Can we trust cloud providers to keep our data safe?

Are big cloud providers better at protecting our data from cyber-attacks?

Cloud computing – storing data and applications remotely rather than on your own premises – can cut IT costs dramatically and speed up your operations.

But is it safe?

Despite the rise of public cloud platforms offered by the likes of Amazon Web Services, Microsoft Azure and Google Cloud, less than 10% of the world’s data is currently stored in the cloud.

So what’s holding many companies back?

Technology of Business explores the issue of cloud security.

What’s so good about the cloud anyway?

Building your own energy-hungry data centres is expensive and time-consuming, while managing hundreds of software applications chews up IT resources.

If you can outsource a lot of this hardware and software to specialist tech companies that can expand or reduce the level of service according to your needs, it can save you a lot of time and money.

More Cloud Computing features from Technology of Business

  • Fast cash: The high-speed world of cloud-based finance
  • From wetsuits to wine: Small firms embrace the cloud
  • Could cures for cancer lie hidden in the cloud?
  • The wearable tech giving sports teams winning ways

“Business leaders are looking to optimise and grow their businesses, and cloud can give them that – reducing costs and providing better customer experience,” says Gavan Egan, managing director of cloud and IT solutions for global telecoms giant, Verizon.

And being able to plug into a range of ready-made cloud-based services helps you develop new products at a faster pace, potentially giving you a competitive edge.

What are the risks?

“The biggest risk is giving up control of your data to someone else using different data centres in remote places,” says Mr Egan. “What happens in the event of a disaster? You’re also putting your data next to someone else’s.”

In other words, your data could get lost, wiped, corrupted or stolen.

There is also a risk that by outsourcing file and data management to a third party, firms will assume all the security has been taken care of, argues Kamran Ikram, managing director of consultancy Accenture’s infrastructure and security practice.

“You can’t assume that – it’s still your data and you are responsible for it.”

So how do cloud providers keep our data safe?

The most obvious way is through encryption, both while the data is in transit and while it is “at rest” on the cloud servers, explains Ian Massingham, Amazon Web Services’ (AWS) chief evangelist for Europe, Middle East and Africa.

AWS, by far the biggest public cloud platform provider with more than a million active customers a month, has more than 1,800 security controls governing its services, says Mr Massingham.

Customers can choose to control their own encryption keys if they wish, he says, as well as set the rules for who can and can’t access the data or applications.

“Most of our security innovation comes from customer demand,” he says, “so the bar for security gets ratcheted up every time.

“But we’re not the owners or custodians of the data – we just supply the resources,” he says. “We don’t control how the data is protected, customers do.”

It says a lot that online retailer Amazon is happy to run its entire business on its own cloud platform.

What other security methods do they use?

Mark Crosbie, international head of trust and security for Dropbox, the cloud file storage and collaboration company, says the way data is encrypted can also increase the level of security.

“We split each data file into chunks – a process called sharding,” he says, “and these chunks are then separately encrypted and stored in different places, so if someone did manage to break in and decrypt the data they’d only get access to random blocks.”

Aaron Levie, chief executive of cloud rival Box, says: “Instead of sending the files, Box sends a link to the file – you can preview the content without actually downloading the data. Our software was designed to deliver a much more secure way of sharing content.”

Dropbox also encourages companies to use two-factor authentication – passwords supplemented by a one-time code generated by a different device, such as a smartphone or fob.

“The bad guys always target the password – people are still the weakest link,” says Mr Crosbie.

So is data actually safer in the cloud?

Well, that depends on the quality of your cloud provider compared to that of your own IT department.

Most of the major data breaches that have taken place over the last five years, from Sony to Ashley Madison, TalkTalk to Target, have been from internal, not cloud-based, databases, says Amichai Shulman, chief technology officer of cybersecurity firm, Imperva.

But he adds: “There is always an inherent threat that administrative personnel working for a cloud provider could access your machines or data from within – that’s a business risk you are taking.”

This is why the major cloud providers give customers the option to handle their own encryption keys, meaning no-one inside the provider could get access even if they wanted to.

And some companies are now adopting a “hybrid” approach – keeping their more sensitive data in a private cloud and other data and applications in the public cloud.

