Daily Archives: May 2, 2012

How to make informed decisions when outsourcing cloud computing

Executives are jumping on the outsourcing bandwagon as cloud service providers promise unlimited scalability, reduced expenditures for hardware and IT staff, and the ability to offload software and routine maintenance at a moment’s notice.

In fact, Gartner analysts predict that 35 percent of enterprise IT expenditures will be managed outside the IT department’s budget by 2015.

But overzealous executives eager to jump to the cloud may encounter security issues down the road, as the security practices of the cloud service provider are often unclear — up to and including where the data is stored. A survey by Symantec shows that only 27 percent of companies have set procedures to approve cloud applications that use sensitive or confidential information.

“It’s easy to deploy data and applications to the cloud, but most executives don’t have a handle on the true risks associated with those decisions. So they fail to build the proper assurances into the procurement process,” says Brian Thomas, IT advisory services partner for Weaver.

Smart Business spoke with Thomas about the risks of outsourced computing services and why companies should seek an auditor’s assurance during the procurement process.

What are the specific risks associated with the cloud and outsourced computing?

Possible issues include data integrity, confidentiality, privacy and security, system availability and reliability, and data retention and ownership. But the threat level and mitigation strategies vary depending upon the importance and sensitivity of the data being processed by the cloud service provider.

It may not matter if you can’t access your sales prospects for a few hours if your hosted CRM application goes down, but business would come to a halt if your hosted e-mail or e-commerce system crashes. Therefore, the provider’s server redundancy and service-level contract guarantees may be the most critical risks to address, where in other cases, the primary concerns may be security and privacy issues. Certainly, regulated companies need to pay particular attention to how the cloud service provider addresses their regulatory risks.

How can executives identify outsourcing risks?

When considering cloud computing project ideas, executives should ask a lot of questions. First, they must understand the nature of the cloud services being procured and the sensitive aspects of the systems being hosted or managed by the provider. After getting an understanding of the types of data and systems that will be exposed to the cloud, executives should ask ‘what if’ questions of their project teams. Such questions should be focused on general risk areas including data integrity, confidentiality, privacy and security, and system availability and reliability.

Executives should also get an understanding of their company’s exposure to risks related to data ownership and retention. Examples of questions to ask include, ‘What will happen if we lose connectivity to our cloud service provider for an extended period of time?’ And,  ‘What happens if our cloud service provider is acquired by another company?’

How can executives use an outside audit to ensure the performance of service providers?

A third-party assessment by a qualified professional is the only way to know whether a cloud service provider has designed and implemented effective measures to identify and mitigate relevant risks, as self reporting is inadequate and providers may simply tell you what you want to hear.

You can save money by having your auditor review a cloud service provider’s service organization controls (SOC) report. There are three reports available under the AICPA’s standards for service providers. SOC 1 is based on the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and is best suited for companies that previously used SAS 70 for Sarbanes-Oxley or financial audit compliance. SOC 2 addresses the design and operating effectiveness of a service organization’s controls over the security, availability, processing integrity, confidentiality and privacy of a system. This may be more valuable for executives evaluating the controls a cloud service provider has in place to address risks beyond those relating to financial reporting.

SOC 3 involves the same scope as SOC 2; however, the report contains less detail and is intended for broader (marketing) audiences.

When are SOC 2 and SOC 3 appropriate?

Executives should request that their cloud service providers submit a SOC 2 report where applicable. The scope is generally best suited to address the concerns of users of cloud services. SOC 2 reports provide details of the procedures executed by the auditor to test the controls in place at the cloud service provider, and the results of those procedures.

If a cloud service provider only has a SOC 3 report available, that may be sufficient for getting comfortable while evaluating the service provider during the procurement process. However, executives responsible for the cloud services should request that the service provider submit a SOC 2 going forward to ensure that they can monitor the provider’s efforts to address any failed control activities.

Are there other certifications that can help mitigate risk when transitioning to the cloud?

If the provider cannot provide a SOC 2 report, see if they are certified as ISO 27001 compliant or if they have obtained assurance reports from a security firm addressing the ISO 27001 standard. If the provider processes, stores or transmits credit card information, it is required to meet the Payment Card Industry’s Data Security Standard (PCI DSS). Be careful when using these other forms of assurance. Their scope is generally narrower than SOC reports and may follow less rigorous quality assurance standards. However, in the proper context, they can be useful for executives attempting to get information about the activities performed at the cloud service provider.

Read More:

http://www.sbnonline.com/2012/05/how-to-make-informed-decisions-when-outsourcing-cloud-computing/?full=1

Did you like this? Share it:

Advice to Choose High Quality Offshore Outsourcing Software

Offshoring occurs whenever businesses increase using info administration as well as monitoring techniques in order to deliver or even "contract out" function in order to others or even impartial companies besides their own workers. Freelancing allows businesses concentrate on their own main or even primary company whilst offshoring non-core features in order to businesses, which focus on particular regions of knowledge.

