How banks are now making their way into the cloud

Over the last few years, Cloud Infrastructure-as-a-Service (IaaS) solutions have become a highly popular approach for IT outsourcing in many industries. The advantages of IaaS are obvious: flexibility, speed and no capital expenditures.

Banks have slowly started to use public cloud services in particular for those parts of their business which depend on speed and flexibility. However, while many industries can easily transfer workloads into the cloud, the financial services industry faces special challenges when it comes to compliance. Banks are confronted with very demanding regulatory requirements related to security and data confidentiality, in particular when CID (client identifying data) is involved. Financial regulators will always hold a bank responsible for compliance of their IT infrastructure and IT operations even when these have been outsourced. Hence, banks need cloud providers who understand these requirements and can build and help operate banking IT workloads in a regulatory compliant cloud environment. As a new breed of specialised Cloud IaaS providers emerge, banks can now count on compliant cloud infrastructures as well as services delivered by cloud professionals who have experience with the strict regulatory environment under which banks operate.

The bank and the cloud provider have to ensure compliance at three separate levels.

The first level covers the bank’s operating country legal framework where data is stored as well as the physical security of their data centres. Adequate data privacy can only be ensured when the country’s legal framework offers sufficient data protection. In addition, data centres in which the cloud provider operates its cloud have to be compliant with the stringent security policies that are required for bank outsourcing.

The second level covers compliance of the cloud provider and its cloud infrastructure, which includes the cloud provider’s processes as well as its contractual framework, i.e. customer and employee contracts. The cloud provider must be able to provide proof of the relevant certifications and compliance audit confirmations such as compliance with ISO 27018 – “Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors”. The cloud infrastructure must be corporate grade. This means it must conform to typical IT architectures of banks. IT architectures of banks regularly include different security zones and security features like multiple routers and firewalls which are deployed sequentially. Such designs enable the bank to differentiate between zones with a maximum of protection and accessibility only for a restricted group of persons and other zones with less restrictive access rules. The cloud provider must understand how banks use these architectural designs to operate their specific IT workloads and must be able to provide the technical security features. Another corporate grade element is the requirement of multi-redundancy, allowing e.g. for disaster recovery setups across different geo redundant data centre locations.

The third level covers the ability of the cloud provider to support the bank with the relevant know how enabling them to set up and operate compliant IT workloads in a cloud environment. This means that not only does the cloud provider have to be compliant with his own infrastructure, governance and processes but the whole bank IT workload which has been outsourced needs to be compliant too. It includes the initial architecture and its respective security design elements as well as compliant governance and processes under which bank employees and/or employees of the cloud provider access and operate this workload. The cloud provider has to understand the implications of such setups and its employees have to be trained accordingly.

Where cloud providers typically help banks on their way into the cloud

To make a bank’s cloud project a success it is vital that the cloud provider supports the bank from the beginning on when considering transferring an IT workload into the cloud. This starts with getting a thorough understanding of the bank’s workload. Typically banks want to test certain aspects of their workload before starting an implementation project. Performance tests is just one possibility.

When the cloud provider gets a full understanding of the bank’s IT workload he will be able to deliver a sound quote which realistically reflects the workload’s initial cost implications. Cloud IaaS offers typically follow some form of pay-as-you-go model so a common understanding of the initial resources requirements is crucial to get this figure right.

As a next step the cloud provider will support the bank with architectural design options in the cloud.  The cloud provider can further support the bank when they intend to pursue due diligence activities. This is a regular requirement in particular when business relationships are new. A cloud provider’s expertise and experience in such processes can significantly speed up the process. Such activities can comprise detailed questionnaires, additional performance tests and on-site visits of the cloud provider’s data centers. The same goes for the availability of corporate grade contracts and SLAs which have to be in line with the requirement for banking organisations.

If all these steps are successfully completed, the IT environment can be set up in the cloud. Already during the finalisation of the infrastructure setup, testing of separate modules can be initiated until service readiness will be fully achieved. This means that the testing phase has been successfully completed and the bank gives its approval to start using the cloud environment productively.

Having the right partner is key

For banks and other financial services companies it is essential to fully understand how compliance can be achieved when outsourcing certain workloads into the cloud. Having the right partner who understands a bank’s compliance requirements in the cloud is key. For the cloud provider is not sufficient to just provide the plain cloud infrastructure. The cloud provider’s organisation has to fulfil strict compliance standards and its employees need the know-how to support the implementation and operations of such workloads into the cloud. This enables the bank to achieve significant gains from higher flexibility and lower costs, while still remaining compliant with the regulatory framework it operates in.

