IT Outsourcing Services

In Part one, I introduced the idea of Test Data Management or TDM.  TDM is not something unique to IT Applications in Cincinnati, Dayton or to Ohio. It’s something that will need to be addressed nationwide.  With more and more government regulations and data privacy concerns, it will be more and more important to not only manage production data, but also test data used for quality assurance as well. 

One of the aspects of good TDM is for the obfuscation (sometimes referred to as de-identification or masking) of data values from a production database in order to make the test instances “safe”.   One of the challenges is preserving data distributions and referential integrity–even across distributed database systems.  This is particularly important in the healthcare and financial industries where PHI (Personal Health Information), social security numbers or banking information could get exposed.

Another aspect is the challenge of maintaining security around the test databases themselves.   Many companies have tight security around production data, but next to none around test and developer data.   Often this data is just a copy of production data that is not masked in any way.   According to a Ponemon Institute study, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, that is compared to $197 in 2007.  With the cases studied a range of 4,200 to 113,000 records that were affected. 

Do any of you reading this have a little twinge in your stomach?  Can’t anything be easy anymore?  Maybe some RX is in order.  That was EASY!!!!
 

I had lunch today with one of our Cincinnati customers and he made the comment that his company had eliminated a lot of costs via their IT applications.  He also said there was no more low hanging fruit in their IT applications.  Everything is integrated and there are no easy changes. I laughed and said there is nothing easy any more; even my easy button quit talking!

In today’s world some IT applications have grown quite complex.  It was not that long ago an application developer that knew business could do the business analysis, the technical design, program the application, test and implement it.
Enterprise IT applications today require a team of dedicated professional working together and a good process methodology.  Many members of the team are specialized in a particular skill or a part in the development process.

One of the things that is sometimes overlooked or gets glossed over is testing and quality assurance.  I have even heard developers say “why should I test, that’s what we have users for”.   Because systems have become so integrated and complex, quality assurance is not something to be taken lightly.  As a matter of fact, it is quickly becoming a specialty in and of its self.  There are many aspects to quality assurance, but one that I think we will be seeing a lot more of in the coming months and years is the notion of Test Data Management.   To be continued……….

 

Happy New Year!!!  Welcome to a new year, new decade and a new beginning. 

As the recession recedes and recovery takes hold, IT executives are looking at their project lists and trying to decide what their priorities are.  Should we do application development in house or bring in an IT consulting company?  Should we consider an open source application?   What is the ROI?  What’s a company to do?   It doesn’t matter if your company is in Cincinnati, Dayton or Katmandu, the questions are the same.

Last month we did a pulse survey to see how IT leaders are managing ROI measurement.  The results were surprising and sparked a lot of conversation here at STAR BASE, Inc.  The thing that surprised us the most was the number of companies that did NOT look at ROI before doing a project.   Most of our respondents (58%) do not.

Some of conversations we have had revolved around the idea of doing a project or installing an application just to stay in the game.   Could you imagine a company of any size today functioning without email?  I could argue that there is negative ROI with amount of time managing my email in box takes! 

For those that measure ROI, only about half see the actual ROI align with the projected ROI most of the time.  The other half report that they see the actual ROI align with the projected ROI less than half the time and most said seldom or never.  I have often said that if management knew how much it was really going to cost to install that new ERP system before they started, they probably wouldn’t.

Since most of our respondents don’t look at ROI and of those that did, half said the ROI did not align, my question is this:  How do you decide what projects to do?  Are most companies spending money on IT because they need to “keep up with the Jones’ “?  Is it because installing that new ERP will look good on everyone’s resume?

Get your copy of our ROI Survey results by going here.

According to ComputerWorld, web application development remains top dog by far in the top IT skills to have in 2010.  Specifically, companies will look for developers with knowledge of .Net, Java, Web development, open source and portal technologies.  The article goes on to suggest that combining web application development skills with business analysis or project management skills is a big plus.  ComputerWorld lists the remaining skills to have for 2010 in its top six as:  Help Desk/Technical Support, Networking, Project Management, Security and Business Intelligence.

I feel ComputerWorld did not put enough emphasis on Security; this without doubt will be the biggest challenge for IT executives in the coming years.  Open-source software may be an innovative money saver, but IT professionals still have concerns that networks could be vulnerable to viruses, cyberattacks and other intrusions.

According to InfoWorld, a new survey from Forrester Research found that 58 percent of large companies have security concerns about open source. In addition, 57 percent of small and mid-sized businesses expressed concern that open-source software would be "complex and hard to adopt".

With the advent and increasing usage of open-source in the business world, expect to see demand for IT security related skills to grow.  According to the FLOSS 2020 roadmap presented at the Open World Forum in Paris, 40 percent of jobs will be related in some way to open source by 2020.  You can expect application development and security to comprise a great majority of these jobs.
 

I was reading this article and as a Cincinnati based IT consulting firm owner, found it interesting.  Social networks are influencing our everyday lives more and more each day.  This research was conducted by Don Bulmer from SAP and Vanessa DiMauro  According to them, there were six key findings:

1. Professional decision-making is becoming more social - enter the era of Social Media Peer Groups (SMPG).
Professionals want to be collaborative in the decision-cycle but not be marketed or sold to online; however online marketing is a preferred activity by companies.
2. The big three have emerged as leading professional networks: LinkedIn, Facebook & Twitter.
The convergence of Internet, mobile, and social media has taken significant shape as professionals rely on anywhere access to information, relationships and networks.
3. Professional networks are emerging as decision-support tools.
Decision-makers are broadening reach to gather information especially among active users.
4. Professionals trust online information almost as much as information gotten from in-person.
Information obtained from offline networks still have highest levels of trust with slight advantage over online (offline: 92% - combined strongly/somewhat trust; online: 83% combined strongly/somewhat trust).
5. Reliance on web-based professional networks and online communities has increased significantly over the past 3 years.
Three quarters of respondents rely on professional networks to support business decisions
6. Social Media use patterns are not pre-determined by age or organizational affiliation.
Younger (20-35) and older professionals (55+) are more active users of social tools than middle aged professionals.
There are more people collaborating outside their company wall than within their organizational intranet.

After reading this, a Bad Company tune came to mind, “Run with the Pack”.  There is certainly safety in numbers.  My question is this:  If everyone is doing the same thing, are they giving up any competitive advantages?

 

In part one; I talked about some of the IT Strategies and business strategies that were discussed at the Techserve Alliance conference we recently attended.  I’ll admit I’m a sucker for quaint sayings and one of the speakers had a good one:  It’s time to take the Basset hound to the farm.  So what does that have to do with IT Strategy or business?

Plenty, takin’ the basset hound to the farm means it’s time to re-think what you are doing, why you are doing it, and who is doing it.  It’s time to eliminate products, services, processes or people that are not delivering value to the business.  This is not just an IT strategy, but an important business strategy as well.  It is critically important to make sure both business and IT are aligned. 

The trick is to figure out what your basset hound(s) are.  Every business that has been around for any length of time has one or more of these.  It may be a line of products that are kept in stock because it “rounds out the product line”, when the reality is the items are not that important.   It could be a service that our “customers really want”, but in reality  the service does not deliver value or it could be that “special process” that you do “because we have always done it that way”.  Then there is Bob.  Everybody likes Bob. Bob has been around forever and knows everything.  The problem is Bob doesn’t really do anything.

It’s always better to take the basset hound to the farm on your own terms rather than be forced into it by circumstances.  Take for example the company in New England that manufactured parts for submarines.  When the ship yard closed a few years ago, they were forced to change.  They redeployed their manufacturing expertise and now make parts for the medical industry.  What could they have accomplished if they had manufactured both parts for submarines and medical devices?  Could the business have been double the size?

That’s where an outside consultant can help.  They can be objective and bring an outside perspective to your current business and IT strategy.  STAR BASE is in a good position to teach old dogs new tricks”.  (Who let the dogs out? Who? Who?!)

Its good to see Cincinnati and Dayton area companies starting to embrace open source as an alternative to custom application development.  As an IT Strategy consultant, I can say there is a place for both.

