
Goldman Sachs analyst Thomas Quinteros said that "rapid appreciation of the Indian rupee" has been one of the key risks for Satyam Computer Services Ltd., one of India's largest technology outsourcing companies. Satyam last week reported fiscal fourth-quarter profit that missed Wall Street estimates.
The results were not that surprising -- in February, Satyam's chairman said he expected "significant implications" from the U.S. economic downturn for Indian outsourcing companies.
The majority of Satyam's sales are from the U.S. The company provides data-warehouse, systems integration, software development and other information technology services to General Electric, the U.S. government and other major clients.
Banc of America Securities analyst Abhishek Gami said the stock has been a strong performer but fundamental gains may be difficult because of the weak dollar, wage inflation and the need for expansion beyond the U.S. market.
Gami acknowledged the newly weakened rupee has "turned into a tailwind" for Indian companies.
"Though the rupee depreciation is not significant enough to deliver major margin upside, at least...offshore vendors have been saved from this source of margin headwind," he said.
While the rupee stabilized in the last quarter , the weak U.S. economy is also bad news for U.S.-reliant outsourcing businesses like U.S-traded Wipro Ltd., which includes General Motors, Sony, and communications company Nortel among its customers.
According to Wachovia Securities analyst Edward S. Caso, Wipro is expecting muted growth in the first half of fiscal 2009 because of ongoing U.S. economic turbulence. A customer has already canceled a major project while other customers have said they want to defer projects.
While both Satyam and Wipro are hoping to ride out any rupee appreciation and the U.S. economic weakness, they are hoping for a turnaround later this year or 2009.
Wipro management has, says Caso, "emphasized the pause nature of new business, not its elimination."
According to Janney Montgomery Scott analyst Joseph D. Foresi, outsourcing is based almost solely on labor arbitrage; if U.S. companies can hire labor cheaper in India and other developing countries, they will continue to take their business there.
"So far, there has been a pinch on margins for U.S. companies, but it is still less expensive for them," he said.
There has even been some relief as the rupee depreciated against the dollar during the quarter ended March 31, making it more affordable for U.S. companies to hire Indian firms. A drop in the rupee's value has not come fast enough for Satyam Computer Services Ltd., one of India's largest technology outsourcing companies. Its U.S.-traded shares fell more than 5 percent April 22 after the company reported fiscal fourth-quarter profit below Wall Street expectations.
Goldman Sachs analyst Thomas Quinteros said that "rapid appreciation of the Indian rupee" has been one of the key risks for Satyam Computer Services Ltd., one of India's largest technology outsourcing companies. Satyam last week reported fiscal fourth-quarter profit that missed Wall Street estimates.
The results were not that surprising -- in February, Satyam's chairman said he expected "significant implications" from the U.S. economic downturn for Indian outsourcing companies.
The majority of Satyam's sales are from the U.S. The company provides data-warehouse, systems integration, software development and other information technology services to General Electric, the U.S. government and other major clients.
Banc of America Securities analyst Abhishek Gami said the stock has been a strong performer but fundamental gains may be difficult because of the weak dollar, wage inflation and the need for expansion beyond the U.S. market.
Gami acknowledged the newly weakened rupee has "turned into a tailwind" for Indian companies.
"Though the rupee depreciation is not significant enough to deliver major margin upside, at least...offshore vendors have been saved from this source of margin headwind," he said.
While the rupee stabilized in the last quarter , the weak U.S. economy is also bad news for U.S.-reliant outsourcing businesses like U.S-traded Wipro Ltd., which includes General Motors, Sony, and communications company Nortel among its customers.
According to Wachovia Securities analyst Edward S. Caso, Wipro is expecting muted growth in the first half of fiscal 2009 because of ongoing U.S. economic turbulence. A customer has already canceled a major project while other customers have said they want to defer projects.
While both Satyam and Wipro are hoping to ride out any rupee appreciation and the U.S. economic weakness, they are hoping for a turnaround later this year or 2009.
Wipro management has, says Caso, "emphasized the pause nature of new business, not its elimination."
- ADD TO:
-
Blink -
Del.icio.us -
Digg -
Furl -
Google -
Simpy -
Spurl -
Y! MyWeb
Internet Crime Transforms into Mature Business
|
Tuesday, April 29, 2008 |
|
Source : Click
Pack up the image of the lone hacker. Internet crime is highly organized -- outsourcing complex work and using sophisticated pricing, like bulk discounts for stolen credit cards.
If you still view the Internet as a kind of Wild West where colorful rogues and small bands of outlaws try to damage or invade personal computers -- you're not only way behind the curve, but may be putting yourself and your business at risk. Internet crime has evolved not just into a mature and sophisticated industry, but also into a global network that has its own underground economy, specialties and infrastructure, Symantec reports in its latest Internet Security Threat Report.
What should be particularly worrisome to legitimate businesses is a shift in tactics. Rather than targeting computer networks, which have strengthened defenses considerably, Internet criminals now try to get to individual computers and customers of Internet services and sites with Web-based attacks. One reason: Few Web sites address their vulnerabilities, and the few that do, react slowly. "Of 6,961 site-specific vulnerabilities in the first six months of 2007, only 330 had been fixed at the time of writing," Symantec reports.
Once these vulnerabilities have been exploited, attackers can then zero in on individual users. "Symantec has also observed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites. ... Attackers targeting trusted sites can also steal user credentials or launch mass attacks because they may allow attacks to propagate quickly through a victim's social network," the report warns. And as information is picked up, it is bundled and sold on servers that help this black market flourish and grow -- often priced according to demand and value. Information to verifiably high-value accounts fetches more than just generic bank accounts, for example.
Attackers are proving intensely resourceful and adaptive. Code threats have increased dramatically, apparently because criminal organizations now hire software specialists to churn out malicious code so they can constantly remain ahead of efforts to defend against attacks. And they have physical mobility, too. "Malicious groups are actively anticipating and planning for the need to adapt on the fly -- including the deployment of back-up servers to which they can turn when law enforcement agencies or ISPs threaten to shut down existing operations," the report says.
Symantec is also warning that the coming presidential elections will provide scammers an opportunity to exploit and target political and campaign Web sites. That will be explored in a separate Kiplinger Recommends feature next week.
If you still view the Internet as a kind of Wild West where colorful rogues and small bands of outlaws try to damage or invade personal computers -- you're not only way behind the curve, but may be putting yourself and your business at risk. Internet crime has evolved not just into a mature and sophisticated industry, but also into a global network that has its own underground economy, specialties and infrastructure, Symantec reports in its latest Internet Security Threat Report.
What should be particularly worrisome to legitimate businesses is a shift in tactics. Rather than targeting computer networks, which have strengthened defenses considerably, Internet criminals now try to get to individual computers and customers of Internet services and sites with Web-based attacks. One reason: Few Web sites address their vulnerabilities, and the few that do, react slowly. "Of 6,961 site-specific vulnerabilities in the first six months of 2007, only 330 had been fixed at the time of writing," Symantec reports.
Once these vulnerabilities have been exploited, attackers can then zero in on individual users. "Symantec has also observed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites. ... Attackers targeting trusted sites can also steal user credentials or launch mass attacks because they may allow attacks to propagate quickly through a victim's social network," the report warns. And as information is picked up, it is bundled and sold on servers that help this black market flourish and grow -- often priced according to demand and value. Information to verifiably high-value accounts fetches more than just generic bank accounts, for example.
Attackers are proving intensely resourceful and adaptive. Code threats have increased dramatically, apparently because criminal organizations now hire software specialists to churn out malicious code so they can constantly remain ahead of efforts to defend against attacks. And they have physical mobility, too. "Malicious groups are actively anticipating and planning for the need to adapt on the fly -- including the deployment of back-up servers to which they can turn when law enforcement agencies or ISPs threaten to shut down existing operations," the report says.
Symantec is also warning that the coming presidential elections will provide scammers an opportunity to exploit and target political and campaign Web sites. That will be explored in a separate Kiplinger Recommends feature next week.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
New Book for IT Professionals Features 20 Alternative Careers Highly Insulated From Offshore Outsourcing
|
Monday, April 28, 2008 |
|
Source : Click
With offshore outsourcing increasing and the U.S. economy in a recession, computer professionals are seeing fewer opportunities in the IT job market. Some are considering a career change from IT, but concerned about wasting their investment in their education and experience. That concern should be dispelled by "Debugging Your Information Technology(TM) Career" (Elegant Fix Press -- http://www.elegantfixpress.com), a book demonstrating that computer professionals can leverage their experience to enter many fields other than traditional information technology careers, while reducing or eliminating their vulnerability to offshoring.
