Business Analyst: The Most Important IT Role

Friday, June 11, 2010 by Aaron Whittenberger
Now didn’t I say that Business Analysis has far reaching impact on the organization?  A new Forrester research report supports my claim as it ranks Business Analyst #1 of the 13 Most Important IT Roles.

The age of IT specialization has been replaced by an emphasis on skills that can translate across the enterprise. According to Forrester, this shift can be traced to a number of emerging trends:

* Maturing technologies such as software-as-a-service and business intelligence are changing IT skills requirements;

* The growing array of outsourcing options have altered in-house staffing priorities, with more specialized skills increasingly likely to be outsourced; and

* The continued search for cost-reduction opportunities has changed how IT decisions are made.

With those trends in mind, here is Forrester’s list of the 13 Most Important IT Roles, based on the percentage of IT executives who believe each role is growing in importance.

#1 – Business Analyst – 70%

Talk about holding all the cards: Not only do these IT pros know the business, they also have their fingers on all the insight.  As the saying goes, knowledge is power.

#2 and #3 – Architecture and IT Strategy/Planning – 66%

As IT has evolved into an increasingly important part of business, both of these roles have become critical in ensuring that every department has the infrastructure and tools that it needs.

#4 – Project Management – 65%

What business doesn’t need people who can mange multiple personalities, master numerous business processes, understand different aspects of the business and make sure things get done?

#5 – Security – 62%

With the onslaught of breaches and identity theft that constantly filters through the headlines, not to mention the growing mandates for better access controls, is there really an explanation needed here?

#6 – Service Management – 60%

The whole thing about the customer applies here to, as managing IT from the customer’s perspective has become de rigueur.

#7 – Client Relationship Management – 56%

We’re in the age of customer service, and anyone who’s mastered the art of managing CRM environments is worth their weight in gold.

#8 and #9 – Business Continuity and IT Financial Management – 55%

With companies paranoid about their systems surviving natural and man-made disasters, and cost-effective IT spending more important that ever, it’s no wonder these roles are on the rise.

#10 – Portfolio Management – 50%

This is a growing area driven by the desire to demystify the measurement of the impact of IT investments.

#11 – Asset Management – 34%

Like other spin-offs from more general business roles, this is another specialized function better outsourced.

#12 – IT Research – 30%

Research? That’s what consultants are for.

#13 – Human Resources (within IT) – 20%

HR for IT is an increasingly unnecessary luxury in an increasingly self-service environment.

Take a closer look at that list and you will notice Business Analysis has been ranked #1, #2, #3 and #10.

IT Governance Needs to Change to Gain a Competitive Advantage

Friday, May 7, 2010 by Aaron Whittenberger
Futurists have been fore-telling the look of the business enterprise and the IT Department for years.  The latest version from the Corporate Executive Board state that we are in for rapid, radical change.  It fore-tells that the IT Department in 5 years will bear little resemblance to the IT Department of today.  As business users become more tech savvy, the business units will absorb a lot of today’s IT functions.  Along with continued IT outsourcing, they predict that only 25% of today's IT professionals will still be in IT in 5 years.

The CTO blog does not forecast such a dismal future for the IT professional, but it also acknowledges the need for better alignment with business strategic goals and faster IT solutions delivery.

Whereas, I will not completely buy in to the idea that 75% of today’s IT professionals will not be working in IT in 5 years or that change will be so rapid or radical.  It is increasingly apparent that change in IT solution delivery is necessary, and that is where I suggest that business organizations start; in particular IT Governance. 

I hope to see today’s IT Governance Committee, which approve and prioritize IT business solutions projects, replaced with a Business Improvement Project Review Board who approve and prioritize all business improvement projects.  This new Governance Body will consider all business improvement projects; those with business solutions and those with IT solutions.  As I mentioned a few weeks ago this new board needs to better track all projects and continue to give its support to all projects at every stage of the project.  Once the cost of the project outweigh the benefits, or other external forces make continuance of the project unwise, the project can be stopped and decrease the expense to the organization.

Along with that we will see the idea of a Project Management Office (PMO) replaced with a Business Improvement Office (BIO).  The BIO will be staffed with people with business backgrounds and those with IT backgrounds; however, cross-training and best practices will require all members of the BIO to look for the best solution, considering both business and IT solutions, to meet the needs of the business.  The BIO will take over the project management, business analysis and quality assurance aspects of a project. 

Continued competitive pressures will force the BIO to change its practices in order to achieve faster solution delivery.  Some will embrace the Agile methodology; others will develop some hybrid methodology taking parts from both the Agile and Waterfall methodologies.  However they achieve it, continued pressures for competitive advantage will require continual improvement in the methodology to push for faster and faster delivery while not sacrificing quality.