If it’s so safe, why isn’t everyone moving to the cloud?

Good point. These are still early days – less than 10% of the world’s data is estimated to be stored in the cloud.

“Financial institutions have been reluctant to go to the cloud because there may be holes in the model – they’re risk averse,” says Accenture’s Kamran Ikram.

But even this understandably cautious sector is gradually beginning to trust it.

Late last year, US bank Capital One said it was reducing the number of its own data centres from eight to three by 2018 and moving a lot of its processes and product development to AWS.

And Towergate Insurance recently announced that it was migrating its IT infrastructure to the public cloud as well.

Where is all this data stored?

The major public cloud providers offer a number of data centres – AWS has 12 globally – storing multiple copies of customer data. So if one centre is destroyed in an earthquake or other natural disaster, your data is still safe.

But concerns around data privacy, particularly in Europe following the rescinding of the Safe Harbour data sharing agreement and the Edward Snowden leaks, mean providers are increasingly offering the option to host data in customers’ own regions.

US file storage and collaboration firm Box, for example, recently announced it would be expanding its data storage locations to Germany, Ireland, Singapore and Tokyo, by piggybacking on existing cloud infrastructures provided by IBM and AWS.

Having this choice is particularly important for heavily-regulated sectors, such as financial services and healthcare.

How do you choose a good cloud provider?

That largely depends on what you want it to do. Certain cloud providers specialise in specific functions: Salesforce for sales and customer data; Workday for finance and human resources; Box for file sharing, for example.

But first and foremost, a cloud provider must understand your business, says Verizon’s Mr Egan.

“Do they understand the regulatory requirements governing payment card or health data, for example,” he asks. “And can they prove that they can do what they say they can do?”

Imperva’s Amichai Shulman says prospective customers should also ask to see up-to-date certificates from international security standards organisations.

But reputation is as good a guide as any.

Source: BBC.Can we trust cloud providers to keep our data safe?

Advertisements

Should you outsource your IT help desk?

Whenever an organisation contemplates outsourcing part of its IT operation, the IT help desk is often first cab off the rank. Depending on the size and nature of the business – and on whether that IT support is purely to serve staff, or customers as well – running it in-house can throw up some fairly obvious pain points.

In a small organisation that cannot justify dedicated help desk resources, IT staff who have to answer questions from users might well, feel it to be a distraction from their ‘real’ work and they may also get frustrated answering what they consider to be ‘dumb’ questions. Also, technical people are not always the most adept at dealing with non-technical people struggling with technical problems.

With many more staff working out of the office there’s a growing need for out-of-hours support, but in many cases there will be insufficient demand to justify providing this. It’s also difficult for smaller organisations to ramp up help desk resources rapidly to meet demand peaks – and these are almost inevitable when, for example, an upgrade or a new corporate application is rolled out.

Outsourcing to a specialist provider has the potential to solve all these problems, and more. A provider of IT help desk services is dedicated to the job: it can select and train staff to do just this, not as some add-on to another IT role. It has the resources to meet demand peaks, and similarly to adjust to demand troughs.

As a specialist an outsource help desk provider can invest in the latest tools for remote support and, because it provides support to a wide range of organisations, is likely to be familiar with the sorts of problems that occur much sooner than any company providing support internally.

While many organisations contemplating outsourcing their IT support might weigh up the costs compared to in-house provision, a far more important consideration is trust, especially if customer support is being provided.

Poor support can impact employee satisfaction and productivity and, more importantly, customer satisfaction. Also, outsourcing support can weaken the business’ relationship with its customers, which is never a good thing.

Given the different priorities of internal staff help desk support and customer support, it’s best to consider the two as separate projects.  However generally if it is done well, an outsourced service will deliver better results than in-house. The trick is to set goals and monitor performance to ensure that service levels are met, and maintained.

Goals should be specific: to provide internal technology support; to provide support for business-to-business users; or to provide support for consumers. Each has different needs, so adopting a one-size fits all approach may not be wise.

And goals should be measurable. They can be financial goals such as return on investment, or response time, average length of call, percentage of situations resolved on the first call, customer retention, and customer/user satisfaction.

Source: WhaTech-Should you outsource your IT help desk?

Outsourcing customers gain innovation with Request for Solution

When enterprises go looking for an outsourcing provider, they often enter the conversation thinking they already knew what solution would be best. In the era of so many emerging technologies, more and more buyers are finding it in their best interest to hold judgement and allow the experts among those providers to dream up the best solution they can.

Several years ago, we launched an innovative new way for an enterprise to contract for services, the Request for Solution (RFS). It was conceived of as a way to harness the service provider community’s best thinking in situations where a client couldn’t or didn’t want to be prescriptive. It was an alternative to traditional RFPs that would still lead buyers and sellers to strong, sustainable relationships with market-correct terms and conditions but leave much more of the solution decisions up to the bidders.We thought it would be an overnight success. We thought buyer and sellers, in what was a stale outsourcing marketplace, would embrace it. They didn’t. We built it, but nobody came.Over the years, we helped a few progressive clients with RFS processes, but the vast majority of the deals in the industry continued to happen the old-fashioned way. In the past six months something has changed. I’ve seen an impressive surge in demand for RFS processes. I’d say that close to 50 percent of the new deals we see are using the RFS method, or a hybrid method that combines RFP and RFS. Why is this happening, and why now?

  1. It’s easy to be prescriptive when solutions are standard. Today, more and more buyers want bespoke solutions, so what works for company X may not work for company Y. A key criterion for buyers, whether they admit it or not, is feeling unique, and they want a solution that feels customized for them.
  2. The technology changed, so nobody can claim they’ve done it many times before—it is too new. Yesterday’s marketplace was built on more or less thirty years of fairly well-established and consistent commercial and technical practices. They had evolved over time, but they weren’t turned upside down until recently. With the recent advances in cloud, automation, social and mobility, no provider can demonstrate vast experience, so a buyer is more open to letting them experiment and propose their own creative solutions.
  3. Companies are more comfortable with outsourcing than they ever have been. Before, buyers wanted everything locked airtight to avoid as much risk as possible. It was hard to believe that anyone could handle any given function better than “us,” so we created parameters, rules, processes and hard lines never to be crossed. Today, there are no rules. Sure, clients expect to be kept compliant with regulations and some standards—but what are the standards for something that has never been done? The RFS serves these clients well. And more and more large companies are willing to enter a true partnership with their providers to innovate. You see it everywhere—the Internet of Things, engineering services, social media.
  4. The new technologies are hitting the mainstream, but they are still new. What did we think of the cloud three years ago? Scary. It had all kinds of security, privacy and architecture issues. The cloud today? Table stakes. But that still doesn’t mean it comes in only one flavor. Engaging the creativity of the market can often yield the very best ideas, and the RFS process is designed to allow a buyer to benefit from the ideas of multiple providers, regardless of who they actually select for the work.
  5. The value of intellectual property is declining. This is not something I welcome, but I believe it is a reality. Information is readily available to anyone who is sufficiently motivated, and buyers and sellers of IT-enabled services realize that these aren’t the areas to focus on for protecting the secret formula. The RFS encourages sharing of ideas that would have made us all very uncomfortable just a few years ago.

I don’t believe the more traditional RFP will go away. How many large companies still have mainframe? How many have truly adopted a BYOD policy? There will always be a place for the RFP. In fact, as the pendulum swings and we discover and authenticate the best practices of the emerging technologies, we may swing back to the RFP. The service provider industry, through sheer size and exposure, has far more capability to think big thoughts and turn them into actionable ideas than any single one of their clients. Why not harness all that capability? If you want to prescribe your solution, the RFP will always be there to support you. If you want to engage a broad community in developing the solution, the RFS is the way to go. More and more of my clients are going that way.

Source: CIO.com-Outsourcing customers gain innovation with Request for Solution

Call centre outsourcing undergoing big changes

Historically, call centre outsourcing contracts have had a much bleaker track record than other types of deals such as BPO and IT outsourcing.

CIO reports this week that figures show between a quarter to a third of all call centre deals up for renewal in a given year end up being terminated – a much higher rate than other types of outsourcing, which average at 15 percent.