Janice Weinberg, the author, is a career consultant (http://www.janiceweinberg.com) formerly with IBM and GE, whose background as a systems programmer and application developer enabled her to identify the 20 careers she describes. While most of them aren't usually thought of as computer-related jobs, computer proficiency is a key qualification for success in each. For example:
-- A business analyst or software developer who guided finance and/or
sales staff in defining their information technology requirements
could become a global procurement project manager supporting those
functions.
-- A software architect's knowledge of best practices in systems design
would be a strong asset in a technology due diligence position.
-- A network security administrator's experience would be quite valuable
in a cyberliability insurance broker or underwriter role.
-- An IT professional's ability to assess the commercial potential of new
computer technology would be a highly desirable qualification in a
technology sector equity analyst candidate.
Most of the careers can be entered without further education beyond a BS in information technology, management information systems, or computer science. Several require a certification. Some readers may be motivated to become an attorney specializing in computer law. Many of the fields can be springboards for consulting practices -- or new revenue streams for those already employed as computer consultants or contract programmers. New graduates with computer-related degrees and students excelling on computer skills assessment tests will realize that the opportunities accessible to them go well beyond those typically associated with information technology and computer science jobs.
As Weinberg describes each career, readers will:
-- Be able to imagine themselves in the field by reading the hour-by-hour
Typical Workday
-- Understand the degree to which a recession can affect job security,
and learn strategies for minimizing or avoiding any negative impact
-- Learn the extent to which offshoring is already happening, and what
the field's future vulnerability will likely be
Readers will learn job-hunting techniques tailored to specific fields, including guidance in identifying employers and determining the most relevant aspects of their experience to highlight in their resumes, cover letters, and interviews.
While there are many books providing IT career advice, Weinberg's gives new -- and much broader -- meaning to the term "computer job," demonstrating that an IT professional's knowledge constitutes precious currency in a world dependent on computer technology.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
Time to outsource government services
|
Friday, April 25, 2008 |
|
Source : Click
A HUGE crowd and long queues greeted Prime Minister Datuk Seri Abdullah Ahmad Badawi when he made a surprise visit to the Immigration Department headquarters in 2003, days after he assumed the premiership. The visit was to emphasise his pledge to reduce bureaucratic red tape, improve delivery of government services and strengthen the public sector’s implementation machinery.
“To ease, not to burden; to simplify, not to complicate” was the message of the Prime Minister to government officers.
Some significant improvements have been achieved in the past three years.
Some significant improvements have been achieved in the past three years.
Before, renewing passports took two weeks. Now it takes only one hour at selected immigration offices under a pilot scheme that will be extended nationwide later.
Within Kuala Lumpur city, you don’t have to fill up numerous forms and go through endless red tape just to renovate your kitchen. City Hall has introduced the first e-application called the Building Control System which allows a house owner or contractor to fill in and submit online forms.
Suppliers and contractors who used to complain about late payments from the government can now get their money within two weeks of submitting their bills, if the documents are complete and non-disputable.
Chief Secretary to the Government Tan Sri Mohd Sidek Hassan has stated with pride that over 90 percent of payments by the Prime Minister’s Department were made within a week.
Suppliers and contractors who used to complain about late payments from the government can now get their money within two weeks of submitting their bills, if the documents are complete and non-disputable.
Chief Secretary to the Government Tan Sri Mohd Sidek Hassan has stated with pride that over 90 percent of payments by the Prime Minister’s Department were made within a week.
The Construction Industry Development Board has reduced processing time for all applications from contractors to 30 days from 60 previously. Fourteen different licences for the hotel industry have been streamlined into one.
Many administrative and systems reforms have been implemented and they provide online registrations, less paperwork and shorter processing time.
The public has acknowledged the improvements. An independent survey by a research organisation last year found about 60 percent of the respondents having experienced improved government services.
That’s the good news.
The bad news is that the government has only scratched the surface in trying to reform its ponderous delivery machinery. The big problem is implementation.
Recent statements by high-level people highlighted this concern.
The Prime Minister ordered Mohd Sidek to set up a task force to speed up procedures that are slowing foreign investments and giving Malaysia a bad name everywhere.
A leading corporate figure will be roped in to help drive the task.
Sarawak State Secretary Datu Wilson Baya Dandot early this week blamed red tape at the federal ministerial level for contributing to the delay in the implementation of projects and processing of payments to contractors in the state.
During a briefing for the visiting Mohd Sidek in Kuching, Baya said many processes have to be improved if the government wants to see a swift and efficient delivery system as well as effective project implementation.
“Delays in the delivery system will result in wastage and higher costs,” he added.
Congress of Union of Employees in the Public and Civil Services (Cuepacs) Sarawak chairman William Ghani singled out poor planning as among the main causes of the troubled public delivery system.
He said the Public Service Department (PSD) should plan ahead and not leave important posts vacant for long periods which could stall the system.
“We have heard of schools or departments having no immediate replacements when the principals or directors retire, and without people to make decisions, the delivery system would naturally suffer,” he said.
Education Minister Datuk Seri Hishammuddin Tun Hussein took a tough stand by reminding his staff to ‘shape up or ship out’ in implementing the National Education Blueprint which he launched this month.
Tourism Minister Datuk Seri Tengku Adnan Tengku Mansor claimed dishonest officers in a government department were ‘messing up’ the Malaysia My Second Home programme to attract well-heeled foreigners to settle in the country.
Then came the PSD’s threat to take the unusual and drastic step of publishing in newspapers the names of government officers who go absent without leave.
Apparently, these officers have been busy with their side businesses and personal problems or simply unable to work because they are high on drugs.
Bad civil servants can frustrate the government’s best intentions and most innovative initiatives.
An efficient and effective public service delivery system is key to the country’s competitiveness. The speed with which the public sector serves the private sector determines the speed, efficiency and effectiveness of our corporations.
Although the Institute of Management Development (IMD) in Switzerland ranked Malaysia 23rd among 61 countries in the 2006 World Competitiveness Index, bureaucratic red tape continues to discourage investors from moving their operations and money into the country.
Infosys Technologies Ltd, India’s leading software exporter, revealed during a briefing for Deputy Prime Minister Datuk Seri Najib Tun Razak at its head office last year that the company had picked Kuala Lumpur for an information technology centre but it was forced by bureaucratic hurdles to move the investment to another country instead.
The World Economic Forum, in its 2006 worldwide competitiveness ranking, placed Malaysia 101st among 117 countries on the issue of government red tape hindering economic growth.
As the largest service provider in the country, the government has a duty and responsibility to ensure that its services are effective, low cost and fast.
Only such a service delivery system can create a favourable business climate and fulfil the needs of citizens. This in turn will contribute to economic growth and national wellbeing.
However, the structure and character of the civil service make it resistant to change and innovation. Despite denials by its defenders, the civil service is probably home to many ‘malingerers and slackers’, a description used by a national newspaper.
Perhaps it is time for the government to follow the lead of global corporations in outsourcing its services to the private sector wherever feasible.
This method could save operating and salary costs, reduce staffing and raise efficiency. It could even fit in nicely with the government’s proposed introduction of the EPF-style contributory pension scheme for civil servants in the near future which may become a disincentive in attracting new recruits.
Many government services have already been privatised, such as operation of airports, garbage collection and provision of telecommunications, energy and water supply services.
Many more layers of official red tape can be removed by outsourcing more functions to private firms which are more efficient, more motivated and move more quickly.
We have world-class companies that have the skills and track record to handle most types of jobs from the planning stage right down to design and implementation.
One day, we may be able to see private frontline staff manning government departments who not only respond courteously and knowledgeably to enquiries but are eager to offer their assistance.
That will really make our day.
Many administrative and systems reforms have been implemented and they provide online registrations, less paperwork and shorter processing time.
The public has acknowledged the improvements. An independent survey by a research organisation last year found about 60 percent of the respondents having experienced improved government services.
That’s the good news.
The bad news is that the government has only scratched the surface in trying to reform its ponderous delivery machinery. The big problem is implementation.
Recent statements by high-level people highlighted this concern.
The Prime Minister ordered Mohd Sidek to set up a task force to speed up procedures that are slowing foreign investments and giving Malaysia a bad name everywhere.
A leading corporate figure will be roped in to help drive the task.
Sarawak State Secretary Datu Wilson Baya Dandot early this week blamed red tape at the federal ministerial level for contributing to the delay in the implementation of projects and processing of payments to contractors in the state.
During a briefing for the visiting Mohd Sidek in Kuching, Baya said many processes have to be improved if the government wants to see a swift and efficient delivery system as well as effective project implementation.
“Delays in the delivery system will result in wastage and higher costs,” he added.