STAR BASE, Inc. just landed another Magento project.  I have written about Magento before and this post has links to several others.   These are not your father’s shareware packages. The packages we are working with are what I’m calling Commercial Open Source. 

I’m curious, why have you or your company not implemented an open source option?  Is it because the light at the end of the tunnel looks more like a train?  Maybe we’re just ahead of the curve again and I need a little bit of Patience.

 

I attended the first meeting of the season for the Cincinnati IIBA^® Chapter. They are doing a series entitled CIO Speaker Series, where they have the CIO from prominent companies in the Cincinnati area who have demonstrated a solid commitment to promoting the effective practice of Business Analysis in their organizations come and speak on how that commitment is put into practice within their organization.

Now I really thought this was going to be boring but the speaker; Jeff Wolverton, Senior VP and CIO of Great American Financial Resources, Inc. (GAFRI), captured my attention when he spoke about how he used the area of Business Analysis to turn his IT organization around and assist them in providing better IT business solutions.

Jeff has been with GAFRI for 11 years and has held the position of CIO for the past 8 years, but they have really put an emphasis on the area of Business Analysis and have begun to reap the benefits thereof here in the last year and a half.

He demonstrated how putting Business Analysis first changed the reputation of his IT staff within the organization from an IT production support group that is slow in delivering business applications that are often bug ridden, to an IT staff that develops great business application solutions that work for the business. GAFRI IT staff went from delivering solutions and telling the business to report any bugs found and they will fix them to delivering business solutions where they had found 85% of all bugs prior to user acceptance testing.

Jeff also spoke about how in last year’s economy where IT budgets in most organizations were being slashed, he received a double-digit increase; the largest increase in his 8 years as CIO. So how do you get that kind of budget increase and turn around the reputation of your IT staff and the business application solutions that they deliver? GAFRI did it by getting to the business requirements behind the business requests and implementing a systematic, repeatable project delivery process.

Jeff and his team put into place a new IT business solutions delivery process from the requirements gathering phase to project delivery (implementation). This new process was going to take much longer than the old process. What use to take a week will now take two to four weeks.  How do you get business buy-in to wait for their business applications? When you deliver a business application solution in which the business usually reports several bugs during testing to delivering a solution in which the business reports almost no bugs, they see value in the new process.

GAFRI’s new IT business solution delivery process put emphasis on two areas: requirements gathering and application testing. They created new roles within their IT staff and put people in place with very specific duties to gain measurable increased value in these areas. They not only put IT staff through training, but they put the business through training on the new delivery process and the business role on working with the IT staff to drive better IT business solutions.

The first new IT role is the Requirements Analyst. This person works with the business in the beginning of the project to elicit and form clear and concise business requirements for the IT business solution. So many times when IT delivers a project they get the punch line to that Dr. Seuss rhyme about the Super Programmer, where the requester says ‘You gave me just what I asked for but not what I need!’. The Requirements Analyst works throughout the project, in a diminishing role, to ensure that the IT solution will meet the needs of the business.

The second new IT role created is the Test Analyst. Typically, testing is thought of after development is complete or nearing completion. In GAFRI’s model test plans are created before or as development starts and are based on the business requirements of the project. The Test Analyst either performs or supports IT Quality Assurance testing and supports User Acceptance Testing.

GAFRI is a shining example of how commitment to the area of Business Analysis can reap many benefits for the organization, both for IT and the business. The end result is better IT business solutions.

Come on, come on, come on, come on now Touch me, babe!  Can't you see that I am not afraid? ....... Yea, I have been listening to The Doors again.  See the complete lyrics here.  Actually we are trying to decide how, when and what to do marketing wise or as we say internally, how many times to “touch” the client.  Even a Cincinnati based Information Technology Firm is not immune to the FUD Factor.  What’s an IT Consulting Service firm to do?

One of the things that has stuck with me from my marketing class at MIT  is when the professor said that the quickest way to burn through a million dollars and have nothing to show for it, was to start marketing and advertising. We certainly need to be marketing, but if companies’ are not in a position to buy, are the marketing dollars wasted? 