Once banks and other financial services firms have overcome these hurdles, the rate of adoption of cloud solutions by them will significantly increase.

Source: banks are now making their way into the cloud

IT outsourcing year in review: Grading our 2015 predictions

We predicted that this was the year that IT outsourcing companies would welcome standardization, outcome-based contracts would finally take hold and RFPs would become a thing of the past. Now it’s time to grade those and the rest of our predictions.

Earlier this year, and its outsourcing experts made several bold (and a few slightly less daring) predictions for IT services in 2015. We suggested that this year, companies would get serious about managing their IT supplier risk. (Not exactly.) We said that renegotiation and multi-sourcing would dominate contracting activity. (They did.) And we envisaged the arrival of outcome-based sourcing and the departure of the RFP. (Neither, alas, came to pass.)
We revisited all of our prognostications from last year and found that, once again, we got half of them right. Three of them were off base, and two were just beginning to take shape at year-end. As we pull together our forecast for 2016, here’s how all those 2015 predictions panned out.

Right on target

Customers embrace standardization

Companies did, in fact, become less interested in customer solutions and the intensive infrastructure required to support them. “They largely see standardization as a way to drive productivity, efficiency and maintainability of solutions,” says Marc Tanowitz, managing director of outsourcing consultancy Pace Harmon.

“Service providers have clearly moved away from asset based deals, which is forcing buyers to increasingly invest in optimizing their IT infrastructure to meet the needs of their stakeholders. What’s more, cloud providers began to offer more protections and options in their standard agreements, explains Rebecca Eisner, partner in the Chicago office of law firm Mayer Brown. “Companies embraced standard offerings in 2015 in large measure because providers began to embrace the needs of big company customers. This is particularly apparent for core functions for which cloud terms have historically been ill-suited.”

Renegotiation reigns

Companies didn’t just renegotiate at the end of their outsourcing deals, they started re-examining them mid-term, says Dan Masur, partner in Mayer Brown’s Washington, D.C. office. “The renegotiations have been driven in part by re-solutioning to bring in new technologies, retrofitting to add digital technologies, restructuring to adopt outcome or output based pricing, reconciling the contract to changing realities, and re-sourcing components of the services to specialized providers.” This behavior, however, was more stop-gap than strategy, says Bill Huber, managing director with outsourcing consultancy Alsbridge. “The market has shifted dramatically, and re-competes have demonstrated the potential to unlock significantly greater value at this juncture than can usually be achieved by a straight renegotiation, whether or not the renegotiation includes re-scoping.”

Multi-sourcing multiplies

Manufacturing is driven by data. From inventory management to cost of goods sold, there is no shortage of information to track. The Internet of Things (IoT) adds to the plethora of data by enabling expanded data…
The deal-per-customer ratio continued to climb. “Clients are becoming increasing comfortable with best of breed suppliers and multi-provider environments,” says Tanowitz of Pace Harmon. “Driven by popularity of the cloud, standardization allows clients to ‘plug in’ or ‘unplug’ providers easily, and many companies have moved away from deals with a heavy asset investment by the provider.” However, points out Information Services Group (ISG) partner Steven Hall, “many enterprises are still challenged with governing in a services-based environment and have yet to modernize their governance organizations. We continued to see rapid adoption of SaaS solutions; workloads/applications moving to public cloud environments; and the implementation of bi-modal IT models, which all require advanced governance capabilities seen in product lifecycle management.”

The cloud comes down to earth

Finally. “In 2015, cloud computing reached the end of the beginning,” said Paul Roy, partner in the business and technology sourcing practice of Mayer Brown. “Cloud computing has become and is now a routine part of outsourcing conversations and solutions.” Public, private and hybrid solutions were all on the table. “At this point, enterprises’ forward looking investments almost always include cloud infrastructure for the apps they are supporting,” says Pace Harmon’s Tanowitz.

The sourcing decision becomes data-driven

“2015 saw the continued rise of Technology Business Management and TBM software providers,” says ISG’s Hall. “IT organizations are starving for actionable intelligence, based on their data, to help them make sound investment decisions.” Tanowitz argues that sourcing has always been data driven: “data and analytics are essential to ensure sourcing decisions are grounded in a solid business case and also to ensure that the procurement process remains objective and audit-proof. We expect this to continue to be the case, even for emerging technologies and new and innovative services.”