The actual existing slogan: "Focus on which you need to do greatest as well as outsource the remainder. Businesses conserve hundreds of thousands within cost to do business. Additionally, businesses, which focus in many cases, are superb within their specialization as well as get access to assets as well as technologies that the organization that not really focus on which region couldn’t pay for to purchase by themselves. Well-liked features in order to outsource tend to be phoning centers, payroll as well as it providers.

Offshoring is actually freelancing overseas. Usually, the term offshore development software conjures upward thoughts associated with moving low-tech production work to reduce price suppliers abroad; nevertheless, recently, offshoring offers broadened towards the hi-tech support field this type of software program improvement, architectural as well as sales. Because of this, offshoring has turned into politics soccer since it successfully exchanges work abroad as well as place unemployed workers. Numerous political figures earn ballots through campaigning towards this.

Each outsourcing as well as offshoring developments tend to be allowed with the free of charge circulation associated with info permitted by way of brand new "Internet centered" info administration as well as collaborative company techniques. These types of techniques permit 2 geographically dispersed businesses in order to work together, work with others, connect as well as conduct business as though just about all workers within each business had been co-located inside a down-town high-rise. This particular smooth procedure offers provided increase in order to phrase for example Digital Companies, Digital Businesses as well as The online world Companies.

There are some limitations also like the actual drawbacks associated with each outsourcing as well as software custom development need to do along with interfacing using the finish client. In order to contend within the worldwide economic climate, businesses should be 100 % customer-focused, in a position to react instantly in order to client requirements and/or style services and products to satisfy client requirements.

To judge as well as react to client requirements, businesses have to correctly connect, work together as well as user interface using the client whenever possible. Right now, generally, the businesses that manage the actual outsourced function tend to be much taken off the client. Regarding offshoring, they’re internationally having a various vocabulary, another lifestyle along with a various thought process. Well-documented as well as promoted instances tend to be customer support phone centers.

Read More:

http://www.sooperarticles.com/technology-articles/software-articles/advice-choose-high-quality-offshore-outsourcing-software-925961.html

Did you like this? Share it:

Outsourcing contracts and negotiations getting more complex

Given the maturation of the IT outsourcing market and the introduction of more standardized offerings like cloud computing, you might assume that negotiating IT service deals is getting easier.

Not according to the lawyers hammering out the agreements.

KPMG reports that 41% of outsourcing attorneys surveyed for its 2012 Legal Pulse report indicated that complexity in contracting for outsourced services—as evidenced in things like service levels, contract structure, pricing models, use of global sourcing—has actually been increasing. (The survey included outsourcing attorneys at 31 law firms.)

Sure, buyers and suppliers are more experienced and new out-of-the-box services are gaining traction. But that may be increasing complications in contracting. More sophisticated buyers are seeking higher-value benefits from outsourcing, globalization is increasing, and business leaders are sending more complex functional and process work out the door.

"As buyers gain more experience they continue to push the envelope in terms of scope, complexity of work outsourced, number and diversity of service providers utilized, geographical scope and mix of service delivery models. Complexity comes with the territory," says Stan LePeak, KPMG’s director of research for advisory services. "So while the outsourcing market is maturing, it is not necessarily getting simpler, easier, or safer."

Address IT Complexity Upfront

A complex contract, in and of itself, is not a bad thing. It can result in greater benefits for the outsourcing customer or may better address issues of pricing, performance and risk "Problems arise when complexity is not adequately addressed, recognized or accounted for upfront and in the ongoing management of the outsourcing efforts," LePeak says.

The key is to make sure that the level of complexity in the legal documents is commensurate with the nature and goals of the outsourcing arrangement and not just the result of a once-burned buyer or overzealous counsel.

Typically, as services markets mature, best practices in contracting tend to cement themselves in the way of standardized pricing, performance assurance and—particularly—defined terms. However, 27% of the attorneys polled reported little or no standardization in defined terms, which LePeak says also points to the fact that while outsourcing is maturing, it’s also been expanding into uncharted territory in terms of scope, objectives, and geography.

The survey asked about the most contentious issue in outsourcing negotiations. The most challenging contractual terms to reach agreement on were limitation of liability, indemnities, step-in rights, pre-defined direct damages, and supplier financial risk—all of which involve potential financial exposure to supplier or client. The most challenging commercial terms to come to consensus on were termination fees, termination rights, service levels, transformation and transition fees—all of which involve service provider risk.

Arguments over terms related to transformation rated 17% higher than last year as more buyers are attempting to include transformation goals in their outsourcing engagements. "Transformation involves building into the contract terms, conditions, or measures for process transformation or for innovation or other nebulous but value-laden keywords," says LePeak. "The challenge is translating a somewhat conceptual idea like transformation into contracted terms and conditions and factoring in all the events and conditions that could impact transformation being achieved or not."

Read More:

http://www.itworld.com/it-managementstrategy/272802/outsourcing-contracts-and-negotiations-getting-more-complex

Did you like this? Share it: