My name is Aaron Whittenberger. I have over 23 years of IT experience, including 12 years as a consultant. I came up the Application Software Development path on the IBM Midrange platform. Then I moved to doing cross-platform interface design and development. From there I joined the Project Management and Business Analysis arena; and have earned my Certified Business Analyst Professional (CBAP)® certification. I will be using my blog to describe the changes I see in the IT Consulting space as it transforms from the traditional technical role to a more business and analytical role in this dynamic economy.My name is Aaron Whittenberger. I have over 23 years of IT experience, including 12 years as a consultant. I came up the Application Software Development path on the IBM Midrange platform. Then I moved to doing cross-platform interface design and development. From there I joined the Project Management and Business Analysis arena; and have earned my Certified Business Analyst Professional (CBAP)® certification. I will be using my blog to describe the changes I see in the IT Consulting space as it transforms from the traditional technical role to a more business and analytical role in this dynamic economy.In a BATimes article John Moore visits the need and proper use of a Business Case document to increase the success of IT business solution projects. He demonstrates a failed project due to a competitor who released a competitive product in the market before our organization’s project completed. The business manager showing the project failed because it did not deliver the projected ROI. The IT project team noted that they delivered the project on-schedule, on-time and on-budget. Was that risk that a competitor could beat us to the marketplace identified at project initiation or during the life of the project? Were the proper stakeholders identified and included in the project communication plan?
John makes note how the Business Case document should be revisited several times during the project life cycle. Doing so may have caught the changing environment and allowed the organization to mitigate the risk from the competitor.
John makes very valid points that I believe show an improper IT solution Project Delivery System. Laura Brandenburg notes in her blog that the Business Case document is often created under another name, or as I have noticed in many organizations the Business Case document is created, then it is used to develop the Project Charter and Project Design documents. These documents should not only be created but needs to visited by an IT Governance body during multiple steps in the IT solution Project Life Cycle; not just at project initiation. At each point it makes a “go/no go” decision as to whether to continue the project. This is where many organizations fail to follow through.
Take the simplified high-level Project Life Cycle that includes 5 phases: Initiation, Analysis, Design, Development and Implementation/Closure. Most organizations will make the “go/no go” decision on an IT business solution project either prior to the Initiation phase that kicks off the project or at the end of the phase, depending on how the organization defines its Project Delivery System. In most organizations that is the only time that the IT Governance body will rule on the value of the project.
If the IT business solution project had to go before the IT Governance body at the end of the Analysis, Design and Development phases as well as the Initiation phase then the organization has greatly increased its ability to mitigate risk in the project, especially from external forces.
As the project goes through each phase of the Project Life Cycle, the benefits, costs, requirements and risks are further defined. In John’s example, if our competitor launched their product while we were still in Design then our IT solution project went before the IT Governance body for its next “go/no go” decision. The IT Governance Body, being aware of the competitor’s product launch, can now say that the project benefits are no longer valid. The risk mitigation plan can be executed, which may include dropping the project all together. This reduces the cost to the organization as those resources can now move on to a more valid IT solution project.
So not only is it important to make sure that you build a Business Case document, by whatever name you may call it, but be sure it is visited several times during the project life cycle, by others outside of the project team, to ensure that the assumptions (benefits, costs, risks) therein contained remain valid. This along with making sure the proper stakeholders are involved greatly increases ensuring that the IT solution project maintains its value to the organization.
John makes note how the Business Case document should be revisited several times during the project life cycle. Doing so may have caught the changing environment and allowed the organization to mitigate the risk from the competitor.
John makes very valid points that I believe show an improper IT solution Project Delivery System. Laura Brandenburg notes in her blog that the Business Case document is often created under another name, or as I have noticed in many organizations the Business Case document is created, then it is used to develop the Project Charter and Project Design documents. These documents should not only be created but needs to visited by an IT Governance body during multiple steps in the IT solution Project Life Cycle; not just at project initiation. At each point it makes a “go/no go” decision as to whether to continue the project. This is where many organizations fail to follow through.
Take the simplified high-level Project Life Cycle that includes 5 phases: Initiation, Analysis, Design, Development and Implementation/Closure. Most organizations will make the “go/no go” decision on an IT business solution project either prior to the Initiation phase that kicks off the project or at the end of the phase, depending on how the organization defines its Project Delivery System. In most organizations that is the only time that the IT Governance body will rule on the value of the project.
If the IT business solution project had to go before the IT Governance body at the end of the Analysis, Design and Development phases as well as the Initiation phase then the organization has greatly increased its ability to mitigate risk in the project, especially from external forces.
As the project goes through each phase of the Project Life Cycle, the benefits, costs, requirements and risks are further defined. In John’s example, if our competitor launched their product while we were still in Design then our IT solution project went before the IT Governance body for its next “go/no go” decision. The IT Governance Body, being aware of the competitor’s product launch, can now say that the project benefits are no longer valid. The risk mitigation plan can be executed, which may include dropping the project all together. This reduces the cost to the organization as those resources can now move on to a more valid IT solution project.
So not only is it important to make sure that you build a Business Case document, by whatever name you may call it, but be sure it is visited several times during the project life cycle, by others outside of the project team, to ensure that the assumptions (benefits, costs, risks) therein contained remain valid. This along with making sure the proper stakeholders are involved greatly increases ensuring that the IT solution project maintains its value to the organization.
A common reference I hear in business today is that the Business Analyst (BA) is the bridge between the business and information technology staffs within the organization. This infers that the knowledge of getting from one to the other, or interacting with either is contained within the BA alone. The BA should not be the bridge, but the bridge builder. If the knowledge is contained only within the BA, if the BA should leave the organization, then the bridge is gone. If the BA is the bridge builder, then if he/she should leave, the knowledge remains within the Organization.As an IT Strategy Consultant developing IT solutions here in Cincinnati and Southwest Ohio, I go from organization to organization and see that turnover within the BA ranks inevitably causes a great learning curve; either to recover the knowledge that has just walked out the door or bringing the new BA up to speed and making them an effective contributor to the organization.
What all these organizations lack is an Enterprise Architecture, a fundamental artifact of the Business Analysis profession. This and other artifacts are the foundation of creating a Business Analysis Center of Excellence. There is a maturity path that all organizations take from having a community of BAs that serve the organization with no continuity or conformity of service through a mature level in which that continuity and conformity of service is establish; into a BA Center of Excellence, where all BAs within the organization have a common standards of practice, tools and resources from which to draw knowledge.
Where is your Organization on the maturity path to a BA Center of Excellence?
I have spent a lot of time talking about the duties of the Business Analyst (BA); now let’s talk about the characteristics that make up a good BA. I find it interesting that Kupe wrote on this very subject this week, I guess great minds do think alike. As Kupe notes, the IIBA call these underlying competencies and define these as “the skills, knowledge and personal characteristics that support the effective performance of business analysis”.
The BA performs an important role in the application development process and is tasked with the duty of ensuring that the IT business solution meets the needs of the business. The BA develops and maintains the business and functional requirements that the IT business solution must contain in order to be deemed successful.
So we know the role and duties of the BA during a business application development project, so what “skills, knowledge and personal characteristics” does a person need to have to perform these duties. As the duties of the BA entail eliciting requirements from stakeholders and working with an application development team, you can imagine that communication is at the heart of the competencies of a BA. Good written and oral communication is necessary in order to be able to perform these duties. Good communication is not only departing information, but taking in information, or listening. This is often the skill that is over looked when we talk about skills or create a competency model.
Notice that when discussing competencies, that we not only are talking about “skills”, like Decision Making, Creative Thinking, Learning and Problem Solving; but we are also considering “knowledge” and “personal characteristics”. As the BA has to work with both the business and information technology staff, they need knowledge of the organization, industry and technology. What kind of personal characteristics would you want in a person that serves such an important role? I am sure ethics and trustworthiness would make the top that list.
So if you’re a BA looking to advance your career, there are some competencies to work on. If you’re an organization or manager looking to hire a BA, look not only at their skills and past performance, but develop some probing questions that will give you a look into their “underlying competencies”.
The BA performs an important role in the application development process and is tasked with the duty of ensuring that the IT business solution meets the needs of the business. The BA develops and maintains the business and functional requirements that the IT business solution must contain in order to be deemed successful.
So we know the role and duties of the BA during a business application development project, so what “skills, knowledge and personal characteristics” does a person need to have to perform these duties. As the duties of the BA entail eliciting requirements from stakeholders and working with an application development team, you can imagine that communication is at the heart of the competencies of a BA. Good written and oral communication is necessary in order to be able to perform these duties. Good communication is not only departing information, but taking in information, or listening. This is often the skill that is over looked when we talk about skills or create a competency model.
Notice that when discussing competencies, that we not only are talking about “skills”, like Decision Making, Creative Thinking, Learning and Problem Solving; but we are also considering “knowledge” and “personal characteristics”. As the BA has to work with both the business and information technology staff, they need knowledge of the organization, industry and technology. What kind of personal characteristics would you want in a person that serves such an important role? I am sure ethics and trustworthiness would make the top that list.
So if you’re a BA looking to advance your career, there are some competencies to work on. If you’re an organization or manager looking to hire a BA, look not only at their skills and past performance, but develop some probing questions that will give you a look into their “underlying competencies”.
In my previous two-part posts I discussed where the BA fits into the organizational structure. Even Jeff Welsh notes how application software development has changed over the years and requires a team approach for successful implementation of IT business solutions.
But you are sitting there saying we are a small to medium size business (SMB), my entire IT staff is 10 or less, I do not have a Business Process Orgranization (BPO) or Project Management Office (PMO); where should the BA fit into my organization?
SMBs need to utilize the BA role within their project delivery methodology. If the role is not being fulfilled then there is higher risk of failure of the project in that it does not meet the needs of the business. I have worked on many small-to-medium IT staffs and can attest to the fact that when resources are few that people wear many hats. There were projects where I served as the project manager, business analyst, developer and trainer. On smaller staffs, where only one or two of the people will be doing the duties of the BA, it is even more important to make sure that those people are easily accessible by the business units that they support. Have them sit in the vicinity of those business units instead of in the IT Department. I still feel that the BA is an IT function and should report to IT management as opposed to business management, but making the BA readily available and accessible to the business adds value to their role and gains buy-in from the business people to assist the BA with their duties.
So when making the organizational chart keep the BA in the IT Department; but when divvying up office space, make room for the BA near the business unit(s) that they are to support.
But you are sitting there saying we are a small to medium size business (SMB), my entire IT staff is 10 or less, I do not have a Business Process Orgranization (BPO) or Project Management Office (PMO); where should the BA fit into my organization?
SMBs need to utilize the BA role within their project delivery methodology. If the role is not being fulfilled then there is higher risk of failure of the project in that it does not meet the needs of the business. I have worked on many small-to-medium IT staffs and can attest to the fact that when resources are few that people wear many hats. There were projects where I served as the project manager, business analyst, developer and trainer. On smaller staffs, where only one or two of the people will be doing the duties of the BA, it is even more important to make sure that those people are easily accessible by the business units that they support. Have them sit in the vicinity of those business units instead of in the IT Department. I still feel that the BA is an IT function and should report to IT management as opposed to business management, but making the BA readily available and accessible to the business adds value to their role and gains buy-in from the business people to assist the BA with their duties.
So when making the organizational chart keep the BA in the IT Department; but when divvying up office space, make room for the BA near the business unit(s) that they are to support.
In my last post, I joined the discussion of “where does the BA fit into the organization?” I concentrated on the first line BA that should develop the enterprise architecture and help cultivate the business requirements for business process improvements. This BA would be part of a combined Business and IT staffed Business Process Organization (BPO). The purpose of the BPO is to analyze business issues and make the business case as to which IT business solutions projects should be undertaken.
Once a project is approved by the governance body it is turned over to the Project Management Office (PMO) to guide the project to completion. The PMO will be staffed with project managers (PMs) and business analysts (BAs) that will guide the project the rest of the way through the project life cycle. You may be asking why you would need BAs as part of the PMO, or project leadership team; after all the PM is responsible to see the project is completed on-time, on-budget and on-schedule. Yes, but the BA would be responsible to see that the project is completed and the IT business solution meets the business requirements. A business application development project will need functional and technical specifications that the BA should help develop.
The third role of the BA, I alluded to in my first post on this subject, is that of the Test or Quality Assurance Analyst. One role of the BA is to support the system, quality assurance and/or user acceptance testing phase of the project life cycle.
So the answer to the question ‘where does the BA fit …?” is in many positions within the organization. It depends on which BA role you wish to discuss, and whether the organization is large enough to have a BPO and/or PMO.
Any thoughts on the subject?
Once a project is approved by the governance body it is turned over to the Project Management Office (PMO) to guide the project to completion. The PMO will be staffed with project managers (PMs) and business analysts (BAs) that will guide the project the rest of the way through the project life cycle. You may be asking why you would need BAs as part of the PMO, or project leadership team; after all the PM is responsible to see the project is completed on-time, on-budget and on-schedule. Yes, but the BA would be responsible to see that the project is completed and the IT business solution meets the business requirements. A business application development project will need functional and technical specifications that the BA should help develop.
The third role of the BA, I alluded to in my first post on this subject, is that of the Test or Quality Assurance Analyst. One role of the BA is to support the system, quality assurance and/or user acceptance testing phase of the project life cycle.
So the answer to the question ‘where does the BA fit …?” is in many positions within the organization. It depends on which BA role you wish to discuss, and whether the organization is large enough to have a BPO and/or PMO.
Any thoughts on the subject?
I attended the CIO Speaker series sponsored by the Cincinnati Chapter of the IIBA®. The January meeting showcased the CIO and Deputy CIO of FirstGroup America. It was not part of their presentation, but a question was asked of them “should the BA report to IT or to the Business?” This alludes to the bigger question “where does the BA fit into the organization?”
This is the question that many organizations are still trying to answer today. Many organizations are just realizing the benefits of the BA role. One thing to realize, is those of us in the BA arena today are in the forefront of an infantile and growing profession. The International Institute of Business Analysis (IIBA)®, the professions governing body, was formed in 2004; incorporated in 2006. There are 827 certified professionals (CBAP)® in the world. Compared to the Project Management Institute (PMI)®, which was incorporated in 1969, offer five certification programs and has nearly 300,000 certified professionals. You may say that your company has had BAs for the last 5 or 10 years. Then I say your company is one of the forward-thinking organizations that has recognized the benefits that the BA role provides in developing IT business solutions.
Now I believe this discussion will go on for years; but as this is my blog, here I get to put my two cents in. First, let’s define the role of the BA in which we discuss. Many organizations have a quality assurance team, department or processes within the IT application development team. As these people support system or user acceptance testing procedures, these people are Business Analyst. For this discussion, I refer to the Business Analyst that works on the front end of the project life cycle. Who develops the Enterprise Architecture, gathers business requirements for business process improvements and makes the business case for IT business solutions projects to make those improvements.
As the role of the BA is to develop requirements and make the business case for IT application development projects, this is an IT function; therefore the BA is an IT position and should report to the IT management as opposed to the Business management. Although the duties that the BA performs may put him/her in front of external customers of the company, their goal is not to perform the business of the company but to recommend IT business solution projects to improve business processes within organization; this is an IT function.
If your organization is large enough to use terms such as Business Process Organization (BPO) and Project Management Office (PMO); then you should find the BA at the heart of the BPO. The purpose of the BPO is to analyze and recommend improvements to business processes. So now you say that in most organizations the BPO is a business team; I would reply that it should be a combination business and IT team. The improvement to business processes may require a business solution, such as upgrade or replace business machinery or training; or an IT solution, such as application enhancement, system training or system upgrade. Therefore, the BPO should be made up of business positions and IT positions working together to determine the best solution to business issues.
One thing that I would change in many organizations is that I believe the BA should sit more in the vicinity of the business unit(s) that they support as opposed to sit in the IT Department. BAs will be much more effective when they fully understand the business processes in place, issues that business workers face and the daily going-ons within the business unit(s). Also, easy approachability to the BA for the business gains buy-in to the duties and recommendations of the BA.
So there is my opinion on the subject, what is yours?
This is the question that many organizations are still trying to answer today. Many organizations are just realizing the benefits of the BA role. One thing to realize, is those of us in the BA arena today are in the forefront of an infantile and growing profession. The International Institute of Business Analysis (IIBA)®, the professions governing body, was formed in 2004; incorporated in 2006. There are 827 certified professionals (CBAP)® in the world. Compared to the Project Management Institute (PMI)®, which was incorporated in 1969, offer five certification programs and has nearly 300,000 certified professionals. You may say that your company has had BAs for the last 5 or 10 years. Then I say your company is one of the forward-thinking organizations that has recognized the benefits that the BA role provides in developing IT business solutions.
Now I believe this discussion will go on for years; but as this is my blog, here I get to put my two cents in. First, let’s define the role of the BA in which we discuss. Many organizations have a quality assurance team, department or processes within the IT application development team. As these people support system or user acceptance testing procedures, these people are Business Analyst. For this discussion, I refer to the Business Analyst that works on the front end of the project life cycle. Who develops the Enterprise Architecture, gathers business requirements for business process improvements and makes the business case for IT business solutions projects to make those improvements.
As the role of the BA is to develop requirements and make the business case for IT application development projects, this is an IT function; therefore the BA is an IT position and should report to the IT management as opposed to the Business management. Although the duties that the BA performs may put him/her in front of external customers of the company, their goal is not to perform the business of the company but to recommend IT business solution projects to improve business processes within organization; this is an IT function.
If your organization is large enough to use terms such as Business Process Organization (BPO) and Project Management Office (PMO); then you should find the BA at the heart of the BPO. The purpose of the BPO is to analyze and recommend improvements to business processes. So now you say that in most organizations the BPO is a business team; I would reply that it should be a combination business and IT team. The improvement to business processes may require a business solution, such as upgrade or replace business machinery or training; or an IT solution, such as application enhancement, system training or system upgrade. Therefore, the BPO should be made up of business positions and IT positions working together to determine the best solution to business issues.
One thing that I would change in many organizations is that I believe the BA should sit more in the vicinity of the business unit(s) that they support as opposed to sit in the IT Department. BAs will be much more effective when they fully understand the business processes in place, issues that business workers face and the daily going-ons within the business unit(s). Also, easy approachability to the BA for the business gains buy-in to the duties and recommendations of the BA.
So there is my opinion on the subject, what is yours?
Any good Business Analyst will tell you that IT and business speak in different languages. Good CIOs and IT Infrastructure Management know that CFOs have a language all their own. “That being said, it is the money people who generally stand in the way of engineers and technologists and the spending required to accomplish great things with IT.”, according to an CTOEdge article. CIOs generally don’t speak in the language of the CFO when making spending requests, so we walk away feeling that they “just don’t get it”. Here are 10 areas where we, as the promoters of IT, can begin to communicate better with the CFO.
1. Think TCO, not ROI
To the CFO, return on investment is how much money you’re going to give back to the company. Let’s face it. Most IT projects — no matter how compelling — don’t bring “return” to the organization like an additional sales person, a new marketing campaign, or a new product launch. Preach total cost of ownership (TCO); repeat it until you are blue in the face. Whether business application development, web application development, IT infrastructure investment; you can demonstrate “fiscal stewardship” through cost reduction or increasing customer satisfaction and loyalty.
2. Cloud Computing
CFOs like what they hear about cloud computing as a cost saver. Don’t fight them on it.
3. Green IT
Are you surprised when the CFO is not willing to pay a premium to keep the environment cleaner? The reality is that no green projects exist unless they have a better TCO. So whether to upgrade your IT infrastructure, better IT infrastructure cooling, or saving space for your IT infrastructure you can build a strong business case of the decreased TCO and community relations intangibles of being an “environmentally conscious” firm.
4, 5 and 6. Virtualize, Virtualize and VIRTUALIZE
“This subject takes up three spots because there are three key virtualization targets -- servers, desktop and storage. But again, the key here is how to justify and how now NOT to justify.” Again build your TCO case for virtualization, but be realistic in your cost savings estimates. Many times virtualization projects are viewed as unsuccessful because they did not meet the upfront cost estimates. Be sure to include high traffic times such as end-of-month close periods.
7. Adopt IT-Centric Business Continuity
Over the years responsibility for business continuity have been put on IT management. This needs to change. Organizations need to understand that there are three phases to a business continuity plan; event response, disaster recovery and business continuity. With the financial impact on the organization of disaster recovery and business continuity, business management must be involved and responsible for these areas. It should not be IT management’s responsibility to determine which business units are most important.
8. Align with the Big Picture
Along with TCO, build your requests showing how the request aligns with the business objectives and goals of the organization.
9. Proactive Cost Reduction
Boy does that sound like another way to say TCO to you? Take a proactive stance on reducing cost. The article showed how to reduce cost of document retention.
10. Reduce Data Center Costs
The organization’s data center is usually the center of the IT infrastructure, both in physical space and cost. Just as in application software development, modular building of a data center can cut cost of the IT infrastructure through avoiding construction cost, reduced cooling cost and reduced capital expenditures.
“While the relationship between CFO and CIO can sometimes have more debits than credits, it is definitely worth the investment in time and effort to highlight IT projects in terms the CFO will understand.”
1. Think TCO, not ROI
To the CFO, return on investment is how much money you’re going to give back to the company. Let’s face it. Most IT projects — no matter how compelling — don’t bring “return” to the organization like an additional sales person, a new marketing campaign, or a new product launch. Preach total cost of ownership (TCO); repeat it until you are blue in the face. Whether business application development, web application development, IT infrastructure investment; you can demonstrate “fiscal stewardship” through cost reduction or increasing customer satisfaction and loyalty.
2. Cloud Computing
CFOs like what they hear about cloud computing as a cost saver. Don’t fight them on it.
3. Green IT
Are you surprised when the CFO is not willing to pay a premium to keep the environment cleaner? The reality is that no green projects exist unless they have a better TCO. So whether to upgrade your IT infrastructure, better IT infrastructure cooling, or saving space for your IT infrastructure you can build a strong business case of the decreased TCO and community relations intangibles of being an “environmentally conscious” firm.
4, 5 and 6. Virtualize, Virtualize and VIRTUALIZE
“This subject takes up three spots because there are three key virtualization targets -- servers, desktop and storage. But again, the key here is how to justify and how now NOT to justify.” Again build your TCO case for virtualization, but be realistic in your cost savings estimates. Many times virtualization projects are viewed as unsuccessful because they did not meet the upfront cost estimates. Be sure to include high traffic times such as end-of-month close periods.
7. Adopt IT-Centric Business Continuity
Over the years responsibility for business continuity have been put on IT management. This needs to change. Organizations need to understand that there are three phases to a business continuity plan; event response, disaster recovery and business continuity. With the financial impact on the organization of disaster recovery and business continuity, business management must be involved and responsible for these areas. It should not be IT management’s responsibility to determine which business units are most important.
8. Align with the Big Picture
Along with TCO, build your requests showing how the request aligns with the business objectives and goals of the organization.
9. Proactive Cost Reduction
Boy does that sound like another way to say TCO to you? Take a proactive stance on reducing cost. The article showed how to reduce cost of document retention.
10. Reduce Data Center Costs
The organization’s data center is usually the center of the IT infrastructure, both in physical space and cost. Just as in application software development, modular building of a data center can cut cost of the IT infrastructure through avoiding construction cost, reduced cooling cost and reduced capital expenditures.
“While the relationship between CFO and CIO can sometimes have more debits than credits, it is definitely worth the investment in time and effort to highlight IT projects in terms the CFO will understand.”
As you watch the enormous humanitarian relief effort going on in Haiti on the evening news this week, following the devastating 7.0 earthquake that hit that country on January 12th, you can probably imagine the technology and IT infrastructure that the U.S. Department of Defense and other agencies has put into place to assist in that relief effort. Read more about it here. The Haiti government turned over the operation of the one runway airport at Port-au-Prince, the nation’s capital, to the U.S. military. An acknowledgement of the U.S. military’s prowess in logistics and technology. For a few days as the relief effort ramped up news reports of delays at the airport were heard, but as that relief effort got organized those reports of delays ceased even with the amount of aide and volunteers flowing into the country were increasing.
What is not reported on the evening news is how an army of geek volunteers from the private sector is supporting that relief effort. Leading the way are organizations like CrisisCommons, Ushaahidi, the International Community of Crisis Mappers and InSTEDD, according to an InformationWeek artical. Application software development gets into the mix, undertaking such tasks as developing ways to help locate U.S. citizens and provide information online about Haiti and how to donate money, developing a timeline of events and a wiki of information online, a GPS-compatible street map of Haiti, an English to Creole dictionary for IPhones and Android mobile devices, and a system to use Twitter messages to ask for or offer assistance to those in need. "We've been working a lot at Sunlight Labs to get application software developers to organize and work together in volunteer communities. Developers may not be competent with a saw, but are starting to realize they have a skill they can contribute," says Clay Johnston, director of Sunlight Labs. "The tools are available, and methodologies like agile project management have been popularized that can facilitate this."
In light of the reports of the failings of the coordination of relief efforts following Hurricane Katrina and the reports of the relief effort in Haiti, it is clear that it is IT solutions that have been put into place to better support humanitarian relief efforts worldwide and that technological advances has clearly moved into the 21st century in support of those efforts.
What is not reported on the evening news is how an army of geek volunteers from the private sector is supporting that relief effort. Leading the way are organizations like CrisisCommons, Ushaahidi, the International Community of Crisis Mappers and InSTEDD, according to an InformationWeek artical. Application software development gets into the mix, undertaking such tasks as developing ways to help locate U.S. citizens and provide information online about Haiti and how to donate money, developing a timeline of events and a wiki of information online, a GPS-compatible street map of Haiti, an English to Creole dictionary for IPhones and Android mobile devices, and a system to use Twitter messages to ask for or offer assistance to those in need. "We've been working a lot at Sunlight Labs to get application software developers to organize and work together in volunteer communities. Developers may not be competent with a saw, but are starting to realize they have a skill they can contribute," says Clay Johnston, director of Sunlight Labs. "The tools are available, and methodologies like agile project management have been popularized that can facilitate this."
In light of the reports of the failings of the coordination of relief efforts following Hurricane Katrina and the reports of the relief effort in Haiti, it is clear that it is IT solutions that have been put into place to better support humanitarian relief efforts worldwide and that technological advances has clearly moved into the 21st century in support of those efforts.
According to ComputerWorld, web application development remains top dog by far in the top IT skills to have in 2010. Specifically, companies will look for developers with knowledge of .Net, Java, Web development, open source and portal technologies. The article goes on to suggest that combining web application development skills with business analysis or project management skills is a big plus. ComputerWorld lists the remaining skills to have for 2010 in its top six as: Help Desk/Technical Support, Networking, Project Management, Security and Business Intelligence.
I feel ComputerWorld did not put enough emphasis on Security; this without doubt will be the biggest challenge for IT executives in the coming years. Open-source software may be an innovative money saver, but IT professionals still have concerns that networks could be vulnerable to viruses, cyberattacks and other intrusions.
According to InfoWorld, a new survey from Forrester Research found that 58 percent of large companies have security concerns about open source. In addition, 57 percent of small and mid-sized businesses expressed concern that open-source software would be "complex and hard to adopt".
With the advent and increasing usage of open-source in the business world, expect to see demand for IT security related skills to grow. According to the FLOSS 2020 roadmap presented at the Open World Forum in Paris, 40 percent of jobs will be related in some way to open source by 2020. You can expect application development and security to comprise a great majority of these jobs.
“IT executives increasingly implement marketing initiatives to improve the communications with their business customers. But these efforts often focus solely on the brand aspects of the services under the IT’s control without understanding the business’ perception of IT. To maximize the success, IT must add business satisfaction assessments to its tool kit. Understanding business satisfaction requires qualitative and quantitative data that capture customer expectations and perceptions through different types of interactions such as interviews, panels, focus groups, complaint systems, and surveys. This report provides best-practice recommendations, survey templates, and questions to guide IT executives through the deployment of a business satisfaction assessment. It applies Forrester’s deep expertise in external customer satisfaction to the interface between business customers and their internal IT suppliers.” says a new Forrester report.
I have served on countless business application development teams within several organizations in the Southwest Ohio and Cincinnati Information Technology community, one thing I can say is that most IT organizations do not gauge business satisfaction with IT business solutions. I have served in only a couple of organizations where the business serves on the IT governance committee. An organization does not have to be “big” to have an IT governance committee. No matter what the size of the organization decisions are made as to priorities in IT work. IT governance does not have to be a long drawn out process or take great time commitment from the business or IT executives, but business involvement in IT governance goes a long way in gaining business buy-in as you roll out the IT business solutions to the business.
Involvement in IT governance is just one way that many organizations in the Greater Cincinnati area can improve the IT-business relationship. The Forrester report goes into ways to solicit and gauge business satisfaction with IT business solutions. Doing so should affect decisions concerning not only IT business solution delivery but also IT Infrastructure and IT outsourcing initiatives.
A new report from Gartner Research Firm
IT Outsourcing is not going away anytime soon, but a new report from Gartner Research states that the market is in for some big changes. The report predicts that one in four business-process outsourcing firms will disappear within the next three years.
The article in InformationWeek gives advice to CIOs who wish to initiate a new IT Outsourcing contract on warning signs to look for in your prospective BPO partner that would indicate this firm may not be able to fulfill any new contract:
1. Are they losing money?
2. Are they winning new business?
3. The loss of marquee clients.
4. Poor capitalization is impeding growth.
5. Toxic exposure to tainted financial firms.
6. Lock down your exit strategies.
In another article in EconomicTimes I read that IBM will goble up half of India’s IT outsourcing business in 2010.