Many references now forecast a change to IT Departments and IT staffing as we know it today.  It will be interesting to see the changes as they come about and see which forecast was most correct.

Homeshoring, the new trend in IT Outsourcing!

Tuesday, March 16, 2010 by Aaron Whittenberger
According to an InfoWorld article this month, the U.S. IT market has added 25,000 jobs in the first two months of 2010.  This is the largest month-to-month gain in IT staffing jobs in the U.S. since 2008 according to U.S. Labor Department statistics.

A contributing factor to that increase may be a new trend in the IT Outsourcing called “Homeshoring” or “Onshoring”.  This is an alternative to offshoring your IT outsourcing by placing it in low-cost, non-urban U.S. areas.  Monty Hamilton, CEO of Rural Sourcing Inc., recently spoke at the 2010 Outsourcing World Summit, where the idea of homeshoring was well received.

As salaries in India increase because of past American offshoring IT strategies, rural America becomes more competitive.  This along with the other benefits, such as culture and the favorable time zone, may spark an increase in the coming years to homeshoring. 

Mr. Hamilton notes that Small to Mid-sized Businesses (SMB) are first to realize the benefits of homeshoring.  He also makes note that a few jobs may still be lower cost as offshore, such as moving stack A to stack B.  However, when it comes to IT staffing, enterprise application development and IT strategy consulting, homeshoring is the growing trend.

Is IT Qualified To Satisfy The Business?

Monday, November 9, 2009 by Aaron Whittenberger

“IT executives increasingly implement marketing initiatives to improve the communications with their business customers. But these efforts often focus solely on the brand aspects of the services under the IT’s control without understanding the business’ perception of IT. To maximize the success, IT must add business satisfaction assessments to its tool kit. Understanding business satisfaction requires qualitative and quantitative data that capture customer expectations and perceptions through different types of interactions such as interviews, panels, focus groups, complaint systems, and surveys. This report provides best-practice recommendations, survey templates, and questions to guide IT executives through the deployment of a business satisfaction assessment. It applies Forrester’s deep expertise in external customer satisfaction to the interface between business customers and their internal IT suppliers.” says a new Forrester report.

I have served on countless business application development teams within several organizations in the Southwest Ohio and Cincinnati Information Technology community, one thing I can say is that most IT organizations do not gauge business satisfaction with IT business solutions.  I have served in only a couple of organizations where the business serves on the IT governance committee.  An organization does not have to be “big” to have an IT governance committee.  No matter what the size of the organization decisions are made as to priorities in IT work.  IT governance does not have to be a long drawn out process or take great time commitment from the business or IT executives, but business involvement in IT governance goes a long way in gaining business buy-in as you roll out the IT business solutions to the business.

Involvement in IT governance is just one way that many organizations in the Greater Cincinnati area can improve the IT-business relationship.  The Forrester report goes into ways to solicit and gauge business satisfaction with IT business solutions.  Doing so should affect decisions concerning not only IT business solution delivery but also IT Infrastructure and IT outsourcing initiatives.

 

Takin’ the Basset Hound to the Farm (Part One)

Tuesday, October 20, 2009 by Jeff Welsh

Seems like it has been a while since I have had a chance to do a post.  For the last 3 weeks things have been absolutely crazy in our IT consulting world, but in a good way.  We had a chance to go to the Techserve Alliance national conference in Las Vegas.  I have heard all the jokes, including the one about it staying in Vegas.   We did learn that just because you are pre-checked with the airline, does not mean that your bags are.   We got our bags checked with literally a minute to spare and fortunately all made it back to Cincinnati.

Upon return, we signed a support contract for a new customer.  They trust us enough to outsource their entire IT applications support to us.  We have a real life example of an IT Strategy that was discussed at the conference (See #3).  Not only was IT strategy discussed but business strategy as well.  Here are some highlights:

1. Market Differentiation - customers have lots of choices, how will you stand out?

2. Improve Systems and methodology for delivering service- excellence, efficiency, depth of service.

3. Outsource what you can-eliminate the busy work that does not add strategic value.

4. Deal with the economy being slow to recover till 2012, spend your money wisely, hire wisely, fire quickly, and refine what is working, stop what is not.           

5. Build Alliances with like minded providers in different industries and sell collaboratively to serve the customers' need.

My favorite of these five is number four.  Said another way, its takin’ the basset hound to the farm.  I’ll expand more on that in my next post.


 

IT Outsourcing in for some big changes

Tuesday, October 6, 2009 by Aaron Whittenberger
A new report from Gartner Research Firm

IT Outsourcing is not going away anytime soon, but a new report from Gartner Research states that the market is in for some big changes.  The report predicts that one in four business-process outsourcing firms will disappear within the next three years.

The article in InformationWeek gives advice to CIOs who wish to initiate a new IT Outsourcing contract on warning signs to look for in your prospective BPO partner that would indicate this firm may not be able to fulfill any new contract:

1.    Are they losing money?
2.    Are they winning new business?
3.    The loss of marquee clients.
4.    Poor capitalization is impeding growth.
5.    Toxic exposure to tainted financial firms.
6.    Lock down your exit strategies.

In another article in EconomicTimes I read that IBM will goble up half of India’s IT outsourcing business in 2010. 

This is not to suggest that the offshore IT outsourcing business is coming home.  IBM’s business is international.  With IBM awarding one-half to 1 billion dollar contracts, many India firms will not be able to compete in delivering hardware, software, IT consulting services and integrated business solutions.  IBM is one reason that 25% of IT BPO firms will meet their demise within the next three years.

Take a Team Approach to IT attacks

Tuesday, September 8, 2009 by Aaron Whittenberger
You more than likely already know you need the best security possible to prevent an attack. You also need IT infrastructure and IT staffing in place to respond to an attack if one happens.

Incidence response should be one of the most important items on your IT security agenda. Your company must be prepared to respond to an incident once it occurs and quite possibly to stop the next one.

As of late, disgruntled employees violate internal policies or misuse system access for their own monetary gain or for revenge on employers due to mergers, outsourcing of business or IT jobs or employee lay offs.  Internal threats are as real as external threats.

IT experts say that security professionals with the right skills can help lower the number of and potential for incidents at any organization with their responses.

An article in this week's GovInfoSecurity.com outlines the experts you will need:
  • Network security specialist: A person familiar with intrusion detection systems.
  • Penetration testers: Someone who can assess a system's potential vulnerabilities.
  • Incident handlers: People who understand attack methodology and can apply critical thinking skills to respond to incidents.
  • Forensics Analyst: The person who looks for evidence after an attack.
  • Research Analyst: The person to keep abreast technological advances in incident response activities.
  • Team Leader: Leads the team through crises and communicates to the business incident activities and cost to the business.
The article also outlines a typical methodology the team should follow to respond to all types of attacks:
  • Preparation and Training: for both prevention and incident response.
  • Identification: fast identification of an occurring attack and its impact on the IT infrastructure can help in minimizing the duration and cost of clean-up.
  • Containment: Once an attack has been identified, steps must be taken to minimize the effects of the attack.
  • Recovery and Analysis: The recovery period allows analysis and lessons learned of What happened? Why did it happened? Was the response effective?
Is your IT infrastructure safe from internal and external attacks?  The proper IT infrastructure safeguards and IT staffing with proper security skills can help ensure your organization's security.

Are IT Jobs on the Rebound?

Sunday, August 30, 2009 by Aaron Whittenberger
A Network World article reports that the U.S. gained 7,400 IT jobs in August.  Gaining back what was lost the month before and following five months of losses of IT jobs in the U.S.  Hopefully this is the first signs of the U.S. coming out of the recession that has gripped the country.

Adding to the good news for IT Services Companies in Cincinnati, across Ohio and the country; as well as application development personnel is news from the U.S. Citizenship and Immigration Services that demand for H-1B Visas are on the decline.  They expect the entire 85,000 visas to be given out this year, just not as quickly and with the same frenzy as in the past few years.  FierceCIO continues to state that ‘employers are putting a greater emphasis on hiring American workers, buying American goods and abandoning offshore outsourcing’.  Where I do not believe this to be the general direction of employers in America, some smaller employers may have taken this direction but large firms continue their offshore IT outsourcing plans.

So does all this mean that better times are in store for IT business solutions professionals in America?  I remain pessimistically optimistic.

There is no such thing as a good guy

Wednesday, February 18, 2009 by Matt Warman

There has long been talk among application development team members of the questionable practices of Microsoft. There have been discussions on alternatives to "good" companies like Apple and Google. Google’s motto has been "do no evil." Apple has been held up as an example of how to do it right, but recently they seem to have been using the same practices as the Redmond outfit. Apple’s iPhone is very popular; in fact, it’s the best selling smart phone. The purpose stated by Apple for the smart phone was to "shake up" the existing cell phone providers to give better applications to consumers. You don’t have to be an application development team member to know just how awful cell phones can be. The interfaces are slow and kludgy, and while Europe and Asia can fully utilize their phones, U.S. phones are purposefully crippled or "locked." This is so the provider can charge you more for the services you should already have. The iPhone shook up the world with the iPhone, and sleek, easy to use interface. You are not constrained by the maker; there are many apps that you can run and buy for it. The problem is, they have to be approved by, or more likely created by Apple. There is a public SDK for the iPhone, but there are restrictions. Some smart application development guys figured out a way around those restrictions, and can use a locked or "jail break" phone to run your homegrown applications. Apple is trying stop this by calling anyone who jailbreaks a phone a criminal. The EFF is fighting back, asking for an exemption to this law citing fair use. Fair use at one time meant that you could buy something, and it was yours. You could modify it any way you want. Some have argued that it’s Apple’s product, so they should determine how it is used. How would you feel if you bought a GM car, and you could only use genuine GM parts purchased at the GM dealership? Worse, if you didn’t, you went to jail.