Congress of Union of Employees in the Public and Civil Services (Cuepacs) Sarawak chairman William Ghani singled out poor planning as among the main causes of the troubled public delivery system.
He said the Public Service Department (PSD) should plan ahead and not leave important posts vacant for long periods which could stall the system.
“We have heard of schools or departments having no immediate replacements when the principals or directors retire, and without people to make decisions, the delivery system would naturally suffer,” he said.
Education Minister Datuk Seri Hishammuddin Tun Hussein took a tough stand by reminding his staff to ‘shape up or ship out’ in implementing the National Education Blueprint which he launched this month.
Tourism Minister Datuk Seri Tengku Adnan Tengku Mansor claimed dishonest officers in a government department were ‘messing up’ the Malaysia My Second Home programme to attract well-heeled foreigners to settle in the country.
Then came the PSD’s threat to take the unusual and drastic step of publishing in newspapers the names of government officers who go absent without leave.
Apparently, these officers have been busy with their side businesses and personal problems or simply unable to work because they are high on drugs.
Bad civil servants can frustrate the government’s best intentions and most innovative initiatives.
An efficient and effective public service delivery system is key to the country’s competitiveness. The speed with which the public sector serves the private sector determines the speed, efficiency and effectiveness of our corporations.
Although the Institute of Management Development (IMD) in Switzerland ranked Malaysia 23rd among 61 countries in the 2006 World Competitiveness Index, bureaucratic red tape continues to discourage investors from moving their operations and money into the country.
Infosys Technologies Ltd, India’s leading software exporter, revealed during a briefing for Deputy Prime Minister Datuk Seri Najib Tun Razak at its head office last year that the company had picked Kuala Lumpur for an information technology centre but it was forced by bureaucratic hurdles to move the investment to another country instead.
The World Economic Forum, in its 2006 worldwide competitiveness ranking, placed Malaysia 101st among 117 countries on the issue of government red tape hindering economic growth.
As the largest service provider in the country, the government has a duty and responsibility to ensure that its services are effective, low cost and fast.
Only such a service delivery system can create a favourable business climate and fulfil the needs of citizens. This in turn will contribute to economic growth and national wellbeing.
However, the structure and character of the civil service make it resistant to change and innovation. Despite denials by its defenders, the civil service is probably home to many ‘malingerers and slackers’, a description used by a national newspaper.
Perhaps it is time for the government to follow the lead of global corporations in outsourcing its services to the private sector wherever feasible.
This method could save operating and salary costs, reduce staffing and raise efficiency. It could even fit in nicely with the government’s proposed introduction of the EPF-style contributory pension scheme for civil servants in the near future which may become a disincentive in attracting new recruits.
Many government services have already been privatised, such as operation of airports, garbage collection and provision of telecommunications, energy and water supply services.
Many more layers of official red tape can be removed by outsourcing more functions to private firms which are more efficient, more motivated and move more quickly.
We have world-class companies that have the skills and track record to handle most types of jobs from the planning stage right down to design and implementation.
One day, we may be able to see private frontline staff manning government departments who not only respond courteously and knowledgeably to enquiries but are eager to offer their assistance.
That will really make our day.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
How to ensure outsourced software development is secure
|
Thursday, April 24, 2008 |
|
Source : Click
It depends on who you ask, but Codenomicom of Finland, a provider of software testing tools, reckons that 80% of security problems are caused by programmers writing insecure code. Much of this is the result of development schedules being too tight. Given that software applications contain thousands or even millions of lines of code, it is more than likely that some programming errors are made that could leave the application vulnerable to attack.
The fact that software applications can contain flaws is nothing new. But a recent survey by Quocirca of 250 organisations shows that not only are businesses increasingly relying on bespoke or modified software applications, which they see as critical for their business, but not enough of them are employing automated tools for testing those applications for security vulnerabilities.
Another practice that is increasingly being seen is the outsourcing of code development to third parties. This can be a less costly option than developing the code in-house, especially where a business does not have sufficient resources of its own. But when such an essential process is placed in the hands of a contractor, extra care must be taken to ensure that secure coding practices are used and that applications are thoroughly tested.
Failure to thoroughly police the software development process has far reaching consequences. If a hacker is able to exploit a flaw in the software, they could use it to attack the application in order to steal sensitive personal or organisational information. In today's increasingly regulated world, this is something that can cost organisations dear, not just in terms of the price tag for cleaning up after the attack, but in lost business owing to the negative publicity that is likely to ensue.
But if a flaw is found in software that was developed by a third party, who should bear the responsibility for fixing those errors? If an organisation bought an appliance such as a printer that was found to be faulty, resulting in a fire on its premises, it is in a position to sue the manufacturer and claim compensation. In the same way, liability for faulty software should be pushed to the contractor to which it was outsourced and should be written into the contract.
When outsourcing any business process to a third party, it is essential that a good contract is written and that a watertight service-level agreement is put in place. This is something that some regulations actually mandate when outsourcing application development. For example, the FFIEC (Federal Financial Institutions Examination Council) implementation guide for GLBA (Gramm-Leach-Bliley Act) states that organisations must establish a vendor management programme that includes "establishing security requirements, acceptance criteria, test plans, and reviewing and testing source code for security vulnerabilities." This may be a US regulation, but its impact is being felt by some European organisations as well, and there are a host of other regulations demanding higher levels of security.
Technology vendor Ounce Labs has been advising organisations since 2002 on how to work with outsourcers to ensure that code is developed with security in mind and that the appropriate testing tools are used. It has worked with lawyers to develop suitable contracts for organisations to use, which it makes available on its website. According to Ounce Labs, the following are some best practices that organisations should follow when outsourcing software code development:
* Define upfront what is meant by security, including the security environment in which the application is to be used and what other resources could be exposed by a security vulnerability, and include the definition in the contract put in place
* Validate the security mechanisms to be used upfront and set requirements for their use
* Ensure that the third party is using software coding best practices and that they are documented and validated
* Demand proof of the level of training, skills and security awareness among the third party's development staff
* Ensure that expectations are laid out in the service-level agreement, including milestones and deliverables
* Define acceptance criteria for the security of applications delivered
* Provide a list of the most critical flaws that are deemed unacceptable
* Mandate measures for certifying that code is secure, including the use of automated testing tools
* Define steps required in the audit process and ensure that all code is audited and certified before payment is made
* Ensure that the right to audit code and perform security checks is written into the contract
* Define processes for remediation by the third party and ensure that responsibility for bearing the costs of remediation or legal liability, even after the application has been delivered, are written into the contract
* Specify in the contract that security checks and monitoring will be continued throughout the lifecycle of that application and lay out the third party's responsibility for fixing flaws found at a later date.
Such practices will ensure that the most secure code possible is delivered, leaving organisations less vulnerable to security incidents. But, given the size of most software applications and the fact that it is almost impossible to write prefect code, however small the program, organisations that follow the practices outlined above will also have covered their backs be ensuring that the responsibility for fixing vulnerabilities lies firmly in the hands of the outsourcer—something that is essential since flaws discovered once an application is in use are the most expensive to fix.
The fact that software applications can contain flaws is nothing new. But a recent survey by Quocirca of 250 organisations shows that not only are businesses increasingly relying on bespoke or modified software applications, which they see as critical for their business, but not enough of them are employing automated tools for testing those applications for security vulnerabilities.
Another practice that is increasingly being seen is the outsourcing of code development to third parties. This can be a less costly option than developing the code in-house, especially where a business does not have sufficient resources of its own. But when such an essential process is placed in the hands of a contractor, extra care must be taken to ensure that secure coding practices are used and that applications are thoroughly tested.
Failure to thoroughly police the software development process has far reaching consequences. If a hacker is able to exploit a flaw in the software, they could use it to attack the application in order to steal sensitive personal or organisational information. In today's increasingly regulated world, this is something that can cost organisations dear, not just in terms of the price tag for cleaning up after the attack, but in lost business owing to the negative publicity that is likely to ensue.
But if a flaw is found in software that was developed by a third party, who should bear the responsibility for fixing those errors? If an organisation bought an appliance such as a printer that was found to be faulty, resulting in a fire on its premises, it is in a position to sue the manufacturer and claim compensation. In the same way, liability for faulty software should be pushed to the contractor to which it was outsourced and should be written into the contract.
When outsourcing any business process to a third party, it is essential that a good contract is written and that a watertight service-level agreement is put in place. This is something that some regulations actually mandate when outsourcing application development. For example, the FFIEC (Federal Financial Institutions Examination Council) implementation guide for GLBA (Gramm-Leach-Bliley Act) states that organisations must establish a vendor management programme that includes "establishing security requirements, acceptance criteria, test plans, and reviewing and testing source code for security vulnerabilities." This may be a US regulation, but its impact is being felt by some European organisations as well, and there are a host of other regulations demanding higher levels of security.
Technology vendor Ounce Labs has been advising organisations since 2002 on how to work with outsourcers to ensure that code is developed with security in mind and that the appropriate testing tools are used. It has worked with lawyers to develop suitable contracts for organisations to use, which it makes available on its website. According to Ounce Labs, the following are some best practices that organisations should follow when outsourcing software code development:
* Define upfront what is meant by security, including the security environment in which the application is to be used and what other resources could be exposed by a security vulnerability, and include the definition in the contract put in place
* Validate the security mechanisms to be used upfront and set requirements for their use
* Ensure that the third party is using software coding best practices and that they are documented and validated
* Demand proof of the level of training, skills and security awareness among the third party's development staff
* Ensure that expectations are laid out in the service-level agreement, including milestones and deliverables
* Define acceptance criteria for the security of applications delivered
* Provide a list of the most critical flaws that are deemed unacceptable
* Mandate measures for certifying that code is secure, including the use of automated testing tools
* Define steps required in the audit process and ensure that all code is audited and certified before payment is made
* Ensure that the right to audit code and perform security checks is written into the contract
* Define processes for remediation by the third party and ensure that responsibility for bearing the costs of remediation or legal liability, even after the application has been delivered, are written into the contract
* Specify in the contract that security checks and monitoring will be continued throughout the lifecycle of that application and lay out the third party's responsibility for fixing flaws found at a later date.
Such practices will ensure that the most secure code possible is delivered, leaving organisations less vulnerable to security incidents. But, given the size of most software applications and the fact that it is almost impossible to write prefect code, however small the program, organisations that follow the practices outlined above will also have covered their backs be ensuring that the responsibility for fixing vulnerabilities lies firmly in the hands of the outsourcer—something that is essential since flaws discovered once an application is in use are the most expensive to fix.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
A crash in TCS stock underlines end of Indian indigenous IT outsourcing superpower
|
Wednesday, April 23, 2008 |
|
Source : Click
Indian companies have come a long way it providing IT outsourcing services. The golden era of IT outsourcing empire is coming to an end for Indian companies. The global clients are bow demanding quality products and services not just “programmer bodies”.
The management of Indian IT companies hardly find any difference trading spices versus software bodies. They hire cheap Indian cyber labor and sell them for a hefty hourly profit to American and European companies.
It is an easy business model. The inefficient American and European corporate management are eager to cut cost by any means to hide their inability to expand revenue and total incompetence in creating innovation. The cost cutting is easily served hiring TCS, Satyam, Wipro and Infosys type companies to perform the same tasks for pennies on the dollar.
The easy life for the Indian body shoppers like TCS, Satyam, Wipro and Infosys type companies is coming to an end. The western companies has built their own shops in Bangalore, Hyderabad, Mumbai and so. They are also demanding cut in outsourcing costs. In addition, talented Indian programmers are leaving the Indian companies in seek of better opportunities with Microsoft, IBM and so on.
TCS slumped 10.6% to Rs 887. Wipro and Satyam plunged 5% each to Rs 431 and Rs 436, respectively. Infosys shed 2.8% at Rs 1,599. At the same time Sensex touched a high of 16,854 - up 256 points from the day's low. The Sensex finally ended with a gain of 45 points at 16,784.
It signifies end of Indian indigenous IT outsourcing superpower. It is the result of India’s failure in creating world-class software products instead of just supply programming bodies.
It is an easy business model. The inefficient American and European corporate management are eager to cut cost by any means to hide their inability to expand revenue and total incompetence in creating innovation. The cost cutting is easily served hiring TCS, Satyam, Wipro and Infosys type companies to perform the same tasks for pennies on the dollar.
The easy life for the Indian body shoppers like TCS, Satyam, Wipro and Infosys type companies is coming to an end. The western companies has built their own shops in Bangalore, Hyderabad, Mumbai and so. They are also demanding cut in outsourcing costs. In addition, talented Indian programmers are leaving the Indian companies in seek of better opportunities with Microsoft, IBM and so on.
TCS slumped 10.6% to Rs 887. Wipro and Satyam plunged 5% each to Rs 431 and Rs 436, respectively. Infosys shed 2.8% at Rs 1,599. At the same time Sensex touched a high of 16,854 - up 256 points from the day's low. The Sensex finally ended with a gain of 45 points at 16,784.
It signifies end of Indian indigenous IT outsourcing superpower. It is the result of India’s failure in creating world-class software products instead of just supply programming bodies.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
Design gets hot in outsourcing game
|
Tuesday, April 22, 2008 |
|
Source : Click
If you think that outsourcing in India was just synonymous with accounting, call centres and financial services, here is some news. The latest to join the outsourcing wave in the country is design support services, in which architecture and building design is supplied to remote customers as a service.
Growing at 30 per cent per annum, this could make India the design centre of the world, say its pioneers, who put high-skilled design workers to work with advanced software.
The market size for the sector in the US is $225 billion, and with India just beginning to make a mark, its growth story appears to be on solid ground, say industry officials.
In a vote of confidence in the business, Satellier, a Chicago-based company with a strong presence in India, on Wednesday announced that it had received $10 million in funding from one of Silicon Valley's most respected venture capital funds, Sequoia Capital.
Satellier, runs its Indian studio facilities at New Delhi and Kolkata with 400 design professionals to execute technical drawings for its projects across the world. Outside India, the company has only 20 to 25 employees, which it expects will rise to 70 in the coming year.
The market size for the sector in the US is $225 billion, and with India just beginning to make a mark, its growth story appears to be on solid ground, say industry officials.
In a vote of confidence in the business, Satellier, a Chicago-based company with a strong presence in India, on Wednesday announced that it had received $10 million in funding from one of Silicon Valley's most respected venture capital funds, Sequoia Capital.
Satellier, runs its Indian studio facilities at New Delhi and Kolkata with 400 design professionals to execute technical drawings for its projects across the world. Outside India, the company has only 20 to 25 employees, which it expects will rise to 70 in the coming year.
Michael Jansen, chairman and CEO, Satellier, said the funding will be used for mergers and acquisitions involving companies engaged in related work (mostly in China) as well as towards organisational growth which includes plans to open three new offices in the US, one in the UK and delivery centers in India and around the world over the next year.
"However, the primary focus will be developing the Building Information Modeling (BIM) service solutions for the global as well as Indian architecture, engineering and construction (AEC) industry," he told reporters.
BIM software simulates construction and operations and is particularly geared towards helping developers, hoteliers and multinationals in their real estate projects in India.
"It will help reduce construction time, detect complexities between disciplines as well as enable developers to understand energy components thus reducing costs. The cost of the module will depend upon the scale of the project, the location and its nature," Jansen said.
"However, the primary focus will be developing the Building Information Modeling (BIM) service solutions for the global as well as Indian architecture, engineering and construction (AEC) industry," he told reporters.
BIM software simulates construction and operations and is particularly geared towards helping developers, hoteliers and multinationals in their real estate projects in India.
"It will help reduce construction time, detect complexities between disciplines as well as enable developers to understand energy components thus reducing costs. The cost of the module will depend upon the scale of the project, the location and its nature," Jansen said.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
It's time for market research outsourcing
|
Monday, April 21, 2008 |
|
Source : Click
Says Sunil Mirani, CEO of Ugam Solutions, Everyone wants to get a share of customer's wallet. Price-service differential across categories is minimal. So, it becomes imperative to understand what drives the consumers towards a particular product.
With businesses increasingly becoming consumer-led, the new buzz in town goes by a different abbreviation: MRO or market research outsourcing. The global outsourcing opportunity for MRO is $4 billion with India accounting for $150 million of this pie.
MRO, which concerns itself with understanding customer behaviour, is catching up. The segment for marketing and customer informatics is growing rapidly, says Anantha Krishnan, chairman and CEO, Dexterity. Till recently, Dexterity was focussing on research and analytics space but has now turned its attention to marketing and customer informatics.
Similarly, the Mumbai-based Fractal Analytics is getting into the thick of things. Today, there is a tremendous explosion of data, and companies are keen to know why a customer patronises one brand over another, says Srikanth Velamakanni, CEO, Fractal.
Says Sunil Mirani, CEO of Ugam Solutions, Everyone wants to get a share of customer's wallet. Price-service differential across categories is minimal. So, it becomes imperative to understand what drives the consumers towards a particular product.
For example, the $12-million Fractal provides known value item (KVI) analysis wherein it identifies those key items for retailers on which customers expect good bargains. "We identify those items and develop a pricing strategy that it is better than its competition. In some cases, those items can end up being price leaders in their respective categories," says Velamakanni.
