Tag Archives: software

Cloud computing presents big savings opportunities

With some kind of major budget cutting around the corner, no matter what happens with sequestration, government organizations need to lower their information technology costs. One option that works: Leverage cloud technology. And don’t stop with “routine” IT processes — the impressive savings come when you leverage cloud to truly support your mission.

The government’s Cloud First strategy requires agencies to evaluate secure cloud computing options before making new investments in IT. The strategy identified $20 billion in potential savings from cloud computing; this represents 25 percent of the total IT budget. For agencies to tap into this cost savings opportunity, they must leverage the cloud for mission efficiency and IT efficiency.

The government’s 2009-2010 inventory of its data centers identified more than 3,000 data centers, providing a great opportunity for cost savings and increased efficiency by moving to the cloud. A recent Deltek report estimates that the average use of federal servers is 24 percent — the target is 60 to 80 percent. This means the average federal server operates at only 24 percent of capacity.

Imagine if an employee worked only 24 percent of the time. If you did not look at how to improve that employee’s productivity, you might unnecessarily hire two to three more employees to fill the gap. You might also forgo projects because you think you don’t have manpower to complete them.

When you translate this scenario to IT infrastructure, it’s easy to see room for savings. As IT infrastructure and operations account for 60 percent to 75 percent of an organization’s IT spend, closing that gap is crucial to lowering the cost of government.

Organizations that reduce costs and increase IT resource use have demonstrated three ways to tap into the full cost savings opportunity of the cloud through the delivery of mission efficiency:

• Build a strong foundation through Infrastructure as a Service. By consolidating IT infrastructure through virtualization, among other things, agencies can pool underused resources and create efficient, resilient IT infrastructure. Cost savings are real, because when you consolidate underused servers into a common pool of resources, agencies are in a better position to extend the life and capabilities of existing infrastructure and make smarter future purchases.

• Pay for the software applications you actually use, and make them broadly available on multiple devices via Software as a Service. In this model, cloud providers install and operate application software in the cloud, and users access the software from the cloud clients. This eliminates the need to install and run the application on the user’s own computers, and significantly increases scalability. Price is also adjustable based on the number of users. This is valuable when a lot of users want to access the same application.

Across government, there are many common applications, such as email, collaboration, content management, project management, human resources, finance, grants and procurement. This presents a significant consolidation opportunity, as SaaS is the most efficient model available for the adoption of such applications. Leveraging the SaaS model for these applications has another significant advantage — it will make them more accessible to an increasingly mobile or field-based workforce. This saves money and enhances productivity, motivation and flexibility.

• Use the cloud to make software development easier, faster and more cost-effective. Most application development in the government happens outside of the IT department. As agile development methodologies have entered the mainstream, combining them with the Platform as a Service technologies will result in another level of cost savings. Modern PaaS environments, where applications can be deployed without requiring users to purchase and maintain additional hardware and software, reside upon the IaaS infrastructure model. By combining these approaches, agencies can reduce software development times and costs.

PaaS environments also enable applications to take advantage of the cloud’s flexibility and agility. And some PaaS environments feature tools that allow for the rapid development of mobile applications, which could accelerate the migration of core government services to support a mobile workforce and empower citizens to interact with their government in the same way they do with their insurance companies and banks.

A recent MeriTalk report on migrating mission-critical applications to the cloud reveals that the government could save approximately $16.6 billion annually if all agencies move just three mission-critical applications to the cloud. Of those that have moved a mission-critical application to the cloud, 91 percent report success.

One of the biggest challenges the study found was security. Predictably, 73 percent of IT managers and systems integrators surveyed said security concerns are a primary barrier to virtualization. As a result, most favor private clouds, where the agency owns the cloud and all the information residing there. Despite the challenges that come with virtualization, the study found that the government clearly recognizes the benefits that moving to the cloud would bring in cost savings, efficiency, availability and agility: Federal IT executives say they expect 26 percent of their mission-critical applications to live in the cloud in two years and 44 percent in five years.

Virtualization solutions, which provide the foundation for a smoother transition to cloud solutions, are currently run by all 15 executive branch agencies, including all Defense Department agencies, services and joint commands, and throughout both the legislative and judicial branches. However, recent reports estimate that only one-third of federal servers are virtualized, leaving enormous opportunity to realize savings.