Having been around for 19 years, this is the 3rd economic downturn we have experienced.  We have come out of each one a little wiser and a little stronger.  We have been positioning to leap frog our competitors during this one.  We have seen an up tick in activity, just like everyone else.  This is the 64 dollar question:  Is now the time to spend the marketing dollars?

Since today I have more questions than answers, I invite you to leave comments on How?, When?, How often?  What means?  You would like to be marketed to.  Comments will be posted following this blog, so contribute and check back to see what others think.  

 

• Network security specialist: A person familiar with intrusion detection systems.
• Penetration testers: Someone who can assess a system's potential vulnerabilities.
• Incident handlers: People who understand attack methodology and can apply critical thinking skills to respond to incidents.
• Forensics Analyst: The person who looks for evidence after an attack.
• Research Analyst: The person to keep abreast technological advances in incident response activities.
• Team Leader: Leads the team through crises and communicates to the business incident activities and cost to the business.

• Preparation and Training: for both prevention and incident response.
• Identification: fast identification of an occurring attack and its impact on the IT infrastructure can help in minimizing the duration and cost of clean-up.
• Containment: Once an attack has been identified, steps must be taken to minimize the effects of the attack.
• Recovery and Analysis: The recovery period allows analysis and lessons learned of What happened? Why did it happened? Was the response effective?

Having been in business for over 18 years now in Cincinnati, we have seen a few changes in the IT Solutions space.  It’s interesting to see what were once considered cutting edge technologies slowly fade in to oblivion.  It’s also very gratifying to be able to change and adapt to the newest IT Solutions. 

The past couple of weeks we have gotten calls from both ends of the spectrum.  From the older side, we had inquires from two different companies running older IBM System/36 software.  I had thought most of that RPG 2 and OCL had pretty much been converted over to something else during the Y2K scare at the turn of the century.  I guess not.

On the other side of the spectrum, we have gotten calls from a couple of companies looking for some help with Magento ecommerce.  Magento happens to be one of the open source ecommerce packages we have experience with. 

This is not the first post that I have written about open source, check this one out.  If you are thinking about a sweet CRM package, check out this post.

One other thing, you might be wondering about is why the picture of the 1974 Dodge Charger?   I was looking for a picture that could represent something old that is also new and cool.  I may be biased, but I think that picture does it.   That is “The Beauty” at the Quaker State and Lube cruise in on Sunday night.  I typically go to the Colerain location.  Next time I go, I will bring “The Beast”.

 

Web application development is a must for Cincinnati and Dayton companies.  We at STAR BASE, Inc. have written much lately about open source IT solutions.  Since we have been on a roll with that, why stop now? 

Another open source IT solution we have worked with is Sugar CRM.  Sugar CRM falls in to a relatively new software category that I’m going to call Commercial Open Source or COS for short.  (Remember you saw the TLA (three letter acronym) COS here first!)  COS applications have a free version that you can download and implement and they also have a commercial version that can be licensed and supported like any other software application.

What we have found to be very effective; is to use the open source version and customize and tailor it to meet specific business needs.   No need to re-invent the wheel.  Swweeet!

 

Just when I thought the browser wars were pretty much a thing of the past, they are heating up again.  Web application development is difficult enough without having to worry about what version of what browser a client may be using.  

We just upgraded a couple of machines to IE 8 and guess what?  IE 8 is not compatable with our web based CRM!  IE 7 and FireFox 3 work fine, but in IE 8 the search fields are not input capable.  IE 8 provides for a “compatablity mode”, but hey that doesn’t work either.  I was wondering if Google Chrome would work, but in Chrome, the search fields don’t show up at all; the field labels are repeated. 

I was thinking about trying Opera, but stopped because how many web browsers do I really need on my machine any way?

In order for web applications to continue to flourish and expand, there has got to be adherence to standards by both application developers and software companies.  There are so many other applications that could be developed and expanded.  But what do we do with IT solutions?  Both vendors and developers shoot themselves in the foot by delivering applications and software that “stops working”. 