What is more alarming, according to a recent report by Everest Group, is that termination rates have risen exponentially over the last two years to an average of 50 percent where contact centres are concerned. On the other hand, those who choose to continue their previous call centre contracts generally decide to expand the scope of their outsourcing either adding geographies, lines of business, or high-value processes.

Everest Group analysts explain the dual trend by the fact that contact centre contracts are now subject to higher expectations on the part of contractors. Once an area of outsourcing where price competition was imperative, voice contracts are now seen as an essential part of the business strategy. Those unable to contribute their own share towards business growth and improvement are usually in for an unwelcomed surprise – contract termination.

Jeffrey Puritt, president of TELUS International, told CIO “Call centre outsourcing buyers now expect their incumbent providers to go ‘beyond the obvious’ of the service-level agreement, especially after the first few years of the relationship. Contracts are not renewed because these relationships have failed to deliver meaningful, long-term, value”.

Source: sourcingfocus.com-Call centre outsourcing undergoing big change

4 Steps to Outsourcing Knowledge Intensive Processes

By Dr. Karin Stumpf and Johannes Deltl, Managing Directors of Acrasio, Germany for the Outsourcing Journal Special Editions – In the last years outsourcing has seemed to slow down and dou- ble digit growth rates for providers are not achievable anymore. This is partly due to the maturation process of the industry and also the result of unrealistic expectations regarding outsourcing engagements. But there is light at the end of the tunnel.

Nevertheless outsourcing is still on the agenda of western companies for several reasons. First massive cost reduction are expected as there is still a significant difference in labor costs between western and developing countries. In addition there is the demographic development and based on this a foreseeable shortage of local resources in the next ten years. Plus outsourcing companies are moving up the company’s value chain: new areas like outsourcing knowledge intensive processes are being explored.

Taking these developments into account and learning from the mistakes and pitfalls of the past we are suggesting four steps for the successful outsourcing of knowledge processes.

  1. Strategic identification of knowledge processes that are outsourceable
  2. Glocalization – the usage of on- and offshore-components for the operations model
  3. Invest in change management
  4. Utilize all possible communication channels

1. What shall be outsourced? A strategic view on internal processes

The processes identified for outsourcing should be reviewed to make sure the decision is commercially sensible and is aligned with the business strategy. Not all (knowledge) processes are outsourceable, some should be kept in house. Reasons not to outsource could be manifold e.g. in the case of market intelligence for confidentiality reasons, or when coordination or training effort is too high, or when company-internal knowledge is necessary.

The challenge when outsourcing knowledge processes, is that very often these knowledge intensive processes are not well defined. Take for example the provision of critical market intelligence for decision makers. Often market information is collected in more than one department, there are a lot of redundancies and a high level of inefficiencies. Critically reviewing such setups gives you plenty of improvement potential independent whether you want to outsource the process or not.

Based on their industry and knowledge process experience outsourcing providers are also able to come up with suggestions for new solutions, workflows or in some cases even revenue generating ideas that the company has not thought of – they therefore can also be considered as external innovation driver for your company.

2. Glocalisation – Use on- and offshore-components as operations model

Outsourced processes of transactional nature can, after some setup and training periods, be handed over to several service providers around the globe. But when outsourcing knowledge intensive processes you need much more supervision and ongoing direct contact with the team. If we take the example of outsourcing strategy support processes, the topics of interest will change over time or the work might get interrupted for more urgent requests from the top management.

Our experience is that the best operations model is a mix of onsite and offsite-resources. A native local person can help minimize the potential of cultural misunderstanding and can translate the requirements and needs for both sides (client and offshored team) and will put the request in the right context.

As attrition rate in outsourcing countries is generally higher than in Europe this solution also reduces the risk to lose too much critical knowledge. On the other hand the flexibility in ramping up and down a team based on the client requirements is given in the BRIC countries but are restricted in Germany and in Europe in general. So a mix provides the best of both worlds.