Virtualization is defined as the creation of a virtual (rather than actual) version of something, such as a server, storage device or operating system. Virtualization addresses IT’s most pressing challenge — the infrastructure sprawl that compels IT departments to channel 70 percent of their budget into maintenance, leaving scant resources for business-building innovation. Virtualization helps reduce capital expenses through server consolidation, leaving more budget room for business-building innovation.

Tapping into the significant advantages of the cloud will also increase mobile workforce capabilities, reduce energy costs and consumption, increase agility and, most importantly, allow agencies to more effectively and efficiently meet their missions.

Source: http://www.federaltimes.com/article/20130303/ADOP06/303030004/Cloud-computing-presents-big-savings-opportunities?odyssey=nav%7Chead

Did you like this? Share it:

Is Cloud Computing Ready for Primetime in Healthcare?

Is Cloud Computing Ready for Primetime in Healthcare?

While researching an article on cloud computing recently, I had an opportunity to interview hospital CIOs on their opinions of the cloud. Although the CIOs I spoke with acknowledged potential benefits of the cloud to reduce costs and foster more collaboration among users, they are taking a decidedly cautious approach when it comes to implementing it in their organizations.

Chuck Podesta, senior vice president and CIO of Fletcher Allen Health Care in Burlington, Vt., for example, says healthcare provider organizations will be “one of the last frontiers” to use the cloud. His main concern is around security, particularly with protected health information. Nonetheless, he thinks more organizations will take advantage of the cloud as security improves. He adds that one area where the cloud makes sense is imaging, because of the bandwidth requirements to share images.

Scott Whyte, vice president of IT connectivity at Dignity Health, a 39-hospital system based in San Francisco, says the organization’s move to the cloud has gradually expanded; he says Dignity Health has taken a strategic approach to the cloud, where the solution needs to be implemented quickly, is highly secure, and compliant with Health Insurance Portability and Accountability Act (HIPAA) regulations. He describes a “portfolio approach” to the cloud, in which its applications are divided among the cloud, hosted by the vendor or as a SaaS, and its own enterprise data center.

In Whyte’s view, one driver in cloud adoption in the future will be as a collaborative platform. After all, he points out, most health systems in the country are not comprehensive systems that combine the health plan, hospital and physician group all under one umbrella. When one takes into account the different reimbursement models and care delivery models that will be paired together, many of these groups will need to collaborate, and there are advantages to being able to share and house information in different locations, he says. He says the cloud is able to foster collaboration between external partners in a way that can be implemented quickly.

Of course, all of the partner can expect that there will be an auditable process in place, and that their information is secure. That’s where the choice of a cloud service provider can either make or break the cloud as a platform for collaboration. He suggests that criteria for evaluating a qualified cloud service provider goes beyond strictly technology issues to “thought leadership, skills, and an understanding of the healthcare space.” To be sure, choosing a qualified cloud service provider is a bridge that must be crossed by any healthcare CIO considering a move to the cloud, regardless of the type of application.

Turn to the cloud computing story in the March issue of Healthcare Informatics for more on what CIOs and IT experts say about making a choice that makes sense for the organization.

Source: http://www.healthcare-informatics.com/blogs/john-degaspari/cloud-computing-ready-primetime-healthcare

Did you like this? Share it:

Can IT Outsourcing Learn From Facilities Management Outsourcing?

2013 began with a flurry of articles about companies insourcing work or rethinking their sourcing strategies. The reasons for this vary by company, but often include a perception that outsourcing has not delivered the cost savings, innovation or other value the companies had hoped to realize, particularly in information technology outsourcing (ITO). In contrast, we continue to see high levels of satisfaction among companies that have outsourced facilities management and other real estate functions. This makes us think the ITO industry might benefit from some of the best practices used in FMO deals.

First, let’s define what we mean by FMO. FMO involves the outsourcing of functions necessary to keep a company’s leased and owned buildings operating. FMO deals typically include core functions like maintaining building systems, performing repairs, and handling custodial and landscaping work. They will often also include higher value services like energy demand management and procurement, space planning and support for critical facilities like data centers and lab space. They may also be part of larger outsourcing relationships in which a company outsources responsibility for managing construction projects, lease administration or brokerage transaction management. For companies with sizable real estate portfolios, the annual spend covered by an FMO deal can be in the tens of millions of dollars.