This is not to suggest that the offshore IT outsourcing business is coming home. IBM’s business is international. With IBM awarding one-half to 1 billion dollar contracts, many India firms will not be able to compete in delivering hardware, software, IT consulting services and integrated business solutions. IBM is one reason that 25% of IT BPO firms will meet their demise within the next three years.
IT Outsourcing is not going away anytime soon, but a new report from Gartner Research states that the market is in for some big changes. The report predicts that one in four business-process outsourcing firms will disappear within the next three years.
The article in InformationWeek gives advice to CIOs who wish to initiate a new IT Outsourcing contract on warning signs to look for in your prospective BPO partner that would indicate this firm may not be able to fulfill any new contract:
1. Are they losing money?
2. Are they winning new business?
3. The loss of marquee clients.
4. Poor capitalization is impeding growth.
5. Toxic exposure to tainted financial firms.
6. Lock down your exit strategies.
In another article in EconomicTimes I read that IBM will goble up half of India’s IT outsourcing business in 2010.
This is not to suggest that the offshore IT outsourcing business is coming home. IBM’s business is international. With IBM awarding one-half to 1 billion dollar contracts, many India firms will not be able to compete in delivering hardware, software, IT consulting services and integrated business solutions. IBM is one reason that 25% of IT BPO firms will meet their demise within the next three years.
You have a 50% chance of getting this one right; do you want to ponder a guess? The goal of requirements gathering is to achieve stakeholder sign-off of the business requirements of the project. So let’s say you do everything right, you go through a few phases of requirements elicitation using several different elicitation techniques. You put together a well crafted Requirements Document and get the project primary stakeholders to sign-off on it. All this happens before development begins. You are on the right track. This is going to be successful, right? Your business solution developed by your IT staff is going to fulfill all the project requirements and be a huge success.
Kupe explains how the Dallas Cowboys went through all those steps. They went above and beyond the NFL requirement. Received sign-off from the NFL. They built their new stadium with a very impressive jumbo-tron above the field. Sixty feet long, 90 feet above the field. Anybody see a problem here yet. Well evidently neither did the Cowboys nor the NFL; until the third quarter of the first preseason game of the season when the opposing team’s punter hit the jumbo sized screen with his kick. This caused a do-over in the game, and I now understand that they have an extra official at the field whose job is to ensure that any kick does not hit the video screen.
So the IT business solution didn’t work for the stakeholders, namely the Dallas Cowboys and the NFL. So where did they go wrong? Kupe goes on to describe the flaw in the height requirement that made the end result unsuccessful.
This is a prime example of going through all the right steps, get the stakeholders sign-off, and the business solution does not deliver the expected result. So the Business Analyst job in the requirements gathering phase of a project is not only to gather the requirements that the stakeholders are telling you, but go beyond that and capture the requirements that the stakeholders either haven’t thought of, or just don’t know. Kupe’s article gives good point that simulation of punting in the stadium might have drawn out the flaw before the one million ton video screen was installed. Now how much will it cost to move that? Simulation is not one of the requirements gathering techniques that the IIBA® emphasizes, but most certainly can be used as such when the circumstance dictates.
The moral of this story is to be sure to use the correct requirements gathering techniques to draw out all the business requirements so that your end business solution will meet the needs of the stakeholders. That is what will ensure success of your IT business solutions.
I attended the first meeting of the season for the Cincinnati IIBA® Chapter. They are doing a series entitled CIO Speaker Series, where they have the CIO from prominent companies in the Cincinnati area who have demonstrated a solid commitment to promoting the effective practice of Business Analysis in their organizations come and speak on how that commitment is put into practice within their organization.
Now I really thought this was going to be boring but the speaker; Jeff Wolverton, Senior VP and CIO of Great American Financial Resources, Inc. (GAFRI), captured my attention when he spoke about how he used the area of Business Analysis to turn his IT organization around and assist them in providing better IT business solutions.
Jeff has been with GAFRI for 11 years and has held the position of CIO for the past 8 years, but they have really put an emphasis on the area of Business Analysis and have begun to reap the benefits thereof here in the last year and a half.
He demonstrated how putting Business Analysis first changed the reputation of his IT staff within the organization from an IT production support group that is slow in delivering business applications that are often bug ridden, to an IT staff that develops great business application solutions that work for the business. GAFRI IT staff went from delivering solutions and telling the business to report any bugs found and they will fix them to delivering business solutions where they had found 85% of all bugs prior to user acceptance testing.
Jeff also spoke about how in last year’s economy where IT budgets in most organizations were being slashed, he received a double-digit increase; the largest increase in his 8 years as CIO. So how do you get that kind of budget increase and turn around the reputation of your IT staff and the business application solutions that they deliver? GAFRI did it by getting to the business requirements behind the business requests and implementing a systematic, repeatable project delivery process.
Jeff and his team put into place a new IT business solutions delivery process from the requirements gathering phase to project delivery (implementation). This new process was going to take much longer than the old process. What use to take a week will now take two to four weeks. How do you get business buy-in to wait for their business applications? When you deliver a business application solution in which the business usually reports several bugs during testing to delivering a solution in which the business reports almost no bugs, they see value in the new process.
GAFRI’s new IT business solution delivery process put emphasis on two areas: requirements gathering and application testing. They created new roles within their IT staff and put people in place with very specific duties to gain measurable increased value in these areas. They not only put IT staff through training, but they put the business through training on the new delivery process and the business role on working with the IT staff to drive better IT business solutions.
The first new IT role is the Requirements Analyst. This person works with the business in the beginning of the project to elicit and form clear and concise business requirements for the IT business solution. So many times when IT delivers a project they get the punch line to that Dr. Seuss rhyme about the Super Programmer, where the requester says ‘You gave me just what I asked for but not what I need!’. The Requirements Analyst works throughout the project, in a diminishing role, to ensure that the IT solution will meet the needs of the business.
The second new IT role created is the Test Analyst. Typically, testing is thought of after development is complete or nearing completion. In GAFRI’s model test plans are created before or as development starts and are based on the business requirements of the project. The Test Analyst either performs or supports IT Quality Assurance testing and supports User Acceptance Testing.
GAFRI is a shining example of how commitment to the area of Business Analysis can reap many benefits for the organization, both for IT and the business. The end result is better IT business solutions.
I read an interesting article in Agile Journal today titled "What is Best, Scrum or Kanban?" To a business application development specialist working with many application development teams, this is an interesting question. If you are in the same boat as I, maybe you already have a preference. Perhaps the article may sway your opinion.
If you are not familiar with one or both of these application development methodologies then the article will be very good reading for you. In a nutshell, both of these methodologies are used in the Agile application development style, as opposed to the SDLC or waterfall application development style.
In Scrum the project team decides on what deliverables it can deliver within one iteration of time. The team decides how long this time iteration is, usually two to three weeks. So Scrum focuses on splitting large tasks into its smallest pieces and delivering pieces of the project very quickly. This style tends to put the project team in sprint mode all the time.
Whereas, Kanban focuses more on steady workflow. The project team decides on the limit on the amount of work it is capable of accomplishing and sets up the workflow of tasks to ensure that the end result is accomplished. The article gives example of a Kanban chart and describes the similarities and differences of the two methodologies.
After reading the article and through my own experience, I would ask do these two application development methodologies have to be mutually exclusive. Can these two methods work in conjunction with each other within a project? Perhaps at the same time, or that you start with Scrum and move to something more along the lines of Kanban. Take this to the broader picture, do Agile and SDLC project methodologies have to be mutually exclusive? Can’t Scrum and time iterations be used within the SDLC project life cycle? What do you think?
You more than likely already know you need the best security possible to prevent an attack. You also need IT infrastructure and IT staffing in place to respond to an attack if one happens.
Incidence response should be one of the most important items on your IT security agenda. Your company must be prepared to respond to an incident once it occurs and quite possibly to stop the next one.
As of late, disgruntled employees violate internal policies or misuse system access for their own monetary gain or for revenge on employers due to mergers, outsourcing of business or IT jobs or employee lay offs. Internal threats are as real as external threats.
IT experts say that security professionals with the right skills can help lower the number of and potential for incidents at any organization with their responses.
An article in this week's GovInfoSecurity.com outlines the experts you will need:
Incidence response should be one of the most important items on your IT security agenda. Your company must be prepared to respond to an incident once it occurs and quite possibly to stop the next one.
As of late, disgruntled employees violate internal policies or misuse system access for their own monetary gain or for revenge on employers due to mergers, outsourcing of business or IT jobs or employee lay offs. Internal threats are as real as external threats.
IT experts say that security professionals with the right skills can help lower the number of and potential for incidents at any organization with their responses.
An article in this week's GovInfoSecurity.com outlines the experts you will need:
- Network security specialist: A person familiar with intrusion detection systems.
- Penetration testers: Someone who can assess a system's potential vulnerabilities.
- Incident handlers: People who understand attack methodology and can apply critical thinking skills to respond to incidents.
- Forensics Analyst: The person who looks for evidence after an attack.
- Research Analyst: The person to keep abreast technological advances in incident response activities.
- Team Leader: Leads the team through crises and communicates to the business incident activities and cost to the business.
- Preparation and Training: for both prevention and incident response.
- Identification: fast identification of an occurring attack and its impact on the IT infrastructure can help in minimizing the duration and cost of clean-up.
- Containment: Once an attack has been identified, steps must be taken to minimize the effects of the attack.
- Recovery and Analysis: The recovery period allows analysis and lessons learned of What happened? Why did it happened? Was the response effective?
A Network World article reports that the U.S. gained 7,400 IT jobs in August. Gaining back what was lost the month before and following five months of losses of IT jobs in the U.S. Hopefully this is the first signs of the U.S. coming out of the recession that has gripped the country.
Adding to the good news for IT Services Companies in Cincinnati, across Ohio and the country; as well as application development personnel is news from the U.S. Citizenship and Immigration Services that demand for H-1B Visas are on the decline. They expect the entire 85,000 visas to be given out this year, just not as quickly and with the same frenzy as in the past few years. FierceCIO continues to state that ‘employers are putting a greater emphasis on hiring American workers, buying American goods and abandoning offshore outsourcing’. Where I do not believe this to be the general direction of employers in America, some smaller employers may have taken this direction but large firms continue their offshore IT outsourcing plans.
So does all this mean that better times are in store for IT business solutions professionals in America? I remain pessimistically optimistic.
Adding to the good news for IT Services Companies in Cincinnati, across Ohio and the country; as well as application development personnel is news from the U.S. Citizenship and Immigration Services that demand for H-1B Visas are on the decline. They expect the entire 85,000 visas to be given out this year, just not as quickly and with the same frenzy as in the past few years. FierceCIO continues to state that ‘employers are putting a greater emphasis on hiring American workers, buying American goods and abandoning offshore outsourcing’. Where I do not believe this to be the general direction of employers in America, some smaller employers may have taken this direction but large firms continue their offshore IT outsourcing plans.
So does all this mean that better times are in store for IT business solutions professionals in America? I remain pessimistically optimistic.
I have return.....from my eight month siesta. No, I have not been in Mexico; so I can guarantee that I do not have the swine flu. Although Mexico is on my bucket list, I don't believe now is a great time to visit. I am back and still on my soap box. What has gotten me back on my soap box are some recent articles and blogs I have read complaining that the International Institute for Business Analysis ® has made the application and recertification process for their Certified Business Analyst Professional (CBAP)® certification too stringent.
I have been and continue to be a strong proponent for IT certifications. Even since I obtained my CBAP® certification last year the application process has changed. The exam itself is now based on version 2.0 of the Business Analysis Body of Knowledge (BABOK)®.
I have heard that CBAP® applicants are rejected due to the IIBA® reducing their documented hours for tasks or deliverables that do not qualify as business analysis work. Such reduction of hours left them short of the 7,500 hour requirement. Some applicants are unaware of the new 900 hour requirement in four of the six knowledge hours, again leaving them short of the requirement.
First of all I believe that the application process itself is more rigorous than the exam. It is part of the whole process of obtaining the certification. The IIBA® , by putting all applicants through a rigorous review process, protects the value of the certification. A couple of tips I can give you in applying for the CBAP® certification:
I have been and continue to be a strong proponent for IT certifications. Even since I obtained my CBAP® certification last year the application process has changed. The exam itself is now based on version 2.0 of the Business Analysis Body of Knowledge (BABOK)®.
I have heard that CBAP® applicants are rejected due to the IIBA® reducing their documented hours for tasks or deliverables that do not qualify as business analysis work. Such reduction of hours left them short of the 7,500 hour requirement. Some applicants are unaware of the new 900 hour requirement in four of the six knowledge hours, again leaving them short of the requirement.
First of all I believe that the application process itself is more rigorous than the exam. It is part of the whole process of obtaining the certification. The IIBA® , by putting all applicants through a rigorous review process, protects the value of the certification. A couple of tips I can give you in applying for the CBAP® certification:
- Document more than the minimum 7,500 hours of business analysis work. This ensures that if your hours are reduced in the review process that you will still have enough hours to qualify to sit for the exam. This goes for total hours as well as hours in each of the knowledge areas. I personally documented 9,000 hours on my application.
- Put the language on your application in the wording of the BABOK®. By putting your work tasks and deliverables in the language of the profession it is less likely that the hours will be discounted in review.
You could probably go into any business in the world and answer that question with—probably not. The fact is that day by day, more and more companies are becoming vulnerable to internet attacks on their network. Only 15% of businesses filter malware at their firewall. SQL injection attacks have more than doubled in 2008 according to a July 2008 report by IBM. Web applications by far are the greatest point of attack, but attacks on VoIP are increasing according to NetworkWorld. This is caused by many factors including:
1. Network security technology is not keeping pace with new types of attacks
2. Some security measures interfere with other security measures effectiveness
3. Businesses concentrate on securing traffic coming in through their firewall but put little effort in securing their employee’s traffic, both in and out.
Hackers are working daily to find new ways of hacking into networks and websites and the technology to prevent them from getting in is not keeping pace. They take tools, such as network scanners and snoopers, which Network Security Specialists use to secure their network and scan remote servers for vulnerabilities or ports that should not be open. Once found, they exploit those points of vulnerability. Using tools like eVade O’ Matic Module (VOMM), they create thousands of variants of a virus or malware, requiring an equal number of Anti-virus or IPS signatures for your scanning software to pick them up. They use obfuscating tools to break up the communication packets to help prevent detection of the malware contained within. These are the kinds of tools and methods that are being used to render your IT infrastructure vulnerable.
Many companies use SSL technology, especially those that have ecommerce websites. This is great for traffic as it passes over the internet. SSL encrypts the packets so that they can not be picked off the internet and read. However, the encryption occurs at the origination of the communication and decryption occurs at the destination, after it passes through the firewall. So the firewall reads what part of the communication it can read and sees it is destined for your website, has a rule that allows that and passes it through. It is unable to decrypt the encrypted part of the packet, which may contain a virus or malware.