That doesn’t seem like a "good guy" to me. I would keep a close eye on Google. They have been making some proprietary moves of late too. When the top player in your field has a "dirty" reputation, it is easy to differentiate yourself by being the "good" guy. Does being good mean locking out competitors and locking in consumers? Or is it just the way to do business?

This Is Your Opportunity

Friday, February 6, 2009 by Michael Kiffmeyer

I read today that unemployment has risen to 7.6%.  Yes, its official – we are in a recession.  However, that does not mean there isn’t opportunity because there is.  If everyone believed everything the press is saying our economy does not have a chance and the United States is going to cease to exist.

I also read today that the U.S. government is going to re-visit its parameters for H-1B Visas because they are being used by recruiting body shops rather than giving foreign nationals the real opportunity that they seek.  This means that application developers and specialist are going to be able to make up ground that they have lost to foreign nationals in the past.

My suggestion is for developers to increase their skill-set now before the economy begins to get worse.  Information technology consulting has never been a steady business it always has had peaks and valleys.  When the economy is good projects are plentiful.  When it starts to decline projects usually come to a grinding halt.  But is you have multiple skills it decrease your odds of becoming a statistic.

Organizations try to do more and more internally rather than outsource it when the economy begins to falter.  The more skills a person has the better chances one has to stay employed.  This holds true for IT staffing, development and consulting.  Additionally, when a developer or infrastructure architect can show an organization how to safe time, investment and people through the implementation of their solution they will endear themselves to that particular organization.

Good information technology strategy can more than pay for itself in this economy.  Organizations everywhere are dependent on technology and they need processes to become dynamically automated so they can accomplish more with less while the move towards models of efficiency that will contribute to the productivity of the organization.

Make it your mission to learn more applications and methodologies that can greatly increase the productivity of any company.  To do this is to build value for the organization and you by ensuring there will always be a job for those that are willing to innovate and create a better way.  

This is your opportunity.  Make it happen!

 

Talent Challenges

Thursday, January 29, 2009 by Michael Kiffmeyer

There is trouble in the near future for talent needs and it is coming in various flavors:
 

  • According to the Bureau of Labor statistics, in 2010 over 10M jobs in the United States will go unfilled – in 2022 it will be 30M jobs
  • College graduation rates are down to 54% and 75% of new jobs will require a college degree
  • Making the wild assumption that Baby Boomers (44 – 62 years old) will leave the workforce when they are retirement eligible (is that at 55 or 65?) – there isn’t enough Gen X (28 – 43 years old) to replace them (78M Boomers versus 40M Gen Xers). Gen Y (7 – 27 years old) is big (70M), but still lacks the experience (hello…most haven’t even graduated) to make an immediate impact
  • The average time in a company for Gen X is four years; for Gen Y it’s more like two and while the Boomers have been pretty loyal in the past, but the technology market hasn’t exactly rewarded them for that loyalty.
  • According to an AARP survey of Boomers - 31% of mature workers became responsible for a dependent parent; 23% had an adult child move back home; and 16% were providing child care or day care for grandchild.  50 to 80 hour work weeks, while tolerated by Boomers and some Gen Xers, won’t be tolerated by Gen Y and won’t be of interest to Boomers as they ‘mature’ in their careers and many take on the care of family members. So, since everyone knows that a 40 hour work week for technology professionals is a joke – who’s going to be doing all the work?

Well, I was thinking there are a couple of answers here but those answers will involve a major paradigm shift in the way we think about our workforce today. 

Baby Boomers are learning very quickly that retirement will have to be postponed because of our current economic conditions.  This wealth of knowledge can be instrumental in assisting those organizations that are struggling with Information Technology Staffing because these folks are going to be around a little longer than they planned!
 
Information technology departments will have to create a hybrid workforce model that will be made up of Baby Boomers, Gen Xers and Gen Yers.  Still another approach is to work closer with IT outsourcing partners to ensure you have the talent that you need.  My organization, STAR BASE, Inc. makes finding superior IT talent for IT jobs a fulltime pursuit.

Finally, another emerging model that will be downsized IT department with only mission critical personnel and several part-timers that will be used from time-to-time.  This model will be subsidized from time-to-time by outsourced to information technology staffing partners that can assist in bridging the gap.

 

Suggestions for CIOs in a Downturn

Thursday, January 29, 2009 by Michael Kiffmeyer

cutsThe global economy is tanking, layoffs are everywhere but organizations need to remain positive and work through these difficult times.  Information technology is no exception to this statement.  Often times when companies decide to cut budgets the information technology department is a prime target to be cut.

So, what can a prudent CIO do to address budget cuts while still operating his/her organization at a competitive advantage?   Here are some suggestions that may help:

  • Ratios - Look at your ratio of onsite permanent IT employees.  Perhaps you could reduce the number of permanent employees to only those that are essential to the mission.  Outsourcing the rest of the work to a local firm often times is far more cost effective than permanent employees.
  • Time-to-Market – If products and applications can be delivered faster, though a combination of in house personnel and outsourced talent then companies will reap the benefits sooner.  Work closer with your outsourcing partners to save time, investment and even the dreaded budgets cuts.
  • Revisit your Processes – By working closely with your outsourcing partner.  If your team can find how to deliver applications an automated process with fewer touches and less defects there will be less time and money spent on re-works.  IT departments must leverage knowledge, experience and tools to gain a competitive advantage while decreasing cost.
  • Productivity Improvements – Your internal and your external outsourcing IT partner must embrace being able to accomplish more in less time and at a lower investment.  The true business value of IT will be felt across the enterprise.
  • Negotiate Your Rates – Any true business partner or business technology consulting firm, will be open to rate reductions if you are willing to negotiate a long term partnership.  Dedicated consultants are looking for long-term business partnerships.  If you are willing to commit to a set amount of hours they will br eilling to negotiate rates with you.


Application development outsourcing and IT staffing outsourcing can have many benefits in these times of economic challenge.  Your organization still needs to operate on a day-to-day basis.  Re-think your approach for the mutual benefit of your organization and your outsourcing partner.
 

Improve Your Skills!

Wednesday, January 21, 2009 by Michael Kiffmeyer

According to an international survey of senior business executives by global consultancy, McKinney Rogers, business leaders believe that putting their faith in developing the skills and abilities of their workforce is the best way to reduce an organization’s exposure to the risk of recession.

With recent media attention focusing on the impact of sub-prime lending and the current global economic downturn turning into a full-blown recession, the survey, which encompassed Europe, Africa, Asia Pacific, and the US, was designed to gauge awareness, perceptions and trends on the issue and what can be done to minimize the risk of a recession’s impact on global business.

I would suggest that the same holds true for independent developers as well.  If you want to ensure employability you need to be a life long learner with multiple skill-sets to assure yourself that you always have skills to offer regardless of the development platform.

I am a person who makes his living assisting firms to reach their technological and operational goals while the discover the real value of IT. One of the challenges that I face is trying to place the right IT talent into these organizations.  As you read this blog you do not need me to tell you that the job market is extremely tight and companies are being very selective in who they hire and who they do not hire.

Not too long ago, application developers and technology consulting firms could concentrate on a given skill-set or set of tools and find plenty of opportunities to meet their offerings.  That appears not to be the case any longer.  Organizations of all sizes have multiple needs and they have learned that this world waits for no one.  That means they must continually re-access technology, work processes and skill-sets to meet the demands of their marketplace.

These are the reasons why any Internet application developer or web application developer must learn multiple skill-sets to make sure they continually improve their value in the marketplace.  It is no longer enough to have just RPG skills. Clients are looking for individuals that know RPG, J.D. Edwards and possibly some Java skills.  For web develops we are finding that knowing Dreamweaver, Photoshop and ColdFusion are not enough.  Depending on the firm that we are recruiting for they also want the people they hire to know PHP, MSQl, AJAX, .Net, Java and Javascript.

Want to make sure you’re always employable during these trying economic times?  Increase your skill-set and make yourself more valuable to those organizations that are hiring.


Phone Future?

Monday, December 8, 2008 by Matt Warman

With the success of the iPhone, and new releases by Google and Blackberry, it is clear that the next generation of phones will find their way into business users’ hands. What does this mean for application development team members?

First, a little opinionated history of the telephone industry. As a mandated monopoly for many years, telco technology was stagnated until it were forcibly separated. Technologies like the cell phone were created after they were forced to compete. The recent re-consolidation of the "Baby Bells" is showing that profit is more important than innovation. Fortunately, companies like Apple and Google are pushing the technology.

Unlike other countries, the U.S. has large population bases spread out over thousands of miles. There are many areas today without Internet or cell phone coverage. "The last mile" installation has been a hotly contested issue for a while now. Countries in Europe and Asia have exceedingly fast networks. For example, Japan is working on pushing HD movies on demand to the phone. Russia has created its own WiMax service that gives their country better service and coverage.

On the good side, it means there are new interesting applications to develop. I wrote about some applications in an earlier post. These were consumer applications, but could easily be adapted for business. Locating field staff graphically would have a big use in business. Taking a picture of a part, and having the server recognize the part and send a replacement would another example of using the new technology in unforeseen ways. Technologies like Flex and  JavaFX will make life for application development team members easier to create the next generation applications.

On the bad side however, is the US cell phone infrastructure. Unreliable, slow networks and conflicting technologies will limit the usage and types of applications written. Application development team members will be frustrated in writing applications that don’t have enough bandwidth to perform.

Will it improve? Time will tell. Clearly the existing service providers are not interested with improving service, and would even like to charge more for access. Once business demands better service, things could improve. The new president is looking to give Internet access for all children. For that to happen, we would need a network that is comparable to the rest of the world. Some even think this issue is so important to our country, a "mobile space race" is necessary.

I think it has to happen, or we will be left behind economically. More workers can telework if the infrastructure is there. That saves valuable energy, and also changes how and even where people live. A federally funded initiative would create a lot of jobs in developing IT infratstructure, networking, and application development, and would greatly benefit not only business, but all of this country.

Is Your Network Secure?

Friday, December 5, 2008 by Aaron Whittenberger
You could probably go into any business in the world and answer that question with—probably not.  The fact is that day by day, more and more companies are becoming vulnerable to internet attacks on their network.  Only 15% of businesses filter malware at their firewall.  SQL injection attacks have more than doubled in 2008 according to a July 2008 report by IBM.  Web applications by far are the greatest point of attack, but attacks on VoIP are increasing according to NetworkWorld. This is caused by many factors including:

1.    Network security technology is not keeping pace with new types of attacks
2.    Some security measures interfere with other security measures effectiveness
3.    Businesses concentrate on securing traffic coming in through their firewall but put little effort in securing their employee’s traffic, both in and out.

Hackers are working daily to find new ways of hacking into networks and websites and the technology to prevent them from getting in is not keeping pace.  They take tools, such as network scanners and snoopers, which Network Security Specialists use to secure their network and scan remote servers for vulnerabilities or ports that should not be open.  Once found, they exploit those points of vulnerability.  Using tools like eVade O’ Matic Module (VOMM), they create thousands of variants of a virus or malware, requiring an equal number of Anti-virus or IPS signatures for your scanning software to pick them up.  They use obfuscating tools to break up the communication packets to help prevent detection of the malware contained within.  These are the kinds of tools and methods that are being used to render your IT infrastructure vulnerable.

Many companies use SSL technology, especially those that have ecommerce websites.  This is great for traffic as it passes over the internet.  SSL encrypts the packets so that they can not be picked off the internet and read.  However, the encryption occurs at the origination of the communication and decryption occurs at the destination, after it passes through the firewall.  So the firewall reads what part of the communication it can read and sees it is destined for your website, has a rule that allows that and passes it through.  It is unable to decrypt the encrypted part of the packet, which may contain a virus or malware.

Companies focus their efforts on traffic to and from their website, but don’t put a lot of effort in securing their employees as they surf the web, for business purposes of course.  Google reports that on any given day 1 in 10 websites is infected with malware.  Today’s attacks are aimed at getting you to an infected website where the malware is hidden on the webpage and downloads to your computer as soon as you hit the website.  Even once trusted websites, such as Wikipedia and Expedia, have encountered recent attacks.  Blogs have become popular in recent years and are usually considered to be from an expert authority on the subject.  But anyone can post a comment to the blog and encourage the readers to go to a URL.  When the reader clicks on the URL link they become unknowingly infected.

So what is the answer?


Technology solutions to be effective against the multitude of the types of attacks that are out there today and tomorrow have to have a layered approach.  Stop the attacks at different points, so that if an attack gets past the first security point, it is stopped by the second or third.

Proxy server

Proxy servers remove the hacker’s view of your servers and applications.  Cost constraints keep a lot of companies from deploying proxy servers, but they more than pay for themselves by allowing your IT Infrastructure Management staff to concentrate on other issues besides security breaches.  80% of Internet attacks are aimed at a specific application, Oracle, MS-SQL or VoIP.  Remove the hacker’s ability to see what is running on your servers and they will be less effective in their attack.

Positive Secure Model

This model states that everything is bad except what is explicitly stated as good.  So rules are put into place for every piece of allowed internet traffic, everything else is disallowed.  This requires in-depth knowledge of your employees and applications.  This model is very effective in stopping the “zero-hour” attacks.  These are very newly created attacks that have been in existence for zero hours.

Deep inspection firewalls

New firewall applications are coming out and will be readily available soon that have the ability to decrypt the SSL packet and inspect it for unwanted traffic.  This gives them the visibility to fully enforce their policy rules on the entire communication packet.

Reputation and Geo-Location policies

Just as every individual and business has a credit rating that indicates to a company or lending institution whether they should do business with this individual or business, serves are coming out that gives a reputation score to websites.  Appliances are put into place to retrieve the reputation score of the website being visited or attempting to get into your website and it is determined whether it will be allowed, or if certain functions, ActiveX, exe or pdf file downloads, JavaScript shall be disallowed.

McAfee reports that Hong Kong, China and Russia are the most dangerous countries for internet traffic.  If you’re a local or regional American business that has no interaction with these countries, why would you have internet traffic from these countries.  

Conclusion

Even though security technology is not keeping pace with the number and changing types of threats being developed out there, there are several technologies being developed to render these attacks less effective.  The best approach to securing your network is to put into place as many of these technologies as possible, but in all cases more than one model is needed to make your IT infrastructure secure.

Golf is not a critical IT skill

Wednesday, November 26, 2008 by Aaron Whittenberger
It is a long-held, widely-accepted point of business 'wisdom' that the tees, fairways and greens of the golf course are a great place for business networking, relationship Golfersbuilding and career advancement.  Hey, I subscribe to that body of thought.  A few years back I was with a company that held an annual summer picnic and prior to the picnic was a golf outing for those that wished to participate.  The CEO, Sales Executives and almost all the management staff went every year on the golf outing.  Knowing that was the place to be, I took up the game of golf.  The following year there I was on the fairways with the best and brightest of our company.

However, according to the “CIO Magazine Golf Networking Survey” conducted earlier this year not everyone sees it that way.  Of 394 IT professional respondents, 55 percent say that golf has helped advance their career and 45 percent say that it has not.  Maybe those 45 percent are playing it wrong, don’t have a low enough score or are golfing with the wrong people?  Seriously, it could be any one or none of those reasons, but the one thing the survey does prove is that hitting the greens does not guarantee instant success.

One piece of advice that I will give is that if you do not enjoy the game, don’t frustrate yourself.  There are other ways to do business networking, everything from the traditional professional organizations to the new ways of keeping in touch.  I myself am a long time member of the Tri-State Midrange User Group (TSMUG) of the Southwest Ohio Information Technology Community and with my newly achieved CBAP® certification I am a member of The International Institute of Business Analysis (IIBA®), of which there is a Cincinnati chapter.  I have and will regularly attend meetings and events of these organizations for both the knowledge and networking value of their programs.

One method of networking that has propped up here in the past few years and is gaining wide acceptance in the business community is on-line networking via social media, such as LinkedIn, Twitter and Facebook.  New on-line business communities are popping up all the time with a new groove on things.  If this is your cup of tea, find one that suites your needs and join in.

CIO magazine also has advice for business networking.  Whichever method you choose to expand your horizons, increase your influence and boost your career one thing is clear; in these economic times it would be a mistake not to invest some time and resources into this area.  With Business IT Outsourcing and other influences that are reducing the number of Cincinnati IT jobs and IT jobs available across America, your social networking skills and efforts may mean the difference between whether you are employed or in the unemployment lines.

Predictions for 2009

Friday, November 21, 2008 by Michael Kiffmeyer

Many organizations that are a part of IT outsourcing and business transformation outsourcing (BTO) are slightly concerned about the economy in 2009.  However, IT outsourcing was important before Bear Stearns, Lehman Brothers, Freddie and Fannie, AIG, and the big three automotive manufacturers. These events have underscored the importance of outsourcing because companies believe that transformational outsourcing can help them to service the economic downturn.

According to the International Outsourcing Forum (IOF), "the global outsourcing and off shoring market is expected to grow from approximately $10bn today, to between $50bn and $60bn by 2009". This dramatic market growth will create an additional three million jobs worldwide by 2009. While one million jobs are likely to remain ‘near shore’, the remaining two million will be relocated based on the price performance of location."

I believe here in the United States that when it comes to technology and the value it can bring, organizations realize that it is a vital lifeline for their very existence.  More and more organizations are also coming to the realization that they do not have to do everything internally but can partner with the right trusted technology consultant to handle many of their IT needs.  The economic downturn events of the past couple of months have made organizations come to terms with their vulnerability and question what they will need to survive in the coming years.

IT Outsourcing will remain a viable business in the year 2009.  As companies seek to reduce payroll while increasing productivity there is going to be a need for IT talent.  Where will organizations look for this talent?  The answer is quite simply where ever they have to.  More organizations are going to increase their working relationships with those trusted partners that can help manage their risks and provide IT talent on demand.

I predict that IT outsourcing and technology consulting will have a “busy year” next year for three reasons:

1. The slowdown in the world economy
2. The Presidential election is over and some level of stability will occur
3. Organizations realize that technology can make a huge difference in productivity and profitability and will seek out trusted advisors to assist them in making a difference

Those are my thoughts, what say you?