Now let’s outline some of the key reasons we think FMO deals seem to have a relatively high success as compared to other types of outsourcing.

Transparency. FMO pricing is usually open-book. The supplier will perform the services using a combination of its own employees and networks of third party providers. The customer will reimburse the supplier for the salary and benefits of each supplier employee and for the actual costs paid by the supplier to the third party providers (with no mark-ups). The customer has visibility at all times into what resources are working on its account and what each of them costs.

Supplier Pricing. FMO pricing structures can vary, but the most common structure is for the supplier to charge a management fee for each square foot of real estate it manages. Management fees typically range from $0.05 to $0.20 per square foot depending on the size of the deal and the type of space to be managed, and include all supplier profit and non-reimbursable overhead. Because supplier employee and third party provider costs are passed through without mark-up, the supplier has no incentive to increase these costs (and equally important, no disincentive to reduce them). The supplier receives the same management fee whether it uses 5 or 10 employees to perform a particular function. This creates a very different dynamic between customer and supplier than the unit price x quantity (PxQ) pricing structures that often discourage ITO suppliers from proposing to automate services, virtualize servers or implement other innovative solutions that may benefit their customers but ultimately reduce the number of "units" they can charge for.

Risk/Gain Sharing. ITO suppliers often talk about risk/gain sharing mechanisms, but they almost never come to fruition, in part because of how ITO deals are structured. With a PxQ pricing structure, it is very difficult to create "gain" that benefits both parties and even more difficult to measure it when the supplier does not share its underlying costs. In contrast, FMO deals often include "savings targets" that focus both customer and supplier on reducing the customer’s costs. For example, assume the customer and supplier have agreed to a cumulative savings target of 10% in year 1. If the supplier exceeds its target, it might receive a bonus (e.g., 20% of incremental savings); if the supplier fails to meet its target, it might share in the pain (e.g., reduce its management fee by 20% of the variance between actual costs and the savings target). The contract must include clear guidelines about how "savings" are to be measured, but in general this type of risk/gain sharing structure can align customer and supplier interests, motivate supplier account teams, and allow both parties to "win" when they are able to reduce the customer’s costs.

Customer Satisfaction. Like ITO deals, FMO contracts typically include quantitative service levels (or key performance indicators) that are measured on a monthly or quarterly basis and obligations for the supplier to provide a credit against its management fee if it fails to meet them. However, unlike ITO, FMO suppliers will often also put a significant amount of their management fee at risk (typically 25% to 35%) for meeting the expectations of customer leadership. In other words, at the end of the year if the customer is not happy with the supplier’s performance, the supplier will receive a significantly lower fee even if it is meeting the quantitative service levels and technically fulfilling its obligations under the contract. If the supplier exceeds customer expectations, it might receive 100% of its fee and a bonus that is to be distributed among the employees working on the customer account.

There are certainly inherent differences in ITO and FMO deals and in many cases good reasons to have different deal structures. Nonetheless, FMO provides some interesting alternatives to consider for customers that are unhappy with their existing ITO relationships and for suppliers that are looking for new ways to build trust and expand relationships with their customers.

Source: http://www.jdsupra.com/legalnews/can-it-outsourcing-learn-from-facilities-82046/

Did you like this? Share it:

Google cozies up to developers with Google+ Sign-In

Google is making it easier for app developers to connect with users on its social network through Google+ Sign-In, a new feature that allows people to sign into third-party apps using their Google+ credentials.

The authentication system lets Google+ users sign into outside apps with their existing user name and password, and includes Google’s two-step security verification when logging in from a mobile phone. The user’s Google+ info is automatically pulled into the app with the tool, which is available to Android, iOS and Web application developers.

"It’s simple, it’s secure and it prohibits social spam," said Google+ product management director Seth Sternberg Tuesday in a blog post.

The sign-in feature is aimed at making Google+ and Google’s developer platform more widely used, while other social networks like Facebook and Twitter already offer easy access to outside apps.

The feature works like this: If a person is signed into Gmail, YouTube or any other Google service, the user can sign into the outside app with the same credentials. The person then lands on a Google+ permissions page outlining the data that the person is sharing with the app, which can be customized.

Google is highlighting Sign-In’s content-sharing controls as a major feature of the service. The functionality rests on the premise that users might want to share certain types of app content with some people in their network but not others.