MRO companies in India are targeting domains like retail, telecom, BFSI (banking, financial, services and insurance) and media and entertainment. Some like Dexterity and Ugam also closely work with global market research organisations helping them conduct surveys through Web and phone and work with them in collating and mining data.
Players are migrating to high-end analytics, modelling of marketing mix (analytic solutions deployed to improve brand performance, optimise marketing spends and enhance sales volumes) and risk analytics (solutions that are geared towards controlling default and bad debts as well as improving collections). India has a large pool of mathematical talent which can be leveraged easily to do the high-end work, says Velamakanni.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
Outsourcing: The Path to Business Growth
|
Wednesday, April 16, 2008 |
|
Source : Click
For small businesses trying to grow as painlessly as possible, outsourcing non-revenue-producing business functions makes a lot of sense.
That's the conclusion of a new report from Achilles Group titled "2008 Small Business Outsourcing Best Practices Guide." The report found that most businesses with 25 to 250 employees outsource at least two business functions. The most outsourced processes are payroll, accounting, ERP (enterprise resource planning), point-of-sale, CRM (customer relationship management), SFA (sales force automation) and human resources management, recruiting, benefits administration, performance and compensation management, and time and labor management.
According to the report, companies with fewer than 50 employees tend to outsource payroll, benefits, recruiting, bookkeeping, IT desktop and e-mail, Web site and online marketing, financial engineering, IT network administration, and marketing and lead generation. Companies with up to 250 employees might add HR director outsourcing and talent management, while companies with up to 1,000 employees might further add Human Resource Information System, CIO/IT strategy and compensation planning.
Unlike larger companies, which outsource to save money, small businesses turn to outsourcing so they can focus their limited resources on core competencies. According to the report, the top reasons small businesses outsource is to free up executive time and enable on-demand access to specialist expertise not available internally. Other reasons include reducing costs, gaining access to best practices processes and best-of-breed technology and tools, gaining the ability to scale more efficiently, and improving performance.
Another related option is shared services, run by a third party, in which a business consolidates common corporate administrative systems and functions with those of other organizations. Like outsourcing, the shared services approach offers specialist expertise and cost savings, along with better compliance and access to best-in-class technologies and processes. According to Achilles Group's research, more than 60 percent of companies taking the shared services approach experience improved customer satisfaction, staff productivity and overall quality. They also reduce costs by 20 to 80 percent.
The most successful small businesses pick and choose which functions to outsource or commit to shared services, the report said. As an example, some organizations outsource HR functions for a limited time, while they build the processes and infrastructure they will need to bring the process back in-house in the future.
Because businesses often use outsourcing to help themselves grow, it makes sense that once that growth has been achieved, some companies choose to bring some processes back in-house. Doing so can help improve control once the organization has stopped growing and has reached maturity, the report said.
The combination of insourcing and outsourcing—and the ability to move back and forth between the two as necessary—can help small businesses achieve the goal of growing stronger and more self-sufficient, while remaining flexible and correcting or avoiding common mistakes, the report concluded.
For small businesses trying to grow as painlessly as possible, outsourcing non-revenue-producing business functions makes a lot of sense.
That's the conclusion of a new report from Achilles Group titled "2008 Small Business Outsourcing Best Practices Guide." The report found that most businesses with 25 to 250 employees outsource at least two business functions. The most outsourced processes are payroll, accounting, ERP (enterprise resource planning), point-of-sale, CRM (customer relationship management), SFA (sales force automation) and human resources management, recruiting, benefits administration, performance and compensation management, and time and labor management.
According to the report, companies with fewer than 50 employees tend to outsource payroll, benefits, recruiting, bookkeeping, IT desktop and e-mail, Web site and online marketing, financial engineering, IT network administration, and marketing and lead generation. Companies with up to 250 employees might add HR director outsourcing and talent management, while companies with up to 1,000 employees might further add Human Resource Information System, CIO/IT strategy and compensation planning.
Unlike larger companies, which outsource to save money, small businesses turn to outsourcing so they can focus their limited resources on core competencies. According to the report, the top reasons small businesses outsource is to free up executive time and enable on-demand access to specialist expertise not available internally. Other reasons include reducing costs, gaining access to best practices processes and best-of-breed technology and tools, gaining the ability to scale more efficiently, and improving performance.
Another related option is shared services, run by a third party, in which a business consolidates common corporate administrative systems and functions with those of other organizations. Like outsourcing, the shared services approach offers specialist expertise and cost savings, along with better compliance and access to best-in-class technologies and processes. According to Achilles Group's research, more than 60 percent of companies taking the shared services approach experience improved customer satisfaction, staff productivity and overall quality. They also reduce costs by 20 to 80 percent.
The most successful small businesses pick and choose which functions to outsource or commit to shared services, the report said. As an example, some organizations outsource HR functions for a limited time, while they build the processes and infrastructure they will need to bring the process back in-house in the future.
Because businesses often use outsourcing to help themselves grow, it makes sense that once that growth has been achieved, some companies choose to bring some processes back in-house. Doing so can help improve control once the organization has stopped growing and has reached maturity, the report said.
The combination of insourcing and outsourcing—and the ability to move back and forth between the two as necessary—can help small businesses achieve the goal of growing stronger and more self-sufficient, while remaining flexible and correcting or avoiding common mistakes, the report concluded.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
Is Outsourcing a Security Risk?
|
Tuesday, April 15, 2008 |
|
Source : Click
The world has a new culprit to blame for the rising tide of software vulnerabilities -- code outsourcing.
The trend to outsource the coding of applications is now a major contributor to making business software more vulnerable, a survey-cum-report has claimed.
According to analyst group Quocirca, which surveyed 250 IT directors and executives in the U.S., the U.K. and Germany for Fortify Software, ninety percent of the organizations that admitted to having been 'hacked' had outsourced more than 40 percent of their applications to third parties.
But the rush to benefit from the speed, convenience and lower cost of outsourced applications was leaving security as an afterthought in an alarming number of cases. Sixty percent of respondents reported not mandating security from scratch, while 20 percent of those surveyed in the U.K. failed to accommodate security at all in the outsourced applications.
So what's behind this risky attitude? The report mainly blames the way companies have become enamored with relatively poorly-understood Web 2.0 technologies, and the parallel rush to use service-oriented architectures (SOA) to open up software to much-loved partners.
As to outsourcing itself, according to Fortify, the problem here is that the client company has no visibility on the coding behavior of the company carrying out the work, no matter how good the relationship appears to be.
As in other areas of technology, U.S. organizations have been at the forefront of the software outsourcing movement, with 61 percent of those surveyed reporting that they outsourced more than 40 percent of their programming. Germany, by contrast was some way behind this percentage, with the U.K. somewhere between the two extremes, thanks to its financial services bias. The U.K.'s uptake of Web 2.0 is also closer to the U.S.' than Germany's, which is to say that it has been significant.
"These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code," said Fortify board member and former White House cybersecurity advisor Howard Schmidt.
At least companies can attempt to protect themselves against the specific threat posed by lazy programming using backdoor detection systems, a growing category of software. As ever companies find themselves solving software security problems by buying yet more software.
The world has a new culprit to blame for the rising tide of software vulnerabilities -- code outsourcing.
The trend to outsource the coding of applications is now a major contributor to making business software more vulnerable, a survey-cum-report has claimed.
According to analyst group Quocirca, which surveyed 250 IT directors and executives in the U.S., the U.K. and Germany for Fortify Software, ninety percent of the organizations that admitted to having been 'hacked' had outsourced more than 40 percent of their applications to third parties.
But the rush to benefit from the speed, convenience and lower cost of outsourced applications was leaving security as an afterthought in an alarming number of cases. Sixty percent of respondents reported not mandating security from scratch, while 20 percent of those surveyed in the U.K. failed to accommodate security at all in the outsourced applications.
So what's behind this risky attitude? The report mainly blames the way companies have become enamored with relatively poorly-understood Web 2.0 technologies, and the parallel rush to use service-oriented architectures (SOA) to open up software to much-loved partners.
As to outsourcing itself, according to Fortify, the problem here is that the client company has no visibility on the coding behavior of the company carrying out the work, no matter how good the relationship appears to be.
As in other areas of technology, U.S. organizations have been at the forefront of the software outsourcing movement, with 61 percent of those surveyed reporting that they outsourced more than 40 percent of their programming. Germany, by contrast was some way behind this percentage, with the U.K. somewhere between the two extremes, thanks to its financial services bias. The U.K.'s uptake of Web 2.0 is also closer to the U.S.' than Germany's, which is to say that it has been significant.
"These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code," said Fortify board member and former White House cybersecurity advisor Howard Schmidt.
At least companies can attempt to protect themselves against the specific threat posed by lazy programming using backdoor detection systems, a growing category of software. As ever companies find themselves solving software security problems by buying yet more software.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
Europe wary of outsourcing to India
|
Friday, April 11, 2008 |
|
Source : Click
While Indian ITeS companies may be looking at Europe as a big market waiting to be tapped, are European firms as bullish about outsourcing work to India? May be not. While they may be interested in sending work to India, but are not confident to do so, says a new report by Forrester, Research, an independent technology and market research company.
Their latest report ‘Offshoring Strategies For Continental European Firms’, tracks the outlook of European firms to outsourcing work. It says, Indian offshore providers looking at expanding business in Europe must first change their risk-averse attitude and invest in building a sizable local capability to win deals there.
"Most pan-European firms are still not fully convinced about the offshore model’s suitability or benefits for their business, while offshore providers are yet to have enough capability in the continent," says Sudin Apte, senior analyst at Forrest. In fact, several European firms did send large teams to India in the last six months to test the offshore waters here, "However, these initiatives lacked a solid vision and strategy for the type of work to be sent and at what pace," Apte explains.
However, the good thing is these firms are becoming more interested in sending work as some Indian service providers are working furiously to improve their European capabilities. The report reveals that both Indian and European offshore providers have problems helping their European clients go offshore. While Indian providers still struggle to build up meaningful local presence, their risk-averse approach means that they won’t make even smaller local staff acquisitions unless they see a direct and immediate increase in their European sales books. "Clients we spoke to complain that the Indian firms they’ve worked with often fail to demonstrate commitment to the service levels promised," Apte says.
European firms on the other hand followed stringent and demanding procurement approach to offshoring and made unreasonable language fluency expectations from vendors.
While Indian ITeS companies may be looking at Europe as a big market waiting to be tapped, are European firms as bullish about outsourcing work to India? May be not. While they may be interested in sending work to India, but are not confident to do so, says a new report by Forrester, Research, an independent technology and market research company.
Their latest report ‘Offshoring Strategies For Continental European Firms’, tracks the outlook of European firms to outsourcing work. It says, Indian offshore providers looking at expanding business in Europe must first change their risk-averse attitude and invest in building a sizable local capability to win deals there.
"Most pan-European firms are still not fully convinced about the offshore model’s suitability or benefits for their business, while offshore providers are yet to have enough capability in the continent," says Sudin Apte, senior analyst at Forrest. In fact, several European firms did send large teams to India in the last six months to test the offshore waters here, "However, these initiatives lacked a solid vision and strategy for the type of work to be sent and at what pace," Apte explains.
However, the good thing is these firms are becoming more interested in sending work as some Indian service providers are working furiously to improve their European capabilities. The report reveals that both Indian and European offshore providers have problems helping their European clients go offshore. While Indian providers still struggle to build up meaningful local presence, their risk-averse approach means that they won’t make even smaller local staff acquisitions unless they see a direct and immediate increase in their European sales books. "Clients we spoke to complain that the Indian firms they’ve worked with often fail to demonstrate commitment to the service levels promised," Apte says.
European firms on the other hand followed stringent and demanding procurement approach to offshoring and made unreasonable language fluency expectations from vendors.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
Firms overlook security when outsourcing software development
|
Thursday, April 10, 2008 |
|
Source : Click
Frequent hacking victims all outsource a portion of their programming, says research
Companies that say they are frequently hacked all outsource part of their software programming, and 90 per cent of them outsource at least 40 per cent, according to a survey by analyst Quocirca.
Sixty per cent of companies that outsource their coding said they do do not mandate built-in security for their applications.
And a further 20 per cent of UK firms said they do not even consider security when developing applications.
Built-in security is not being taken seriously enough, said Fran Howarth, principal analyst at Quocirca and author of the report.
“The findings of this report indicate that not enough is being done by organisations to build security into the applications on which their businesses rely," said Howarth.
"Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications — without which they could be playing into the hands of hackers.”
Half of firms that consider software development to be business critical or important outsource more than 40 per cent of their programming needs.
Fifty-five per cent of public sector organisations outsource more than 40 per cent of their coding and 64 per cent say development is only moderately important.
Utility companies place the greatest importance on software development, with 90 per cent citing it as important or business critical. Only seven per cent of utilities outsource more than eight percent of code development.
The survey questioned 250 senior executives and IT directors at medium to large firms in the UK, US and Germany.
Companies that say they are frequently hacked all outsource part of their software programming, and 90 per cent of them outsource at least 40 per cent, according to a survey by analyst Quocirca.
Sixty per cent of companies that outsource their coding said they do do not mandate built-in security for their applications.
And a further 20 per cent of UK firms said they do not even consider security when developing applications.
Built-in security is not being taken seriously enough, said Fran Howarth, principal analyst at Quocirca and author of the report.
“The findings of this report indicate that not enough is being done by organisations to build security into the applications on which their businesses rely," said Howarth.
"Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications — without which they could be playing into the hands of hackers.”
Half of firms that consider software development to be business critical or important outsource more than 40 per cent of their programming needs.
Fifty-five per cent of public sector organisations outsource more than 40 per cent of their coding and 64 per cent say development is only moderately important.
Utility companies place the greatest importance on software development, with 90 per cent citing it as important or business critical. Only seven per cent of utilities outsource more than eight percent of code development.
The survey questioned 250 senior executives and IT directors at medium to large firms in the UK, US and Germany.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
US Enterprise Business Outsourcing and 3rd Party Services Expenditures Contains The Latest Vendor Based Research
|
Wednesday, April 09, 2008 |
|
Source : Click
Research and Markets has announced the addition of “US Enterprise Business Outsourcing & 3rd Party Services Expenditures, 2007-2012” to their offering.
This Excel-based Data-rich Deliverable (DRD) that is part of the Business Managed & Hosting Services and Enterprise Business subscription includes market intelligence on business IT: Outsourcing & 3rd Party services expenditures for Enterprise Business. Managed services include expenditures on network-based services that provide a network, application or computing capability to a client and are delivered on an on-going basis by a 3rd party for a recurring fee. Compass Intelligence defines IT outsourcing as expenditures on services rendered by 3rd parties, including IT outsourcing companies. Enterprise Business (Over 1000 employees). The Expert Guide for this deliverable is Kneko Burney. Forecasts are from 2007 through 2012 and include annual growth rate, as well as percentage of total market.
Sources: Our segment and market forecasts, which include business expenditures, market demographics, and usage and adoption statistics, are built using multiple sources, including our proprietary research.
These sources include, but are not limited to:
-Secondary research
-Government data and statistics (e.g. department of commerce, federal communication commission, bureau of labour statistics and us census bureau
-Primary research
-Vendor-based research
-In-depth interviews with key decision-makers (where relevant)
We select data sources to provide greatest degree of perspective on each market or segment, in addition to the highest level of data accuracy, stability, and consistency over time.
Research and Markets has announced the addition of “US Enterprise Business Outsourcing & 3rd Party Services Expenditures, 2007-2012” to their offering.
This Excel-based Data-rich Deliverable (DRD) that is part of the Business Managed & Hosting Services and Enterprise Business subscription includes market intelligence on business IT: Outsourcing & 3rd Party services expenditures for Enterprise Business. Managed services include expenditures on network-based services that provide a network, application or computing capability to a client and are delivered on an on-going basis by a 3rd party for a recurring fee. Compass Intelligence defines IT outsourcing as expenditures on services rendered by 3rd parties, including IT outsourcing companies. Enterprise Business (Over 1000 employees). The Expert Guide for this deliverable is Kneko Burney. Forecasts are from 2007 through 2012 and include annual growth rate, as well as percentage of total market.
Sources: Our segment and market forecasts, which include business expenditures, market demographics, and usage and adoption statistics, are built using multiple sources, including our proprietary research.
These sources include, but are not limited to:
-Secondary research
-Government data and statistics (e.g. department of commerce, federal communication commission, bureau of labour statistics and us census bureau
-Primary research
-Vendor-based research
-In-depth interviews with key decision-makers (where relevant)
We select data sources to provide greatest degree of perspective on each market or segment, in addition to the highest level of data accuracy, stability, and consistency over time.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
Outsourcing increases risk
|
Tuesday, April 08, 2008 |
|
Source : Click
Study shows companies neglect security
Leading application security vendor Fortify Software announced the findings of a new report released by European information technology analysis group, Quocirca, entitled, Why Application Security is Critical.