Companies focus their efforts on traffic to and from their website, but don’t put a lot of effort in securing their employees as they surf the web, for business purposes of course. Google reports that on any given day 1 in 10 websites is infected with malware. Today’s attacks are aimed at getting you to an infected website where the malware is hidden on the webpage and downloads to your computer as soon as you hit the website. Even once trusted websites, such as Wikipedia and Expedia, have encountered recent attacks. Blogs have become popular in recent years and are usually considered to be from an expert authority on the subject. But anyone can post a comment to the blog and encourage the readers to go to a URL. When the reader clicks on the URL link they become unknowingly infected.
So what is the answer?
Technology solutions to be effective against the multitude of the types of attacks that are out there today and tomorrow have to have a layered approach. Stop the attacks at different points, so that if an attack gets past the first security point, it is stopped by the second or third.
Proxy server
Proxy servers remove the hacker’s view of your servers and applications. Cost constraints keep a lot of companies from deploying proxy servers, but they more than pay for themselves by allowing your IT Infrastructure Management staff to concentrate on other issues besides security breaches. 80% of Internet attacks are aimed at a specific application, Oracle, MS-SQL or VoIP. Remove the hacker’s ability to see what is running on your servers and they will be less effective in their attack.
Positive Secure Model
This model states that everything is bad except what is explicitly stated as good. So rules are put into place for every piece of allowed internet traffic, everything else is disallowed. This requires in-depth knowledge of your employees and applications. This model is very effective in stopping the “zero-hour” attacks. These are very newly created attacks that have been in existence for zero hours.
Deep inspection firewalls
New firewall applications are coming out and will be readily available soon that have the ability to decrypt the SSL packet and inspect it for unwanted traffic. This gives them the visibility to fully enforce their policy rules on the entire communication packet.
Reputation and Geo-Location policies
Just as every individual and business has a credit rating that indicates to a company or lending institution whether they should do business with this individual or business, serves are coming out that gives a reputation score to websites. Appliances are put into place to retrieve the reputation score of the website being visited or attempting to get into your website and it is determined whether it will be allowed, or if certain functions, ActiveX, exe or pdf file downloads, JavaScript shall be disallowed.
McAfee reports that Hong Kong, China and Russia are the most dangerous countries for internet traffic. If you’re a local or regional American business that has no interaction with these countries, why would you have internet traffic from these countries.
Conclusion
Even though security technology is not keeping pace with the number and changing types of threats being developed out there, there are several technologies being developed to render these attacks less effective. The best approach to securing your network is to put into place as many of these technologies as possible, but in all cases more than one model is needed to make your IT infrastructure secure.
1. Network security technology is not keeping pace with new types of attacks
2. Some security measures interfere with other security measures effectiveness
3. Businesses concentrate on securing traffic coming in through their firewall but put little effort in securing their employee’s traffic, both in and out.
Hackers are working daily to find new ways of hacking into networks and websites and the technology to prevent them from getting in is not keeping pace. They take tools, such as network scanners and snoopers, which Network Security Specialists use to secure their network and scan remote servers for vulnerabilities or ports that should not be open. Once found, they exploit those points of vulnerability. Using tools like eVade O’ Matic Module (VOMM), they create thousands of variants of a virus or malware, requiring an equal number of Anti-virus or IPS signatures for your scanning software to pick them up. They use obfuscating tools to break up the communication packets to help prevent detection of the malware contained within. These are the kinds of tools and methods that are being used to render your IT infrastructure vulnerable.
Many companies use SSL technology, especially those that have ecommerce websites. This is great for traffic as it passes over the internet. SSL encrypts the packets so that they can not be picked off the internet and read. However, the encryption occurs at the origination of the communication and decryption occurs at the destination, after it passes through the firewall. So the firewall reads what part of the communication it can read and sees it is destined for your website, has a rule that allows that and passes it through. It is unable to decrypt the encrypted part of the packet, which may contain a virus or malware.
Companies focus their efforts on traffic to and from their website, but don’t put a lot of effort in securing their employees as they surf the web, for business purposes of course. Google reports that on any given day 1 in 10 websites is infected with malware. Today’s attacks are aimed at getting you to an infected website where the malware is hidden on the webpage and downloads to your computer as soon as you hit the website. Even once trusted websites, such as Wikipedia and Expedia, have encountered recent attacks. Blogs have become popular in recent years and are usually considered to be from an expert authority on the subject. But anyone can post a comment to the blog and encourage the readers to go to a URL. When the reader clicks on the URL link they become unknowingly infected.
So what is the answer?
Technology solutions to be effective against the multitude of the types of attacks that are out there today and tomorrow have to have a layered approach. Stop the attacks at different points, so that if an attack gets past the first security point, it is stopped by the second or third.
Proxy server
Proxy servers remove the hacker’s view of your servers and applications. Cost constraints keep a lot of companies from deploying proxy servers, but they more than pay for themselves by allowing your IT Infrastructure Management staff to concentrate on other issues besides security breaches. 80% of Internet attacks are aimed at a specific application, Oracle, MS-SQL or VoIP. Remove the hacker’s ability to see what is running on your servers and they will be less effective in their attack.
Positive Secure Model
This model states that everything is bad except what is explicitly stated as good. So rules are put into place for every piece of allowed internet traffic, everything else is disallowed. This requires in-depth knowledge of your employees and applications. This model is very effective in stopping the “zero-hour” attacks. These are very newly created attacks that have been in existence for zero hours.
Deep inspection firewalls
New firewall applications are coming out and will be readily available soon that have the ability to decrypt the SSL packet and inspect it for unwanted traffic. This gives them the visibility to fully enforce their policy rules on the entire communication packet.
Reputation and Geo-Location policies
Just as every individual and business has a credit rating that indicates to a company or lending institution whether they should do business with this individual or business, serves are coming out that gives a reputation score to websites. Appliances are put into place to retrieve the reputation score of the website being visited or attempting to get into your website and it is determined whether it will be allowed, or if certain functions, ActiveX, exe or pdf file downloads, JavaScript shall be disallowed.
McAfee reports that Hong Kong, China and Russia are the most dangerous countries for internet traffic. If you’re a local or regional American business that has no interaction with these countries, why would you have internet traffic from these countries.
Conclusion
Even though security technology is not keeping pace with the number and changing types of threats being developed out there, there are several technologies being developed to render these attacks less effective. The best approach to securing your network is to put into place as many of these technologies as possible, but in all cases more than one model is needed to make your IT infrastructure secure.
Whether you’re a SMB selecting your first ERP package or a seasoned company upgrading your business to a new ERP solution, an ERP solution allows the company to take advantage of an integrated process management. To help select the correct solution for your company here are a few tips to painlessly reach agreement on price and service levels with your ERP vendor or reseller.
1. Understand the Real Value of Your ERP installation
Many first time purchasers get so hung up on line item discounts and petty debates that they can delay negotiations for months. Likewise, some companies think that ERP implementations take so long anyway that extending negotiations has no impact on the business. Many modern ERP vendors have worked on reducing the time of implementation of their solutions and you can hire an Information Technology Strategic Consulting firm, such as Star Base, Inc., to manage the implementation. Outside project management and business analysis services can prove useful in reducing the time it takes to move a business organization from its current state of business processes to the new ERP integrated business processes. So businesses need to know when it is beneficial to let go of demands for discounts that only affect short term financing in lieu of long-term benefits.
2. Time Your ERP Negotiations
Time your negotiations with the vendor or reseller so that implementation and cut over can happen for your business so that you can start the new quarter or fiscal year on the new ERP solution. Like any business, ERP vendors may be willing to give greater discounts if you offer to close the deal by end of the quarter or end of year as they are under pressure to meet their sales goals.