Off the mark

Outcomes become the name of the game
If only. “Outcome-based sourcing continues to face headwinds,” explains Huber of Alsbridge. “Progress is being made, but the fact is that outcomes are difficult to define in a way that fits traditional contract structures, and they take time to get right. This is going to take more work by smart, creative deal-shapers before outcome-based sourcing can truly replace traditional input-based models as the predominant sourcing model.” So far, the best we can offer is that some deals have shifted from input-based to output-based, says Brad Peterson, partner in Mayer Brown’s Chicago office. “Pricing on outcomes like cash collections looks like a true answer but—like most true answers—takes great diligence and skill to achieve and remains relatively rare,” he explains. “However, the move to output-based pricing is an important move away from the typical pricing based on inputs and a step closer to a true business outcomes measure.”

The business takes over

Business leaders did play a bigger role in procuring IT services—particularly cloud services—than in the past. However, “IT remains vital for the integration of service provider solutions and for effective security,” says Eisner. “The business has certainly taken over the digital agenda in many organizations and SaaS solutions, such as HR technology, are being made outside of IT,” says ISG’s Hall. “But, many CIOs have stepped up this year to own the digital agenda for their enterprise.”

And odds are IT may become even more integral to future sourcing decisions. “Cybersecurity and interoperability trump unfettered business-centrism as the Internet of Things adds another layer of complexity and vulnerability,” says Huber Alsbridge.

The RFP fades

“The RFP continues to be an essential piece of the competitive procurement process, particularly for complex products and services,” says Tanowitz of Pace Harmon. “However, we are seeing more collaborative approaches to RFPs, such as co-developing statements of work and creating more solution-oriented approaches to RFPs that lend more flexibility to the process and allow suppliers to offer innovative solutions.”

While the RFP remained entrenched, it did not go unquestioned. “The RFP has not gone away, but the old templates have grown stale, and sourcing processes, including RFPs, need to become more adaptive,” says Alsbridge’s Huber. The tried-and-true approach never worked well for emerging technologies, says Peterson of Mayer Brown. “There, RFIs, RFSs and Proof of Concept projects work better. However, the RFP has remained a trusty tool for traditional outsourcing deals where it remains important to communicate requirements and obtain comparable information from potential service providers.”

Wait and see

Dawn of the cloud robots

“We’ve certainly seen an uptick in conversations about robotics process automation (RPA), but the reality is that cloud robots are still little more than Excel macros at this point,” says Tanowitz. “Providers discuss cloud robots frequently and the benefits can be meaningful in terms of productivity gains, but we haven’t seen clients take advantage of the technology in a meaningful way.” Automation is advancing, says Brian Bodor, partner in the global sourcing practice of Pillsbury, “but we have yet to see the ‘rise of the machines.’ We expect to continue to watch this trend in 2016 and beyond.”

Where robotics and automation have taken hold is not cloud computing, but business process outsourcing, says Roy of Mayer Brown.

Supplier risk takes center stage

Outsourcing customers did not get serious about supplier risk overall, but they did get hyper-focused on cybersecurity. As a result, clients paid more attention to service location in signing deals, says Eisner of Mayer Brown. “We generally see supplier risk conversations ebb and flow with current events,” explains Pace Harmon’s Tanowitz. “Rather than preparing for supplier risk based on geographic instability or events, we’re seeing enterprises preparing more holistically for disaster response and recovery, including assessing cybersecurity risks and the protection of customer data that may be in the hands of their supplier.

Source: outsourcing year in review: Grading our 2015 predictions By Stephanie Overby  

Telecoms Media & Technology Marketplace Analysis

As the domicile of many international banks, data protection continues to drive an increased share of work in this field, along with traditional outsourcing services. In particular, lawyers have reported ongoing compliance issues as concerns are raised over the security of company and client data. Concurrently, the Swiss federal government has looked to reform the telecoms market after its 2014 report concluded that the Telecommunications Act does not adequately provide for developments in the field and should be revised. As the TMT sector continues to develop, we have selected 36 lawyers for their stand-out expertise in these areas.