Today's businesses are increasingly relying on software development to maintain a competitive advantage, and this new report reveals that the widespread outsourcing of code development is putting these businesses at risk. As organizations increasingly look to outsource application development, they are leaving themselves severely exposed to data predators by failing to mandate security in the development of those critical applications.
According to the report, 50 percent of organizations stating that software code development is business critical outsource almost half of their code development needs. And, according to the report, more than 60 percent of companies don't mandate security when outsourcing development.
"The findings of this report indicate that not enough is being done by organizations to build security into the applications on which their businesses rely," said QuoCirca Analyst Fran Howarth, author of the report. "Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organizations to thoroughly test all code generated for applications -- without which they could be playing into the hands of hackers."
Recent, highly publicized data breaches at companies such as TS Ameritrade, TJX and Hannaford Brothers illustrate how software applications can often contain exploitable vulnerabilities. According to the Quocirca report, all organizations who admitted to being frequently hacked outsource at least some of their coding practice, with 90 percent of companies outsourcing almost half of their application development.
"The processes and systems that run companies today are built in software applications that were designed to be open, which makes them inherently insecure," said Roger Thornton, Founder and Chief Technology Officer of Fortify. "Through outsourcing, customer self-service offerings and the like, enterprises invite people into their network in order to do business better and quicker, but they leave themselves and their corporate assets vulnerable to attack and exploitation. Without assuring the security of the software applications that run your business, you expose your enterprise to unnecessary and costly risk."
In the study, financial services companies are identified as the most likely to outsource their code development needs, with 72 percent reporting that they outsource almost half of their development practices. 84 percent of these organizations report that code development is business critical. Public sector organizations are also big outsourcers, with 55 percent outsourcing over 40 percent of code development.
Study shows companies neglect security
Leading application security vendor Fortify Software announced the findings of a new report released by European information technology analysis group, Quocirca, entitled, Why Application Security is Critical.
Today's businesses are increasingly relying on software development to maintain a competitive advantage, and this new report reveals that the widespread outsourcing of code development is putting these businesses at risk. As organizations increasingly look to outsource application development, they are leaving themselves severely exposed to data predators by failing to mandate security in the development of those critical applications.
According to the report, 50 percent of organizations stating that software code development is business critical outsource almost half of their code development needs. And, according to the report, more than 60 percent of companies don't mandate security when outsourcing development.
"The findings of this report indicate that not enough is being done by organizations to build security into the applications on which their businesses rely," said QuoCirca Analyst Fran Howarth, author of the report. "Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organizations to thoroughly test all code generated for applications -- without which they could be playing into the hands of hackers."
Recent, highly publicized data breaches at companies such as TS Ameritrade, TJX and Hannaford Brothers illustrate how software applications can often contain exploitable vulnerabilities. According to the Quocirca report, all organizations who admitted to being frequently hacked outsource at least some of their coding practice, with 90 percent of companies outsourcing almost half of their application development.
"The processes and systems that run companies today are built in software applications that were designed to be open, which makes them inherently insecure," said Roger Thornton, Founder and Chief Technology Officer of Fortify. "Through outsourcing, customer self-service offerings and the like, enterprises invite people into their network in order to do business better and quicker, but they leave themselves and their corporate assets vulnerable to attack and exploitation. Without assuring the security of the software applications that run your business, you expose your enterprise to unnecessary and costly risk."
In the study, financial services companies are identified as the most likely to outsource their code development needs, with 72 percent reporting that they outsource almost half of their development practices. 84 percent of these organizations report that code development is business critical. Public sector organizations are also big outsourcers, with 55 percent outsourcing over 40 percent of code development.
- ADD TO:
-
Blink
-
Del.icio.us
-
Digg
-
Furl
-
Google
-
Simpy
-
Spurl
-
Y! MyWeb
China marches into outsourcing
|
|
Source : Click
It's mustering a serious challenge to India, but language and culture could hold it back.
In the foothills of Yuelu Mountain here, a young Mao Tse-tung found inspiration in nature for his political aspirations. Today, Communist Party officials have a different vision for this area: a valley of global outsourcing firms.
One of them, Beijing-based Chinasoft International Ltd., is recruiting hundreds of workers to process medical bills and health insurance claims. Its target customers: U.S. doctors.
Chinasoft is launching the venture with a Tennessee firm, Premier BPO Inc., which has similar operations in India and Pakistan. Chen Yuhong, Chinasoft's managing director, thinks it's only a matter of time before China makes big gains against India -- which now leads the world in information technology outsourcing.
"They're seriously concerned about our challenge," said the 44-year-old Chen, who has a PhD in engineering from Beijing Institute of Technology and speaks fluent English.
Most analysts reckon it'll be perhaps a decade before China catches up. India's IT outsourcing revenue, estimated at $18 billion in 2007, is about six times the size of China's. The gap figures to be even bigger for business-process outsourcing, such as medical billing and back-office work. With its history as a British colony, India has workers with strong English skills and familiarity with Western culture. That gives companies there a big edge when bidding for jobs that require reading reports and talking to Americans.
But China's exportsof IT services are growing at roughly twice the rate of India's. Consulting firm Analysys International says Chinese software offshoring sales jumped 45% in the fourth quarter of 2007, to about $600 million. Although much of that was for clients in Japan and other Asian countries, China is making a push to extend its reach.
In 2006, the central government launched the "Thousand, Hundred, Ten" project, aimed at cultivating 1,000 Chinese outsourcing companies that would cater to 100 international clients. Beijing wants to situate them in at least 10 cities. Some are familiar locales -- Shanghai, Beijing and Shenzhen. But success or failure may come down to smaller cities largely unknown abroad.
Wages, plus land and housing prices, have soared in China's top-tier cities, prompting many foreign manufacturers to relocate. Officials hope that places such as Wuhan, Jinan and Changsha will be lower-cost alternatives for the service industry as well.
Junior software engineers in those cities can be hired for $170 to $250 a month -- a third of the going rates in Beijing or Shanghai, said Tian Yuqi, human resources manager at VanceInfo Technologies Inc., a Beijing-based IT outsourcing firm listed on the New York Stock Exchange. Those wages also are a lot lower than in India's outsourcing hubs such as Bangalore and New Delhi, where salaries are spiraling up.
"China enjoys the cost advantage, but India enjoys the market advantage," Tian said.
China's government wants both -- and is helping with incentives. Firms setting up in designated outsourcing zones can enjoy a two-year waiver of taxes. They can get a subsidy of about $700 per employee for training and hiring. Local governments are chipping in with sweet deals for rent and land, as well as cash for certain sectors. Hunan province, for example, has set aside about $56 million to bolster the local animation industry, which is particularly strong in Changsha.
"They're going after it with determination," said Gaurav Gupta, country head in India for Everest Group, a consulting and research firm based in Britain. Gupta and others at Everest track 125 outsourcing cities in the world, including 10 in China and more than 30 in India. Yet for all their potential, he says, Chinese outsourcing companies are generally serving domestic businesses -- not offshore customers, as India's firms tend to do.
Chinasoft's Chen, though, sees a way to leverage China's large domestic market into offshore contracts. As more Chinese businesses and public agencies contract out their IT, back-office and call-center operations, the firms that provide those services could offer connections to Western firms to help them break into the Chinese market.
"We tell them, 'You give us business in [your country], and we'll give you the market here,' " Chen said. Chinasoft also is considering buying a stake in companies like Premier BPO, to help drive more American customers to its fledgling outsourcing operations in China. Though Chinasoft has branch offices around the world, including San Francisco and Seattle, its IT outsourcing revenue was only about $9 million in last year's third quarter, the latest period for which results are available.
Mark Briggs, chairman of privately held Premier BPO, declined to comment on the specifics of the deal with Chinasoft. He agreed that familiarity with English was a major plus for India; something as simple as commas and semicolons can be stumbling blocks for Chinese workers coding data into computers, he said. But training can overcome such language and cultural gaps, and Briggs predicted that the same assets that propelled China's manufacturing industry -- great infrastructure and labor power -- would help it become tops in outsourcing.
"I personally believe China will overtake the rest of the world in BPO," or business-process outsourcing, he said.
Changsha may be well suited to play a key role. Many Chinese regard Hunan as a center of culture and creative talent. The wildly popular television show "Super Girl," akin to "American Idol," was produced here. Changsha accounts for much of the nation's cartoon design and TV programming.
Changsha natives claim an outsize share of placements at top IT companies, managers say. The city boasts three universities rated highly for industrial design and software engineering. China's first supercomputer was developed at Changsha's National University of Defense Technology.
"They have a lot of talented people," said Xuedong Huang, a general manager at Microsoft Corp.'s communications innovation center in Redmond, Wash. Like most major technology companies, Microsoft's investment and work in China have been focused in Beijing and Shanghai. For four years, it has run a small software outsourcing project in Changsha.