3. Get Outside Advice on Your ERP Contract
Just as successful companies look for outside advice on legal, project management and CRM features, you should consider outside advice on your ERP solution. Besides legal advice, IT Strategic Consulting firms with expertise in ERP solutions, analysis and negotiation can provide invaluable value to selecting the correct solution for your business. Asking for feedback from a vendor’s other customers can raise important issues or benefits. Some vendors publish customer lists on their websites so that you can collect unbiased feedback from their customers. When an ERP vendor or reseller makes it easy to contact their customers, you can expect a smooth negotiation.
4. Expect some Legal Terminology in the Contract
Your negotiations with the vendor or reseller may have been warm and friendly but when the contract containing cold, hard, impersonal legal jargon comes across the table can give business negotiators that uneasy feeling. Don’t take this personally, standard contracts are not aimed at individual businesses; but rather take this opportunity to ask questions about the intent behind troublesome clauses. By all means, cross out and re-work unclear and unwanted clauses.
5. Think Long Term
Remember that ERP solutions include a certain level of support from the vendor or reseller. So you are negotiation a long-term relationship or partnership with the vendor or reseller, not just a software package. Some vendors will negotiate deeper discounts in exchange for referrals. Do take care of the package features and short-term goals and financing, but not at the expense of the long-term relationship you are forging.
6. Agree on Success Measurement
Many contract disputes between businesses and vendors revolve around performance, speed, uptime and other measurable factors. So agree with the vendor on what metrics will be measured and indicate success. By agreeing on factors that will trigger escalation and other service responses you can prevent future frustrations.
7. Specify Training on Integrated Solutions
Since this process involves moving your entire business organization from what they are use to doing to a new integrated business process, training of all or key individuals within your organization will be instrumental in the implementation process and ongoing operation of the solution. The contract should lay out which individuals within your organizations will receive training on what aspects of the ERP package. This will give the business “power users” that will assist in the implementation process as well as be able to handle issues in-house before having to call on support. Selecting a vendor that has put great effort into training, including on-line and classroom training, will be beneficial to your organization.
8. Clarify Your ERP Vendor’s Definition of “Emergency”
Since your ERP contract will define acceptable levels of service from the vendor, use the negotiation process to set thresholds of emergency response. Envision everything that could go wrong, even your worst nightmare, and set response time expectations with the vendor. Even scenarios that have nothing to do with the software itself, if a tornado demolishes your building, you have a lot more than your ERP package to think about, but how will the ERP vendor assist you in getting your business back up and running. Your ERP vendor can be a great asset in your overall company disaster recovery plans.
9. Shield Yourself Against Market Fluctuations
The average ERP solution stays in place for about two decades. Will your new ERP partner be in business twenty years from now? Adding language in the contract to protect from the vendor going out of business or merging with other entities can prevent your system from falling into disrepair.
10. Treat Your ERP Vendor Like You Want To Be Treated
Tense negotiations often lead to an adversarial relationship. Even if negotiations were tense at times, treat your new EFP vendor as a partner in your company’s success. Communicate clearly and openly your needs, your budget and your challenges are often the best way to reach a “win-win” solution.
In business as in life, first impressions mean a lot. Devoting some time and energy into preparing for the negotiation process prior to meeting your ERP vendor can lead to lasting satisfaction long after the negotiation process.
1. Understand the Real Value of Your ERP installation
Many first time purchasers get so hung up on line item discounts and petty debates that they can delay negotiations for months. Likewise, some companies think that ERP implementations take so long anyway that extending negotiations has no impact on the business. Many modern ERP vendors have worked on reducing the time of implementation of their solutions and you can hire an Information Technology Strategic Consulting firm, such as Star Base, Inc., to manage the implementation. Outside project management and business analysis services can prove useful in reducing the time it takes to move a business organization from its current state of business processes to the new ERP integrated business processes. So businesses need to know when it is beneficial to let go of demands for discounts that only affect short term financing in lieu of long-term benefits.
2. Time Your ERP Negotiations
Time your negotiations with the vendor or reseller so that implementation and cut over can happen for your business so that you can start the new quarter or fiscal year on the new ERP solution. Like any business, ERP vendors may be willing to give greater discounts if you offer to close the deal by end of the quarter or end of year as they are under pressure to meet their sales goals.
3. Get Outside Advice on Your ERP Contract
Just as successful companies look for outside advice on legal, project management and CRM features, you should consider outside advice on your ERP solution. Besides legal advice, IT Strategic Consulting firms with expertise in ERP solutions, analysis and negotiation can provide invaluable value to selecting the correct solution for your business. Asking for feedback from a vendor’s other customers can raise important issues or benefits. Some vendors publish customer lists on their websites so that you can collect unbiased feedback from their customers. When an ERP vendor or reseller makes it easy to contact their customers, you can expect a smooth negotiation.
4. Expect some Legal Terminology in the Contract
Your negotiations with the vendor or reseller may have been warm and friendly but when the contract containing cold, hard, impersonal legal jargon comes across the table can give business negotiators that uneasy feeling. Don’t take this personally, standard contracts are not aimed at individual businesses; but rather take this opportunity to ask questions about the intent behind troublesome clauses. By all means, cross out and re-work unclear and unwanted clauses.
5. Think Long Term
Remember that ERP solutions include a certain level of support from the vendor or reseller. So you are negotiation a long-term relationship or partnership with the vendor or reseller, not just a software package. Some vendors will negotiate deeper discounts in exchange for referrals. Do take care of the package features and short-term goals and financing, but not at the expense of the long-term relationship you are forging.
6. Agree on Success Measurement
Many contract disputes between businesses and vendors revolve around performance, speed, uptime and other measurable factors. So agree with the vendor on what metrics will be measured and indicate success. By agreeing on factors that will trigger escalation and other service responses you can prevent future frustrations.
7. Specify Training on Integrated Solutions
Since this process involves moving your entire business organization from what they are use to doing to a new integrated business process, training of all or key individuals within your organization will be instrumental in the implementation process and ongoing operation of the solution. The contract should lay out which individuals within your organizations will receive training on what aspects of the ERP package. This will give the business “power users” that will assist in the implementation process as well as be able to handle issues in-house before having to call on support. Selecting a vendor that has put great effort into training, including on-line and classroom training, will be beneficial to your organization.
8. Clarify Your ERP Vendor’s Definition of “Emergency”
Since your ERP contract will define acceptable levels of service from the vendor, use the negotiation process to set thresholds of emergency response. Envision everything that could go wrong, even your worst nightmare, and set response time expectations with the vendor. Even scenarios that have nothing to do with the software itself, if a tornado demolishes your building, you have a lot more than your ERP package to think about, but how will the ERP vendor assist you in getting your business back up and running. Your ERP vendor can be a great asset in your overall company disaster recovery plans.
9. Shield Yourself Against Market Fluctuations
The average ERP solution stays in place for about two decades. Will your new ERP partner be in business twenty years from now? Adding language in the contract to protect from the vendor going out of business or merging with other entities can prevent your system from falling into disrepair.
10. Treat Your ERP Vendor Like You Want To Be Treated
Tense negotiations often lead to an adversarial relationship. Even if negotiations were tense at times, treat your new EFP vendor as a partner in your company’s success. Communicate clearly and openly your needs, your budget and your challenges are often the best way to reach a “win-win” solution.
In business as in life, first impressions mean a lot. Devoting some time and energy into preparing for the negotiation process prior to meeting your ERP vendor can lead to lasting satisfaction long after the negotiation process.
Powered by Compendium Blogware