What's the business impact?
- Increased support costs.
- Increased applications development and testing time
- Less confidence by the user community of “IT not  being able to do anything right”.
- Less time and money to develop new applications.

As a reformed, application developer, maybe I should retitle this post “The Return of the Angry White Guy.”  I think instead, I’m going outside and shouting, “I’m mad as hell and I’m not going to take it anymore”. 

The Cincinnati market is known for being conservative when it comes to using software. Most application development people I know would say that big software, from the big firms, either three lettered companies, or their name ending in “soft”, are the only code found in shops. There is the occasional open source item here and there, but usually in smaller shops. Why is that? Well, some firms don’t create their custom application development, they just enhance out of the box software. They need a vendor to yell at and fix things when it breaks, because their staff can’t fix the code, or don’t have access to it. For many firms, it is better to pay a vendor for support than to maintain it themselves. As long as you can point to somebody, it’s ok. Some firms actively fear that open source means that everyone will have their intellectual property somehow. They fail to realize that it is the same proprietary code that everyone uses too. Since, you have the source code, you can see if there is a backdoor coded in the application, something you can’t do with proprietary code.

With these fears aside, many firms, even in Cincinnati, are looking to use open source solutions for their issues. Certainly many are using the free (as in beer) code to save costs. I hope though that some firms will see how this free (as in liberty) also helps their business. It’s a tough call whether to purchase a pre-made business process package (I am looking at you SAP), or to roll your own. I think the best of both worlds would be to use an open source application, and to enhance it. It is a popular misconception that you MUST contribute code, or that you can’t change the code. You can create your own code for use; you can’t sell the application with YOUR enhancements as YOUR NEW application. There is some legal wrangling, yes, but the bottom line is that you have application development teams, so use them. Your best business plan is to use your process as a competitive advantage, not to shoehorn your process into software that all of your competitors use. I think the goal is to beat them, not join them.
The best thing to do is to give your application development team a couple of old boxes to play with, and let them do some research on applications that can save your money, and are flexible enough to work with your processes. You may end up with an inexpensive system, and get that application that outperforms your competitors.

http://www.youtube.com/watch?v=R2a8TRSgzZY

Check out this video, it’s so dead on.  Many of us in the IT staffing industry have dealt with this first hand.  “I can get <fill in IT skill> resources for $20 an hour less from XYZ".  Companies’ sometimes act like they are buying a commodity product like copier paper, rather than skilled IT consultants. 

No manger would ever dream of going to one of their employees and saying, I can get Bob to do your job for $10,000 less per year, yet it’s becoming more prevalent in the IT staffing business. 

One of the huge issues facing our industry is the use of H1-B IT consultants.  Our leaders in Washington are looking legislation specifically targeting IT consulting firms that use H1-B consultants to limit our ability to do so.  This is in the interest of saving American jobs.  Unfortunately, the bill currently being debated does not limit multi-national companies, so only the smaller companies will be hurt. 
 

I would love to use local IT consultants for all of our engagements, but the price pressure dictates we do things we normally wouldn’t chose to do.   But then again, we’re really just hurting ourselves.

This week I am in Washington DC at a Jenzabar conference with a customer learning about IT strategies and IT solutions for higher education.  One of the partially completed tasks that I had not completed before I left was a switch of Star Base, Inc’s wireless service.  We had been with the company whose tag line is the title of this post for 15 years.  Yet I have another year to go on my contract. (Go Figure.)

We are in process of switching to the local wireless company and so I have both phones.  I didn’t want to cutover on Friday before the holiday weekend and also be out of town on top of that.   For now I can call out and use almost all the features of my new phone and service.  Inbound calls still use the old phone and its fully functional as well.   That puts me in a unique position to test the coverage of both services side by side.

So far I am pretty happy with my choice.  One big concern was how would the coverage be outside my home area.  I was a passenger for a good part of the trip because I was riding along with the customer.  That gave me time to see how the services stacked up in different parts of the route.  Even though the national company touts its network.  The local company’s signal strength was equal to or greater than the national one each time I checked.

In my next post I will detail the services and features that I have used.