Walder Wyss delivers a highly impressive array of leading lawyers in this space. As a result, it is regularly cited as the market leader in information technology and telecommunications law. The “excellent” Didier Sangiorgio is without doubt “one of the stars of the industry”; he advises on an array of TMT transactions and global outsourcing projects. Jürg Schneider draws widespread praise from his peers for his “technical brilliance”. He is considered a leading lawyer in licensing, outsourcing and data protection. Mark Reutter is “brilliant to work with”, according to peers. He is “solutions-oriented” and “very pragmatic”, as well as a “go-to lawyer” for outsourcing transactions. Hans Rudolf Trüeb is an “exceptional handler” of technology transfers, licensing, distribution, cooperation and outsourcing projects. His “excellent market knowledge” is complimented by his “intellectual and creative approach”. Bernhard Heusler reinforced the Walder Wyss team in 2014. He is an “established practitioner” and “a key figure in the market”, especially in relation to outsourcing projects. Michael Isler is “a talented lawyer” who regularly advises in complex ICT, outsourcing and technology transfers.

Homburger has an established practice in the IT field that performs very well in our research. David Rosenthal is one of the most prominent data protection experts in the country. He is a “walking library of information”, according to peers. Georg Rauber, head of the IP and IT practice group, focuses on IT projects and outsourcing. He is an “intelligent and practical lawyer” who is widely respected for his longstanding practice in the industry. Gregor Bühler is well known for his data protection work. He is “attentive and pragmatic”, according to clients.

The boutique firm epartners Rechtsanwälte stands out for its expertise. Urs Egli, a founding partner of the firm, receives widespread acclaim for his “knowledgeable, highly competent and professional approach”. He has developed “excellent” relationships with his clients based on a “solutions-oriented” methodology. Alexander Schmid focuses his practice on contract law; in particular, IT outsourcing agreements, licensing, maintenance and service agreements. He is described as “an excellent lawyer with both a computer science background and a commercially oriented approach”.

Schellenberg Wittmer operates a successful practice in this area, particularly in relation to disputes. Andrea Mondini advises clients in contractual matters as well as acting as counsel in related litigation and arbitration proceedings. He is a “strong negotiator” and a “valuable source of advice”. Alongside him, the “exceptional” Roland Mathys advises clients in the IT field on both transactions and data protection matters.

Robert Briner of CMS von Erlach Poncet is one of the most experienced practitioners in this field. He is widely respected in the IT field for his “encyclopaedic knowledge” of software, computer, technology and e-commerce law.

Ursula Widmer, founder of Dr Widmer & Partners, Attorneys-At-Law, is “one of the most instantly recognisable names in IT law”. She is widely cited by peers and clients for her “unsurpassed knowledge of the industry”.

Lenz & Staehelin is represented by the well-known Lukas Morscher, head of the firm’s TMT practice group. According to sources, he is “exceptional” at outsourcing matters and “never puts a foot wrong”.

Peter Neuenschwander, a founding partner of Suffert Neuenschwander & Partner, has “unsurpassed experience” in outsourcing and IT projects. He is considered the “dean of the bar” and a “very impressive lawyer”.

At Augsburger Deutsch & Partner, Wolfgang Straub is a “star”. He is very popular among peers for his “accuracy and consistency”, and his technical knowledge of IT law.

Sole-practitioner Gianni Fröhlich-Bleuler is favoured by clients for his “forward-thinking” approach and “commercial understanding”. In particular, he has “vast experience” in software contracts and outsourcing transactions.

Michele Bernasconi of Bär & Karrer is very well regarded by his peers. He is often called upon for his “sound judgement” and “unquestionable expertise”.

Christian Laux, at the IT boutique Laux Lawyers, is a widely known to be an “intelligent lawyer” with an “extremely in-depth technical background”. His expertise and natural ability ensures that he is a popular source of counsel.

Rolf Weber is both a recognised academic and a private practice lawyer at Bratschi Wiederkehr & Buob. He is widely lauded for his knowledge and expertise; sources say, “He provides concise practical advice.”

Emil Neff, founder of Neff Legal, is an “industry veteran” and a “pioneer” in the field. He is “exceptional” at all things related to contracts and outsourcing agreements, according to peers.

At the boutique Id est avocats Sàrl, Michel Jaccard “is one of most outstanding lawyers in the area.” He is “technically proficient” in a range of technology-related transactions and data protection matters.

