Industry news

Since the days of time sharing and bureau services in the 1970s, the IT industry has sought to provide organisations with outsourced services that enable them to move processes outside the organisation and run them at a lower cost and/or more efficiently.

Industry analyst Gartner reports that worldwide IT outsourcing (ITO) revenue totalled $246.6 billion in 2011, representing a 7.8% increase from 2010 revenues of $228.7 billion. Indian-based IT services providers and companies providing cloud-based services delivered the highest growth rates in 2011.

And the global outsourcing market is still growing, thanks to the need for companies to reduce internal costs in difficult economic conditions. According to a recent report by Global Industry Analysts, the international Business Process Outsourcing (BPO) market alone will reach $280.7 billion by 2017.

Finance & Accounting (F&A) outsourcing is expected to achieve the fastest growth among all horizontal BPO segments. This is being driven by the need to streamline costs and increase competitiveness, with F&A outsourcing a vital part of companies’ ability to achieve those objectives.

While outsourcing partners pride themselves on their ability to maintain high quality data management standards and reduce the costs of running processes, there is a vital piece of business activity that warrants particular scrutiny. This is the use of Excel spreadsheets: firstly as a means of sharing critical data between the company and outsourcing partner; and secondly as a component of key business processes that must remain in the company even after the outsourcing. When business processes are ‘split down the middle’ like this, one could argue that the job is only part done.

Outsourcing partnerships aside, the cost of managing spreadsheet risk is a major internal concern for organisations. Without expensive, inefficient manual checks, spreadsheet errors, or even fraud can propagate through budgets, financial statements, and pricing, leading to bad decision-making or even significant financial and reputational losses. The problem is that efficiently tackling these data management and risk issues can only be achieved outside the knowledge of IT departments as the data is held and generated in users’ own spreadsheets.

The challenge is exaggerated by the fact that spreadsheets are used everywhere, by companies of all sizes and across all sectors because they are so easy to use, low-cost, flexible and readily available. Indeed, organisations are often horrified by how many individual spreadsheets are used within their business, and commonly admit to having poor governance control over their use and maintenance.

But the prevalence of spreadsheets is not just the result of user short-cuts. Decades of multi-million investments in F&A software platforms such as treasury, tax, reporting and analytical systems show that they cannot keep pace with the needs of the business and the gap is filled with spreadsheets.

The reality is that spreadsheets – with all their associated risks and manual inefficiencies – will never disappear from the corporate environment. The adoption of proper management approaches therefore offers multiple opportunities to both companies and their outsourcers - all of which can benefit outsourcing relationships. So how can outsourcing partners deliver these benefits?

The good news is that the same tools used to manage spreadsheet risk internally can be applied in partnership with an outsourcing partner. ClusterSeven’s software, for example, can monitor this process, bridging the gap between client and BPO provider. ClusterSeven can work with clients to compile reports to monitor the quality of BPO service from a data security point of view.

Further to this, there is a very real new business opportunity for BPO providers to take on spreadsheet operations themselves, rather than feeding data back for the client to analyse. This means that they take over the whole process of data management and governance, not just the non-spreadsheet parts. If the BPO provider does this then it provides much greater scope for process efficiencies – delivering wins for all parties.

All of the industry research points to a continued boom in outsourcing and BPO, particularly in F&A processes. The thorny issue of spreadsheet risk will not go away, and smart organisations and their outsourcing partners are increasingly looking for ways to address this challenge using proven tools already used to manage internal spreadsheets. The even smarter outsourcing companies will focus on a new revenue stream fuelled by their ability to manage spreadsheet risk on behalf of their clients.

While some might argue that ignorance is bliss, when an organisation’s security hangs in the balance remaining clueless isn’t a viable option. In this article, Jane Grafton of Lieberman Software dispels five common security myths.

All too often people hide behind what they ‘want’ to believe is true. Unfortunately, your personal beliefs and opinions will not prevent a ruthless individual from ransacking your network’s filing cabinets. The easy road is not necessarily the secure one so, rather than wait for a hacker or malicious insider to burst your bubble, here’s what misguided individuals tell me far too frequently.

Myth One: We passed our regulatory compliance audit - so our network is safe

If I had a brick for every time I heard this one I could build a wall around the equator a mile thick and two miles high. Just because you passed an audit does not mean you are hack proof. – Far too many large organisations on both sides of the Atlantic are testament to this fact.

There are a number of reasons for this. The most common is that IT departments will pull out all the stops to hit a certain number of audits per year, and forget about compliance on all the days in between. Another big concern is auditors may not always know where to look for the holes so they can be steered in another direction.

I give you fair warning - hackers won’t make an appointment to come ‘check’ your systems! Neither will they stumble accidentally across vulnerabilities in your enterprise. They know what they’re looking for and will strike on their terms.

Myth Two: Our passwords change regularly in line with regulatory mandates - so our network is safe

I’m sorry to be the bearer of bad news but, in my experience, this is unlikely to be accurate.

While user login credentials might be automatically prompted for change, it is the highly privileged administrator accounts that fall outside most automated solutions and therefore rarely altered. Of course, some of you may be thinking that you’ve got that one covered because your IT staff secures these privileged identities manually. All too often that simply isn’t possible. While not rocket science, the sheer magnitude of the task is to blame.

Someone physically connecting to machines, or even using scripts, to change passwords to comply with regulatory mandates is fraught with complications. Think of all the services running on machines with privileged credentials, including any interdependent services, which have to be appropriately stopped before a change can be made, then restarted. It’s a daunting technical task, prone to errors - not to mention time and labour intensive.

Myth Three: Our systems administrators don’t share their privileged logins – so our network is safe

Who are you kidding? The reality is convenience wins out over security.

Although I can’t name the company, a large US insurance provider believed its privileged logins weren’t shared but soon discovered that this perception was misguided. A branch office had been given the privileged login details to resolve a routine IT administrative issue. But, since the privileged password was never changed, staff at the branch office were free to change settings on their machines and install software at will for many months. And this wasn’t an isolated case. Others within the organisation had also been given these ‘keys’ to the network, and had gone on to share them with more employees, allowing the spread to creep around the entire enterprise.

Myth Four: Our IT team know who has access – so our network is safe

Okay, this one has a couple of threads to unravel.

Passwords for highly privileged accounts are often hardwired into applications, or given to contractors and outsourcers to use. Because these logins are shared it’s impossible to pinpoint exactly who, or even what, is behind the connection. Similarly, as we’ve already alluded, these passwords infrequently change, meaning someone who is no longer employed or contracted by the organisation could hijack these credentials and gain access.

In the case of administrative accounts, these exist in droves and, again, they too get shared. Because everyone uses the same common credentials to get into a machine and make changes at a highly privileged level you never really know who is responsible for alterations, or even has had access to sensitive data.

A final issue is people changing job roles within the organisation. If their credentials haven’t been changed then they may still have access to information or services that they no longer need.

Myth Five: Our existing Identity Access Management software is controlling users – so our network is safe

This is a common misconception. As we've already said, most organizations have no processes to control highly privileged administrator logins typically used for emergency firecall or routine administrative access.

To spell it out, all existing security solutions - firewalls, IAMs etc. don’t track and control privileged identities. The truth is that, unless it’s a specialised solution, it can’t!

Now, how many of you thought you were safe prior to reading this article? While the majority of organisations are ignorant to the reality of the security within their enterprises, ignorance is not an excuse should your systems be breached. Instead, regain control of your enterprise by following these five rules:

1. Don’t focus purely on passing an audit. Instead remember that your end goal is continuous compliance. You can achieve positive results by viewing each potential security hole as something to investigate and mitigate rather than a crack to be papered over.

2. Ensure all default passwords are changed before deploying any new devices or programs in a networked environment. This can be easier said than done – as there could be more published default logins and developer back doors on your network than anyone might know.

3. Configure all privileged accounts to require password changes every 60 days at the most – using unique, complex passwords for each account in the network.

4. Store all passwords in an encrypted format, only accessible with delegated and audited super-user privileges.

5. Employ automated tools that will inventory all privileged accounts, monitor for anomalous behaviour, audit all activities and control their management consistent with the FDCC (federal desktop core configuration) standard.

Since the early 2000’s, US based Hedge Fund and Private Equity managers have looked across the Atlantic as a way of expanding their businesses. In some cases it was to have actual portfolio managers operating in the UK, whereas in others it was to have a European research and/or marketing capability. Being in Europe allows the business to access markets and knowledge not easily available in the US. Crucially, it also opens the door to a larger, more diverse investor base.

Irrespective of the rationale for setting up in the UK, they all face the same challenges: different regulations, different taxing regimes, different employment laws and importantly, a different business culture.

Historically, US businesses have not always been keen on outsourcing in their own country. However, the exploits of Bernard Madoff have unwittingly forced US fund managers to outsource their fund administration function (pricing of positions, etc.) as investors are now unwilling to invest in a fund where the pricing is not performed independently.

On the other hand, when setting up in the UK fund managers eagerly embrace outsourcing. The reason? Simple: they don’t understand how things are done in the UK and find it much more economical and efficient to outsource the knowledge that they lack. They could of course hire a team of support staff internally but as they usually work to a budget, this would tend to be much more expensive. As such, they only hire core staff and outsource most other functions.

But cost isn’t the only reason. Afraid of employment laws that are more draconian than they are used to, US managers don’t like the idea of hiring vast numbers of staff that could be expensive and troublesome. In addition, there is another employment matter to consider: the career of the non-core staff they are hiring. Do they really want to develop the career of a payroll technician? How do they go about staff training them? What career path are they going to have? These are problems for the outsourced service provider, not the fund manager, which makes outsourcing a more attractive option.

Another benefit for US managers is the ability to scale up or down should the business either grow or shrink. Again, this allows the team to focus on managing money whilst the outsourced service provider reacts to the resourcing needs.

The changing regulatory landscape currently being dictated by Europe is causing the greatest challenge and potential obstacle to managers coming to the UK. Whilst the full impact of this is not going to be felt for a few years yet, US managers are keeping a close eye on developments. However, by having a fully scalable back office function due to outsourcing, the manager is more readily keeping his options open to change.

In a nutshell, the full benefits of outsourcing are seen in US inbound set ups; flexibility, scalability, cost savings, depth of local knowledge and control.

More than £4bn of outsourcing tenders is currently under negotiation, according to a study of contracts the Official Journal of the European Union.

According to today’s Financial Times, this has led to many City investment analysts – who have conducted research into outsourcing companies’ bid pipelines - predicting an outsourcing boom.

Martyn Hart, Chairman of the National Outsourcing Association said:

“Pressure on the public sector to make cost reductions has made for a healthy pipeline for many outsourcing suppliers, particularly now that tender costs have been reduced through ‘de-formalisation’ of the bid process. Having learned to engage suppliers earlier in the process, expect more business process outsourcing, as the public sector learns how to get itself a better deal. Commoditised IT can save around 10% annually, but only accounts for 5-6% of government spend - BPO can offer savings on a much grander scale. Expect those companies that offer both ITO and BPO services to be most coveted by City investors. And, to ensure Outsourcing Works, the government must invest the time to up-skill its people. Only through proficiency, experience and knowledge-sharing can the public sector maximise the cost and service benefits of this outsourcing boom.”

Cumbria County Council has rejected bids from BT and Fujitsu to provide its superfast broadband roll-out across the region.

The central government funded project planned to give 90% of homes in Cumbria a minimum of 25Mbps broadband speed by 2015.

Despite the tech giants being the final two in the process for the £40m contract, Cumbria CC has decided that neither bid is suitable.

A statement from Cumbria County Council said: “Cabinet received detailed submissions from the final two potential suppliers (Fujitsu and BT) and despite a lot of progress being made, neither of the final tenders had completely fulfilled the original and full requirements of the procurement process,”

Defence secretary Phillip Hammond has inked a £1bn contract for reactors that will power the next generation of British nuclear submarines, creating 300 jobs.