"I've been very impressed with the quality, even by Microsoft standards," said Huang, himself a product of Hunan University in Changsha. What's unclear, he says, is whether an inland city as "small" as Changsha, population 6 million, can become a major player in outsourcing.
Changsha has yet to cultivate a star company in IT or business-process outsourcing. One reason is that Changsha's homegrown talent is lured by glitzier, cosmopolitan cities on the coast. Seventy percent of engineering graduates leave Hunan, said Lin Yaping, vice dean of Hunan University's software school. To keep them, "what we need is a dragon head," he said, referring to an internationally famous firm.
About 300 firms have set up shop in Changsha's software and outsourcing zone at the foot of Yuelu Mountain. Some have partnerships with big names like IBM and Google, but most are tiny operations. One of the most promising locally bred IT companies, Powerise International Software Co., faltered and was bought by Chinasoft in 2006.
Today, Chinasoft's 160 staff members in Changsha do IT outsourcing for mainly Japanese companies, but most of it is coding work and software testing, not the high-end engineering and designing that Changsha craves.
VanceInfo Technologies' experience in Changsha isn't encouraging.
The Beijing firm opened a branch here in 2003. Tian said it took him nine months to recruit 60 engineers. They had little trouble doing the work, including developing, testing and localizing software and handling electronic transfers of loans for major banks.
But Tian said his staff in Changsha, lacking strong English skills, struggled in conference calls with customers. Nor were VanceInfo's clients entirely comfortable dealing in a small city unfamiliar to them, he said, and the firm shut the office in 2005.
"Compared to the Japanese, major clients in Europe and North America emphasized much more the city's characteristics," Tian said. "They preferred Shanghai. Our clients weren't supporting our establishing centers in cities like Changsha."
It's mustering a serious challenge to India, but language and culture could hold it back.
In the foothills of Yuelu Mountain here, a young Mao Tse-tung found inspiration in nature for his political aspirations. Today, Communist Party officials have a different vision for this area: a valley of global outsourcing firms.
One of them, Beijing-based Chinasoft International Ltd., is recruiting hundreds of workers to process medical bills and health insurance claims. Its target customers: U.S. doctors.
Chinasoft is launching the venture with a Tennessee firm, Premier BPO Inc., which has similar operations in India and Pakistan. Chen Yuhong, Chinasoft's managing director, thinks it's only a matter of time before China makes big gains against India -- which now leads the world in information technology outsourcing.
"They're seriously concerned about our challenge," said the 44-year-old Chen, who has a PhD in engineering from Beijing Institute of Technology and speaks fluent English.
Most analysts reckon it'll be perhaps a decade before China catches up. India's IT outsourcing revenue, estimated at $18 billion in 2007, is about six times the size of China's. The gap figures to be even bigger for business-process outsourcing, such as medical billing and back-office work. With its history as a British colony, India has workers with strong English skills and familiarity with Western culture. That gives companies there a big edge when bidding for jobs that require reading reports and talking to Americans.
But China's exportsof IT services are growing at roughly twice the rate of India's. Consulting firm Analysys International says Chinese software offshoring sales jumped 45% in the fourth quarter of 2007, to about $600 million. Although much of that was for clients in Japan and other Asian countries, China is making a push to extend its reach.
In 2006, the central government launched the "Thousand, Hundred, Ten" project, aimed at cultivating 1,000 Chinese outsourcing companies that would cater to 100 international clients. Beijing wants to situate them in at least 10 cities. Some are familiar locales -- Shanghai, Beijing and Shenzhen. But success or failure may come down to smaller cities largely unknown abroad.
Wages, plus land and housing prices, have soared in China's top-tier cities, prompting many foreign manufacturers to relocate. Officials hope that places such as Wuhan, Jinan and Changsha will be lower-cost alternatives for the service industry as well.
Junior software engineers in those cities can be hired for $170 to $250 a month -- a third of the going rates in Beijing or Shanghai, said Tian Yuqi, human resources manager at VanceInfo Technologies Inc., a Beijing-based IT outsourcing firm listed on the New York Stock Exchange. Those wages also are a lot lower than in India's outsourcing hubs such as Bangalore and New Delhi, where salaries are spiraling up.
"China enjoys the cost advantage, but India enjoys the market advantage," Tian said.
China's government wants both -- and is helping with incentives. Firms setting up in designated outsourcing zones can enjoy a two-year waiver of taxes. They can get a subsidy of about $700 per employee for training and hiring. Local governments are chipping in with sweet deals for rent and land, as well as cash for certain sectors. Hunan province, for example, has set aside about $56 million to bolster the local animation industry, which is particularly strong in Changsha.
"They're going after it with determination," said Gaurav Gupta, country head in India for Everest Group, a consulting and research firm based in Britain. Gupta and others at Everest track 125 outsourcing cities in the world, including 10 in China and more than 30 in India. Yet for all their potential, he says, Chinese outsourcing companies are generally serving domestic businesses -- not offshore customers, as India's firms tend to do.
Chinasoft's Chen, though, sees a way to leverage China's large domestic market into offshore contracts. As more Chinese businesses and public agencies contract out their IT, back-office and call-center operations, the firms that provide those services could offer connections to Western firms to help them break into the Chinese market.
"We tell them, 'You give us business in [your country], and we'll give you the market here,' " Chen said. Chinasoft also is considering buying a stake in companies like Premier BPO, to help drive more American customers to its fledgling outsourcing operations in China. Though Chinasoft has branch offices around the world, including San Francisco and Seattle, its IT outsourcing revenue was only about $9 million in last year's third quarter, the latest period for which results are available.
Mark Briggs, chairman of privately held Premier BPO, declined to comment on the specifics of the deal with Chinasoft. He agreed that familiarity with English was a major plus for India; something as simple as commas and semicolons can be stumbling blocks for Chinese workers coding data into computers, he said. But training can overcome such language and cultural gaps, and Briggs predicted that the same assets that propelled China's manufacturing industry -- great infrastructure and labor power -- would help it become tops in outsourcing.
"I personally believe China will overtake the rest of the world in BPO," or business-process outsourcing, he said.
Changsha may be well suited to play a key role. Many Chinese regard Hunan as a center of culture and creative talent. The wildly popular television show "Super Girl," akin to "American Idol," was produced here. Changsha accounts for much of the nation's cartoon design and TV programming.
Changsha natives claim an outsize share of placements at top IT companies, managers say. The city boasts three universities rated highly for industrial design and software engineering. China's first supercomputer was developed at Changsha's National University of Defense Technology.
"They have a lot of talented people," said Xuedong Huang, a general manager at Microsoft Corp.'s communications innovation center in Redmond, Wash. Like most major technology companies, Microsoft's investment and work in China have been focused in Beijing and Shanghai. For four years, it has run a small software outsourcing project in Changsha.
"I've been very impressed with the quality, even by Microsoft standards," said Huang, himself a product of Hunan University in Changsha. What's unclear, he says, is whether an inland city as "small" as Changsha, population 6 million, can become a major player in outsourcing.
Changsha has yet to cultivate a star company in IT or business-process outsourcing. One reason is that Changsha's homegrown talent is lured by glitzier, cosmopolitan cities on the coast. Seventy percent of engineering graduates leave Hunan, said Lin Yaping, vice dean of Hunan University's software school. To keep them, "what we need is a dragon head," he said, referring to an internationally famous firm.
About 300 firms have set up shop in Changsha's software and outsourcing zone at the foot of Yuelu Mountain. Some have partnerships with big names like IBM and Google, but most are tiny operations. One of the most promising locally bred IT companies, Powerise International Software Co., faltered and was bought by Chinasoft in 2006.
Today, Chinasoft's 160 staff members in Changsha do IT outsourcing for mainly Japanese companies, but most of it is coding work and software testing, not the high-end engineering and designing that Changsha craves.
VanceInfo Technologies' experience in Changsha isn't encouraging.
The Beijing firm opened a branch here in 2003. Tian said it took him nine months to recruit 60 engineers. They had little trouble doing the work, including developing, testing and localizing software and handling electronic transfers of loans for major banks.
But Tian said his staff in Changsha, lacking strong English skills, struggled in conference calls with customers. Nor were VanceInfo's clients entirely comfortable dealing in a small city unfamiliar to them, he said, and the firm shut the office in 2005.
"Compared to the Japanese, major clients in Europe and North America emphasized much more the city's characteristics," Tian said. "They preferred Shanghai. Our clients weren't supporting our establishing centers in cities like Changsha."
- ADD TO:
-
Blink
-
Del.icio.us