Vischer is represented by its “standout” TMT practitioner Rolf Auf der Maur. His “professional approach” is admired by his clients, as is his ability to “weigh up risks and find solutions.”

Lukas Bühlmann, at Bühlmann Attorneys at Law, focuses on e-commerce, internet and data protection matters. He is highly recommended for his work in these fields, and peers praise his “sharp mind and perceptive approach”.

At Pestalozzi, Clara-Ann Gordon operates a broad practice in this field with “a remarkable understanding of the tech market.” She consistently impresses clients with her “committed approach” and “technical ability”.

The “outstanding” Stephan Kronbichler, co-founder of Kronbichler & Tourette, has a deep wealth of experience, particularly contracts for complex IT outsourcing projects. He is described as “practically minded and very solution orientated.”

Nicola Benz of Froriep is a well-known IT and IP lawyer. She advises companies of all sizes on their licensing, contractual and outsourcing requirements. Respondents cite her as an “insightful and efficient lawyer” and a “strong drafter”.

Eversheds’ Leonz Meyer is an experienced hand in technology and IT law. His “detailed and solutions-oriented advice” is praised by his peers.

At Niederer Kraft & Frey is the “brilliant” András Gurovits, who advises clients on outsourcing transactions. He is an established practitioner with “a consummate understanding of technology.”

Mathis Berger of Nater Dallafior Rechtsanwälte is experienced in representing technology clients in commercial transactions. His “knowledgeable and commercially minded approach is a valuable resource”, according to sources.

At Python & Peter, Thomas Legler is recognised for his “longstanding and insightful practice”. As a respondent noted, “he combines an impressive understanding of technology with a sense of clients’ needs”.

Gérald Page, founding partner of Page & Partners, is known for his contentious and non-contentious data protection, licensing and IT procurement practice. He is “an astute lawyer, who is able to form bespoke solutions”.

David Känzig of Thouvenin Rechtsanwälte is a “prominent figure” in the telecommunications sector and he also advises on wider corporate transactions in the technologies area. He is “commercially minded and proactive”, according to sources.

Rory Macmillan, at Macmillan Keck, advises internationally based clients on telecommunications transactions and regulations. He is described as a “highly sought-after counsel” in this regard.

Source: WWL-Telecoms Media & Technology Marketplace Analysis

4 Ways To Royally Screw Up Information Technology (IT) Outsourcing

This article is your information technology outsourcing crystal ball to make sure you do it the right way

Outsourcing is big business. Today you can outsource anything from payroll to marketing to HR to legal. And right there in the thick of things is Information Technology (IT) outsourcing. IT is often a prime candidate for outsourcing, whether you are talking about a specific function – such as a help desk – or the whole shebang.

In the 20 years I’ve been a business technologist, I’ve seen a lot when it comes to IT outsourcing. I’ve used outsourcing vendors to deliver internal projects, trained someone offshore to take over my job, and provided IT outsourcing services to my own clientele. And through it all, I’ve observed this: there are four major ways to royally screw it all up. Here’s a free guide on how to do IT outsourcing – the WRONG way.

1. Focus on the numbers, not the strategic plan
Crunch the numbers, but go no further if you want to ensure a real IT outsource mess. Assume the decision is purely budget-driven. All you should focus on is the financial savings you can show by hiring outsource personnel to do the same job for less.

The alternative (and the way to avoid a royal mess) is to examine whether IT outsourcing aligns with your long-term strategic plans, goals, and objectives. You might want to consider the factors suggested by the Outsourcing Institute. For example, will IT outsourcing:

  • allow your company to focus on its core competencies
  • access skillsets not employed internally
  • free existing employees to work on strategic projects
  • compensate for a shortage of personnel
  • reduce time-to-market
  • mitigate risk factors

As you can see, there’s a lot more at stake here than just dollars and cents.

2. Ignore all risks instead of mitigating them
The second way to royally screw up IT outsourcing is to stick your fingers in your ears and say “I am not listening to you” when someone tries to raise concerns. Tell yourself that only pessimists who are afraid of change worry about things like loss of confidentiality, increased information security needs, loss of in-house expertise, potentially problematic quality of service, inconsistent performance, or squirrelly contractual language that might come back to bite you.