Two reactor cores are set to be built at the Rolls Royce plant in Derbyshire. One of them will be used for a new Astute-class attack submarine, and the first of the next-gen nuclear deterrent subs.

An MoD spokesman said: "This government is committed to maintaining a continuous submarine-based nuclear deterrent and announced last May that design work would begin to replace our existing submarines. Following a Trident value-for-money study carried out as part of the strategic defence and security review, we are proceeding with initial work to renew the nuclear deterrent, but a final decision will be taken in 2016.”

The Cabinet Office has announced the 29 companies that will tout their wares over the public sector network (PSN).

The PSN will provide a central hub that public sector entities can acquire communications services through, reducing duplication or cost inefficiencies from current ad hoc processes.

Vodafone, Telefonica, Virgin Media Business, Logicalis, BT, Cable & Wireless Worldwide, Level 3, Capita Business Services, Fujitsu, MDNX Enterprise Services, Eircom and Computacenter all feature on the list, amongst others.

PSN programme director Craig Eblett said: “The PSN Services Framework, together with the PSN Connectivity Framework, provides the public sector with the preferred route to market for all PSN networks and telecommunications spend.”

Computacenter shares have fallen 12% to a new year low after warning investors that increased demand for services will mean huge recruitment costs.

The rapid growth of IT services businesses in Europe, particularly in Germany and Spain will mean that the firm will have to take on an extra 700 staff in order to cope with demand. Computacenter had already planned to hire 500 extra workers in the second half of this year and with the new recruitments will have face £7 million in costs, wiping 10% off of expected profits for the year.

Mike Norris, CEO of Computacenter was quoted in The Guardian: “If you go back a year, [it] was growing at 1 per cent. Now it’s growing at 15 per cent. It would be fair to say that it has grown faster than I expected. Is [the £7 million] investment or for poor execution? There’s an element of both”

He continued: “If you look at Logica and BT Global Services, they’ve had to make big adjustments down the line.”

Unilever is planning to close sites in England and Wales, cutting up to 800 jobs and offshoring to Bangalore.

The proposed cuts affect factories in Slough and Swansea, a distribution centre in Bridgend and an office in Ewloe, north Wales. They could mean 500 direct job losses, 300 redundancies among contractors and third parties, with 100 jobs offshored to its IT centre in Bangalore.

At the same time, it plans to invest £40m in its ‘historic home’ - Port Sunlight on the Wirral. This investment is expected to create 150 jobs.

Cognizant today announced that it has expanded its relationship with ING U.S. to offer a comprehensive array of insurance business process services. ING U.S. is the U.S.-based retirement, investment management, and insurance operations of Dutch-based ING Groep N.V. (NYSE: ING). The expanded seven-year, $330 million agreement builds on Cognizant’s ongoing success in providing specific technology systems management for ING U.S.

Under the terms of the new agreement, Cognizant will hire more than 1,000 ING U.S. employees in Minot, North Dakota and Des Moines, Iowa to create a world-class, U.S.-based center of excellence for insurance and finance business process services. This center will be an integral part of Cognizant’s global delivery network and will allow Cognizant to provide an expanded range of business process services spanning the insurance and financial services industries. Cognizant currently provides business process services to more than 40 clients in these industries.

As part of the multiyear agreement, Cognizant will purchase ING U.S.’s existing facility in Minot, North Dakota, and will sub-lease offices in the current ING U.S. facility in Des Moines, Iowa, providing business and workplace continuity for ING U.S. customers and the employees who will transition to Cognizant.

“We are pleased to partner with ING U.S. to launch our U.S.-based business process services center of excellence for the insurance and finance industries,” said Gordon Coburn, President of Cognizant. “We look forward to welcoming ING U.S.’s employees to Cognizant and working with this highly talented group of individuals. Our new center of excellence will serve as a key long-term component of our global delivery network and is yet another step in our ever-expanding in-country delivery capability.”