3. Consider (and budget for) change management activities

Outsourcing often lead to fears of getting replaced, losing status or control. When tackling more complex tasks like knowledge intensive processes, highly skilled employees in the company are being confronted with situations they never thought of and are not ready for. Be it strategy, investment research, marketing, market research or market intelligence – nowadays a large fraction of the current (even core knowledge) processes can be run by outsourcing providers. Three different agendas collide in such a outsourcing situation: Client’s Employees – Provider (and Its Employees) – Client’s Business.

As for any outsourcing project it is crucial to invest in change management activities to clarify the company’s strategy, the upcoming changes for the individual due to the outsourcing and to share the companies’ objectives. It is important not to reduce change management to training and information activities: proactive change management should cover the redefinition of the internal roles and clarification of the outsourced responsibilities, the ongoing governance as well as cultural alignment of the different teams.

Consider a separate budget (and do not cut it during the project setup) as it pays big dividends when running a smooth outsourcing activity.

4. Utilize all possible communication channels

As we are dealing mostly with countries that have different cultures, religions and values the success rate of outsourcing projects depends on the understanding of each other and also on effective communication. The need for information increases with the complexity of work streams and geographical distance. Clients often have difficulties defining their exact needs or the output they want to achieve upfront, so in an iterative and ongoing process the solution will be developed together. Giving the nature of work and the need for ongoing communication the analysts in an outsourcing setup with these more complex processes will be much more visible than in a more administrative environment.

To ensure ongoing communication we usually use shared virtual project rooms, collaboration tools, video conferencing and chat communications. It´s also advisable to setup regular phone calls and meet or invite the teams frequently in person.

Another important topic that is often overseen is the development of a unified taxonomy – especially in a multicultural setup it is crucial to have an aligned understanding of terms. These goes beyond company specific jargon and acronyms and should also covers basics like the same understanding of time (“next week”), delivery status (“nearly finalized”) and feasibility (“slightly difficult”) to avoid frustrations over time.

Summary

Outsourcing is still a vital and important strategic tool for senior management especially if you plan to outsource knowledge intensive processes. To take advantage of the engagement you need to be in-line with your strategic vision and understand the different objectives and cultural mindsets of all participants. With the right investment in change and communication activities your outsourcing engagement is well prepared for success.

Source: outsourcing-journal.org-4 Steps to Outsourcing Knowledge Intensive Processes

Your 6-Step Guide to Successful Outsourcing

Outsourcing is a big decision for any company. The process of finding, hiring and training an independent contractor can seem daunting, but it can also be hugely rewarding.

Follow these 6 steps to make sure you get it right the first time.

1. Decide If Outsourcing is Right for You

The first, and perhaps the most important, step to successful outsourcing is deciding whether it’s an appropriate move for you and your business. If your business isn’t ready to outsource, doing so can result in an unhealthy arrangement. If you pass over too many tasks too early, you can lose control of your business.

The easiest way to decide is by comparing time and cost. Assess how much you will pay a qualified freelancer or agency to do the task and how long it will take them to complete it.

Then ask those same questions of yourself. For example, say you’re considering outsourcing some graphic design. You might spend ten hours fiddling with an Adobe program you don’t really understand for a product that’s just “okay.” Or, you could spend $100 and have an excellent product by the following week.

Timing will play a major role in this decision: If you’re under a time crunch, you might not have the luxury of outsourcing a certain task.

Furthermore, you need to consider the added time of imparting your vision to an independent contractor and managing deadlines. You’ll also need to budget time for the hiring process, to make sure you find the right person for the job.

Finances play another role, obviously. If you don’t have $100 available to outsource a task, you’ll need to do it yourself. But it might be worth considering a reshuffle of your finances to increase productivity.

2. Create the Perfect Job Description

If, after careful consideration, you feel outsourcing is a good fit for your company, the next step is to create a very detailed job description. The importance of this step can’t be understated. It will save you time and money down the road to set clear expectations from the very start of your relationship with an independent contractor.

If the job is for a recurring task that you are currently handling yourself, document your actions for a week or two. Write down everything you do relating to the task and take screenshots and videos of what is happening on your computer. From this outline, a job description will start to emerge.