Of course, if you get to thinking that those concerns may represent valid risks, then it’s time to take some action. For example, you’ll need to vet a mutually beneficial contract (and that can take some serious engagement at the negotiation table), manage expectations, and streamline communications. And that’s just the beginning of the job. As the relationship unfolds, you’ll want to develop methods to measure the effectiveness of the services you receive and drive continuous improvement.

It’s certainly easier to put on pair of rose-colored glasses but, in the end, you’ll be glad you took a good, hard look at reality.

3. Look at your vendor invoice, not at your TCO
Let’s go back to money for a moment. To guarantee a bad experience with IT outsourcing, be sure that you only use obvious cost factors – like the invoice your IT vendor sends you – in your number crunching. Refuse to take into effect the total cost of ownership (TCO), since lots of those items don’t come from your budget, anyway.

On the flip side, if you want to do IT outsourcing right, you’ll have a lot more line items on your financial spreadsheet, such as costs for:

  • internal project management
  • parallel system administration
  • long-term system integration
  • new hardware and software (i.e., due to legacy equipment or incompatibilities)

4. Tell people to shut up instead of speak up
And the last way to royally screw up IT outsourcing? Tell people to pipe down when they gripe and complain about the change. Ignore the fact that they probably feel threatened, and penalize them when their productivity and engagement drops.

Or, you can actually manage the change for your people. Encourage them to speak up and express their concerns. Engage in dialogue where you explain the reasons for IT outsourcing and let them know how this is a benefit – for everyone involved. In short, keep their motivation high.

There you have it: four ways to royally screw up IT outsourcing … or (even better) how to avoid a screw up. Outsourcing is here to stay: isn’t it worth the effort to do it right?

Source: CIO-4 Ways To Royally Screw Up Information Technology (IT) Outsourcing by Christian McBeth

Security and outsourcing – whose responsibility is it anyway?

Why CIOs have to think about their outsourcing projects and responsibilities in 2015

Security continues to be a thorny problem for organisations to deal with. According to a recent survey by the Ponemon Institute, 67% of IT organisations have tightened access to company data because they had increased requirements or concerns around security. As companies hear about more and more data breaches occurring through an employee’s compromised remote access account or a vendor’s network login, the immediate reaction is to shut down access as much as possible.

At the same time, however, outsourcing around IT security is increasing. When Pierre Audoin Consultants researched attitudes towards outsourcing of security operations, the firm found that 34% of companies used managed security services, while 13% outsourced all their IT security requirements. Of the large enterprises surveyed, only 21% used no external services.

Read more at: Information Age-Security and outsourcing – whose responsibility is it anyway? by Ben Rossi 

Outsourcing voting: How private companies could profit from British elections

Switching to electronic voting poses lucrative opportunities for private companies – and they’re now champing at the bit to get involved.

It is, right now, a relatively small market. Only about 20 countries around the world look to the international marketplace to procure electronic systems which will help their elections run smoothly. Most of them have done so out of necessity. Governments facing limited public trust have proved more likely to abandon the laborious – and easily manipulated – paper-based voting methods than those in countries whose system isn’t obviously broken. Latin American states have been the most enthusiastic adopters. They’ve had some success. In Brazil, where the most recent presidential contest saw a gap of just 1.5% between the two main candidates, the results were released by the morning after polling day. And they weren’t contested.

In Europe progress has been slower. An Irish attempt turned into a classic IT fiasco. A Dutch effort was quickly hacked, prompting embarrassment and a rapid retreat to paper-only systems. Europe has on the whole been a tricky market because of widespread worries about cybersecurity and privacy issues.

And then, last month, a sudden enthusiasm for making the change suddenly emerged in Britain.

Source: politics-co-uk-Outsourcing voting: How private companies could profit from British elections By Alex Stevenson

Santander data storage: Gimmick or real challenge to IT giants?

Spanish bank Santander is taking on the IT giants at their own game by offering data storage to its corporate customers: But is this just a side show to inject confidence in an industry facing increasing competitive tensions.

While banks have the trust of their corporate clients, they cannot compete with companies such as Amazon and Google when it comes to scale for services such as data storage.

But Santander chairman Ana Botín recently said banks are perfectly positioned to offer corporate services such as data storage.

“As I think, ‘How I am going to compete with all these new technology players?’ I can offer the same services as some of these big guys,” she said. “As a small business or private individual customer, where you lodge your information is something you should think about. One of the things banks have is trust and resilience and, with all the cyber risk, that is incredibly important.”