Can Anything Remain Stable?

Wednesday, November 19, 2008 by Michael Kiffmeyer
The short answer to that question is no.  Technology, like anything else happens in spurts and goes through trends.  The Outsourcing of IT is no exception.  For all of those organizations that thought they had an “IT Strategy” they quickly learned that the strategy is only as good as the business model that it supports.
Outsourcing IT is no exception to this rule. 

For the past several years organizations have learned that outsourcing may not be the ultimate answer because “the playing-field” has changed and organizations need to adapt.  In this period of downturn, the outsourcing of IT to foreign countries is no longer the bargain it once appeared to be.  Since the U.S. dollar has been devalued it has had a direct effect on the pricing that organizations receive from off-shore countries.

I wrote yesterday in my blog, “Outsourcing and IT” that in India, a country that supplies and services a good portion of the U.S. outsourcing needs is starting to use third and fourth tiered personnel to supply services.  The glaring problem with this is that it suggests that organizational projects can be put in jeopardy by continuing the same practices with less than qualified people.  This costs a company time and investment leaving an organization questioning, “where is my competitive advantage?”

Insourcing is not something you hear about every day, and yet, it appears that the brunt of the American Corporation Outsourcing has tapered off and is on the decline, along with the US Dollar. Insourcing is when companies decide that they can afford to do the same jobs that they sent to other countries, in-house or thru local subsidiaries and technology consulting firms.

In the practice of information technology I would suggest that we have been hit hard by outsourcing and it has lead to massive lay-offs.  Now some of those jobs are coming back or so we think.  I believe there is a balance that can be struck.  Companies may not be able to build massive IT departments like they once had, that is not cost effective, but they can partner with technology consulting firms to assist them when they need IT staffing talent or when they need IT expertise or mentoring from  time-to-time.  My organization STAR BASE actually has a program called "CIO Assist" which is a way to provide any organization with the IT expertise they need on a short-term basis

So, to answer the original question, “Can anything remain Stable?”  The answer is no, but in this case, a combination of insourcing/outsourcing does just the opposite for the US Economy, it helps lower the trade deficit, provides more jobs for Americans and it means a more streamline process. Perhaps this is a start in helping to repair the economic downturn in this country. This pleases me as I hope it does my readers.  Blog on!

Outsourcing and IT

Tuesday, November 18, 2008 by Michael Kiffmeyer

The recent economic challenges that the United States and the rest of the world is facing has effected more than the loss of jobs.  Organizations that were dependent on Indian community out sourcing are now faced with a new dilemma, inferior talent.

About 60% of India’s IT outsourcing business comes from the United States and 40% of the work is in the banking, insurance and financial service sectors.  To ensure that they can maintain or at least keep pace with the downturn, these firms are taking steps to protect themselves from the problem.  One of the first steps they are taking comes in the form of reduced hiring of entry-level engineers and looking at second-tier cities with lower labor costs.  The Washington Post recently published an article on the effects of the economic downturn and the steps that the Indian community it taking to combat the downturn.

The outsourcing of IT has been driven by the insatiable appetite of the United States that will continue to drive the practice in hopes of reducing headcount.  A word of caution would be advisable for the future.  If outsourcing means getting second and third-tier resources what will that do for an organization that is seeking a competitive advantage?  Clearly it will be hard to justify the economic benefits of untested staffers.

My organization, STAR BASE Consulting, Inc., tests and pre-screens every candidate that we place.  We believe that a poor candidate is a reflection on our firm.  My suggestion is that regardless of which firm your organization uses to produce IT staffing, do not choose a firm that does not test and who does not pre-screen.  In this day and age of identity theft it appears easy for a person to represent themselves as someone they are not. 

Do you want to risk the success of your projects and the reputation of your IT department to an organization that promises more with less?


 

Higher level IT outsourcing?

Wednesday, November 5, 2008 by Matt Warman

In a recent Computerworld article, there were plans by ACS, an IT outsourcing services firm, of starting off shoring business analysts and project managers. While I believe that many enterprises might want to remove them for cost savings, these people represent your core business. They are the balance of your business and technical expertise. They translate your business plans to your IT development team members, and answers questions form both IT and the business units. If your BAs and PMs can be replaced, then the best cost savings would be from CEOs. On average, they make 435 dollars per hour more than the average worker.

Outsourcing does make sense when clear specifications are in place and clear expectations are set. These processes are typically managed by your business analysts and project managers. If they are replaced, who is looking after your best interest? If you are going to replace your IT development team, at least look at consulting firms like STAR BASE Inc. We have the business and technical acumen to handle your project, we are price competitive, and we are local. Additionally, the new president is looking to curb off shoring. You might want to help your business, bottom line and support your local area.