If this is a one-time, product-oriented task, like the creation of a logo or marketing materials, start by creating priorities. What do you want to have in your hand when the job ends? When do you need it? What do you want it to look like or what purpose do you want it to serve?

Don’t worry about being brief in the job description — the more detail, the better.

3. Hire Proactively

Gone are the days when one could just put up a job posting and wait for the right person to show up at the office. You might get a lot of responses, but it’s unlikely that you’ll find the best person for the job unless you play an active role in the search.

One of the best places to start your search is within your own network. Have any of your friends used a graphic designer or copywriter they can recommend? These recommendations can be hugely helpful and save you some time of sifting through potentials.

If you decide to go the agency route, you’ll have an easier time finding a match because agencies market themselves.

However, I haven’t had the best experience with outsourcing to large companies and prefer the personal, one-on-one nature of working with an independent contractor. I recommend trying Upwork and LinkedIn Recruiter. Both sites will give you access to a freelancer’s portfolio, references and work history.

4. Do a Trial Run

Just because you’ve found a freelancer who looks good on paper (or a computer screen) doesn’t mean you should immediately hire them and hand over your entire project. If possible, hire them for a paid trial job.

Be open and honest about the fact that this is an extension of the interview process, to make sure you work well together. Keep the trial project small and manageable, but complex enough that you get an idea of the freelancer’s skills, reliability, punctuality and attitude.

5. Document the Process

Once you have found the perfect independent contractor, request that they carefully document their process. This is especially important for repetitive tasks that you might end up rehiring for later on.

Just as you documented your actions while creating the job description, have the freelancer record their actions. This will help you monitor their progress and also provide a blueprint for future hires.

6. Have Faith

Trust is key in every relationship, and your relationship with a freelancer is no different. Micromanaging a contractor completely defeats the purpose of outsourcing.

Take the time that you have saved by outsourcing a task and use it wisely — don’t constantly check in with your freelancer. If you take your time and complete the hiring process correctly the first time, you should find someone you trust and be able to hand over responsibilities to them without concern.

The first time you make the jump to outsourcing, it might take a while to both find a contractor and train them.

But outsourcing continues to get easier and easier as you develop an awareness of your company’s needs. It’s a powerful tool worth using to increase productivity, lessen stress, and reach your full potential.

Source:  CMSWire-Your 6-Step Guide to Successful Outsourcing

Armenia – Most advanced outsourcing center and innovation hub in region

An IT conference is being held in Yerevan with the goal of raising international awareness of Armenian IT and attracting investments and outsourcing.

Prime Minister Hovik Abrahamyan attended the opening of the conference.

“Favorable investment and business environment, sufficient infrastructure, development of fields with potential of export and competitive advantages of those fields are the main factors which make Armenia attractive for investors. The Armenian investment policy is based on free principles, aimed at integrating Armenia into the global economy. Privileged trading regimes are implemented in Armenia, the work force is pretty educated and qualified, export is not taxed, there are no limitations on export quantity. In addition, Armenia is a leading country among CIS countries, with freedom of economy and entrepreneurial indicators”, the PM said.

Referring to the competitive advantages of Armenia in terms of IT, the PM said that the advantages are the highly qualified human resources, who have technical knowledge and entrepreneurial skills, the low operational costs, experience with multinational companies, and the legal field on protection of intellectual property which is in accordance with international standards.

The Prime Minister also presented statistics, according to which 70 percent of the Armenian IT products are being exported.

“79 percents of the exported products are delivered to Canada and USA, 10.8 percent to Europe, 8.8 percent to Russia and CIS countries”, he said.

Director of the Union of IT enterprises Karen Vardanyan said main gaps of the field will be discussed in order to find solutions. “During the conference we will speak about how to present Armenia to the world, how the consultation companies should operate, with what resources, because there are resource limitation issues”, he said.

IT consultant of the New York office of “Ernst & Young” Emma Arakelyan said they have organized a conference of special importance, trying to include various parties of interest.

“This conference is special, because all parties of interest are here to lift the Armenian IT field one step higher. Our main goal is creating Armenia the most developed IT outsourcing country”, she said.

Source: ArmenianPress-Armenia – Most advanced outsourcing center and innovation hub in region