Botin had a point. The fact that people perceive banks as safer places to store data, and that banks are heavily regulated, could make them competitive. Research of more than 6,000 consumers from Bizrate Insights found 72% of respondents trusted their bank with card details. In comparison, 45.4% trusted Amazon, 21.4% Apple and 12.9% Google.

But this might be a misconception. PayPal has 157 million active users, which is more than most banks, while Facebook has more than one billion users and holds a lot of sensitive data. Meanwhile, Amazon boasts more than 244 million users. In comparison, Santander has 107 million customers, Lloyds Bank has 30 million, HSBC has 52 million and Barclays has 48 million.

Read more at: Santander data storage: Gimmick or real challenge to IT giants? by Karl Flinders

Change management key to outsourcing success

IT outsourcing continues to be a popular option, as it offers a number of well-known benefits, including access to scarce skills, cost reductions, leveraging industry best practices and more.
However, despite spending considerable time and effort in implementing an outsourcing strategy, many organisations fail to leverage these benefits to their full extent, says Shailendra Singh, business director for Africa, Wipro.
The reality is that IT outsourcing represents a fundamental shift in the way the organisation does business, affecting many different areas. In order to ensure IT outsourcing delivers on the expected benefits, change management is an essential component, central to the success or otherwise of the initiative, and cannot be overlooked.
When it comes to implementing IT outsourcing, a large number of organisations treat the venture as a pure cost reduction exercise, and subsequently underestimate the changes this will cause for both IT teams and business users. A large proportion of the time and money involved in the IT outsourcing process is spent on finding the right outsourcing partner.
This often includes hiring consultants to act in an advisory capacity, identifying potential suppliers, evaluating responses to requests for proposals, conducting due diligence, researching the supplier, and negotiating the contracts. While this is of great importance, it is not where the IT outsourcing process ends.
Compared to the amount of time and effort spent on procuring services, the amount spent on considering the impact to users is minimal, which is typically where the challenge arises.
Once outsourcing initiatives are completed, business users need to adapt to the new processes, procedures and service management protocols.. This includes removal of long-established in-house IT support, as well as the introduction of self-help procedures. In addition, there is often a concern from business leaders that the outsourcing partner may not deliver what they need.
If these users are not brought into the IT outsourcing process from the start and reassured that their needs will be met, internal resistance to the new outsourcing initiative could cause hindrances to adoption and result in operational disruptions. For IT teams, outsourcing often changes their role or brings new roles and responsibilities, with new processes and tools that need to be understood and new relationships to develop with the outsourcing partner.
Without fully understanding the impact of IT outsourcing on all parties within an organisation, enterprises run the risk of creating an experience that fails to deliver the expected cost reductions and other benefits, and could put business leaders off implementing further outsourcing projects in future.
Change management is essential in ensuring the success of IT outsourcing. When planning an IT outsourcing initiative, it is therefore crucial to not only obtain the services of an IT specialist that will design an effective technology solution and processes, but also partner with change management experts. This will assist organisation to create a partnership between business users and business leaders with a clearly defined IT service vision and stipulated, agreed-upon criteria for success.
Change management experts can assist in a number of areas, including providing guidance and support to IT leaders in terms of predicting and addressing areas of internal resistance and barriers, and helping teams from different backgrounds collaborate as a single unit.
It is also important to analyse the impact of change across the organisation and define a targeted change plan, as well as to clearly define the new roles and responsibilities for internal IT teams. Change management can furthermore be used, to create internal change agents who will be able to effectively drive adoption within the organisation, and to set up processes that will ensure long-term sustainable success.
Outsourcing has the potential to significantly reduce costs while providing access to the latest technologies and global best practices, however many IT outsourcing projects have simply failed to deliver. This can largely be attributed to enterprises underestimating the impact of IT outsourcing on people throughout the organisation.
Ultimately, outsourcing is not simply another IT project, but a combination of IT projects and change management initiative that needs to be approached from the perspective of the business user. By approaching IT outsourcing in this manner, organisations can drive ownership and adoption of the new services model, ensuring long-term viability, for that important competitive edge.

Souerce: IT-online Change management key to outsourcing success

6 Reasons Why You Can’t Use A Services Grid To Make All Your IT Outsourcing Decisions

There are 6 criteria areas which require scrutiny during any information technology service provider selection process to enable a long-term successful relationship between customer and service provider.

I’ve been on the buyer side of the information technology (IT) outsourcing equation, so I know how it works. The majority of the time, companies reduce selection criteria to a commoditized IT services grid. In such a grid, services are put along one axis and potential vendors along the other. Services are checked off, and the vendor with the most checks (and the best price) wins.

The assumption, of course, is that packaged or pre-defined services are all that matter. Unfortunately, falling prey to “gridlock” often means that a company has missed out on discussing other important aspects of an IT solution … aspects that cannot be neatly docketed in a services grid. This omission often results in bad customer/provider relationships – relationships that typically get worse through the term of the service contract.

It is certainly acceptable to have a service grid as one category for selection, but you also need to weigh other criteria off that grid. Here are six criteria that are often missed entirely, touched on only in passing, or not weighted properly when choosing an IT service provider:

1. Security and Compliance Requirements
Many IT service providers support a customer’s security compliance through service bundles that provide various components. For example, Payment Card Industry (PCI) compliance requires a number of specific security components including Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), file integrity, firewalls and demilitarized zones (DMZs), Incident Response policies, anti-virus, etc. An IT service provider might offer all or some of these. You should know exactly what you require from a security and compliance standpoint, and ensure that the IT service provider can comply.

2. IT Service Integration
In today’s business world, IT service integration is a requirement for a company to remain competitive. Basic Information Technology Infrastructure Library (ITIL) functions require service provider integration and automation to reduce errors and deliver services “on-demand” in an effective, secure manner.

3. Technology Flexibility
What new technology paths are being explored by the IT service provider? That Virtual Desktop Infrastructure (VDI) deployment you are planning for 2016 as part of a re-organization – will it readily integrate with the provider’s current Vblock and VMware Site Recovery Manager environment? What might change for your company in 2016/2017 and how would that effect a three-year Service Agreement signed in 2015? You need to share your planning process with a prospective IT service provider: discussions in the present will reveal whether the IT service provider is positioned to be agile and collaborative in the future.

4. Integration with Third Parties, IT Equipment, and Software
The service provider may be required to work with multiple vendors across geographies within the parameters of IT operation schedules, software releases, and appropriate interfaces – all the while maintaining the use of best practices. This is not any easy task and is worth serious consideration by the customer and the IT service provider.

5. Strategic Partner vs. Order Taker
How diverse and tactical are your IT initiatives, and what value do you need from your service provider to support them? Do you want a true partner for the effective management of IT services to enable your business strategies, or do you want an order taker? Either approach may be appropriate, depending on your needs. An IT service provider partner can assist you in clarifying business strategies, plus play a critical supportive role in helping you to achieve them.

6. IT Governance
If you outsource IT, it is critical that both you and the service provider form a partnership and governance framework in support of your business strategies. A governance framework ensures the appropriate decision rights and accountability of both parties; it determines who makes and contributes to specific IT decisions in support of your corporate principles and performance goals. IT governance keeps everyone on the same page!

You may have noticed that I did not list service level agreements (SLAs), pricing structures, technical support, data center tiers, onshore/offshore reporting, and many other selection criteria categories. That is because I have found that these areas are covered well in almost every review and request for proposal (RFP) I have been involved in. It is the 6 criteria areas listed above that are too frequently lacking, and which require intentional scrutiny during any IT service provider selection process to enable a long-term successful relationship between customer and service provider.

Checkmarks are only part of a healthy IT outsourcing process. Don’t get caught in gridlock!

This article was originally published on SungardAS

Source: CIO-6 Reasons Why You Can’t Use A Services Grid To Make All Your IT Outsourcing Decisions By Glen Seimetz

The Art of Negotiating Technology Contracts

This is the first in a series of articles with respect to negotiating contracts for technology transactions, such as software licenses, cloud transactions and business process or IT outsourcing deals. These products and services often are critical factors in a company’s success or failure, and recent technology failures by major institutions and companies, such as the rollout of and data breaches at major retailers, underscore the need for effective agreements governing these deals.

Technology transactions are unique because they frequently involve a long-term relationship between the provider and the buyer. Thus, the contract must not only reflect the parties’ agreement, but it must also address anticipated changes, such as an increase or decrease in the volume of product or services being purchased, and also establish a framework for the parties to respond to unanticipated changes, such as changes in law, the nature of the buyer’s business, or advances in technology.
Read more at: The Art of Negotiating Technology Contracts