People might want to share things, for instance, like high scores on a gaming app with the world, but keep other things, like data from a fitness app, to themselves, Google said.

The sharing controls are also designed to encourage more engagement with apps on Google+. When Google+ users share an app that uses Google+ Sign-In, friends will see a new kind of "interactive" post in their Google+ feed. Clicking on the post will take the person inside the app where he can buy, listen to or review what was shared, Google said.

Google+ Sign-In is also designed to simplify the app installation process across desktops and mobile devices. When Android users sign into an app on the desktop, they can install the mobile version of the same app on their Android device with a single click, Google said.

Google seems to be positioning the Sign-In service as an easier way for Google users to engage with apps and to better target who they are sharing with on Google+. The feature also functions similarly to how people can already sign into apps using their Facebook and Twitter credentials using those social networks’ developer platforms.

Still, Google’s Sign-In developer platform comes more than a year-and-a-half after Google’s launch of its Google+ social network.

Developers currently using Google+ Sign-In include OpenTable, Flixster, the Guardian, and USA Today. Tuesday’s rollout is an initial release, Google said. "We’re just getting started," said Sternberg.

Source: http://www.infoworld.com/t/application-development/google-cozies-developers-google-sign-in-213545

Did you like this? Share it:

Offshore software outsourcing market the complex analytics

f_11311444245_technology.jpg

The customer and clients have a good understanding as to what’s happening inside the Software Company in order to get their work done; which we actually provide it. We means “Offshore Software development Company” at the other end who takes care of the developing work at famous and important destinations like India, China or even some of cities and country in Europe and South Asia. Everything begins from a block of box, and later it is released into chain of activities.

Signing agreements is one of the essential parts of work in Offshore Software Outsourcing Company. After the patent of work is delivered to the outsourcing India, the technology is been kept secretive (as much as possible) in fear of duplication. This is one of the trade secret of the IT Company. Each and every company has models which brings work to the Software development firm. Now the IT Company has started providing back-testing facility to the financial structure. They stand as a strong competitor in the lucrative market.

But before the negotiation process, the client-company needs lot more details on the work of the other company. There are a bit scared or hesitate to get into long-term relationship, for the lack of deeper understanding of the functions of the Offshore Company at distance. Now the company finds it difficult to reveal every business plans and administrative work to these offshore clients. At such a situation, the unit can perhaps demonstrate and reveal the model in such a way, that the client is forced to hit on the sale.

Offshore Software Outsourcing unit to follow the golden rule

Any company, who wants to sell their products, should present their product in the form of rarity. If the software development company learns to tackle with such situations, then the business could be seen growing in large scale. It is much easier for the medium sized Offshore Software Outsourcing unit to follow the golden rule, as the fact is lot of money is lured into the software business, and the algorithms of the firm need not be revealed to the third party.

One of the other ways to tackle the client demands is to tell him directly that it is between company proprietorship and they cannot simply steal the matters. Any yet they continue, suggest them to go elsewhere. One of the idea suggested by the Top Offshore Software Outsourcing Companies in India, is to develop proper diagrams and plans perhaps the doubts would be cleared automatically. Such an impressive task does make lure good business opportunities from the offshore clients. Business decisions cannot be too depended on “guts-. Perhaps a legal agreement would solve the basic yearning problem.

The company need not show its dumb attitude to selling. If the vendor party is trying to keep the details private, they accidentally make an attempt to make the Offshore Software Outsourcing client dependent, which is actually screwing the opposite. So to maintain relationships with the outsourcing company is a little tricky, but yet with experience and proper exposure into the work, a company can offer long-lasting relationship to Software Outsourcing China.

Source: http://www.techbreakthru.com/offshore_software_outsourcing_/

Did you like this? Share it:

Ex-Infosys Exec Aims to Shake Up IT Outsourcing Billing Model

A former Infosys Ltd executive is challenging the IT outsourcing industry’s billing model by charging for results instead of basing fees on the time and labor put in by the armies of staff working for India’s big firms.

Outcomes-based billing, growing as a share of revenue across the industry and pursued most aggressively by iGate Corp Chief Executive Phaneesh Murthy, is meant to appeal to clients with less-certain budgets in a tough economy.

If the services don’t deliver an agreed-upon result, such as reducing the cost of processing a loan or cutting the reject rate in an auto parts factory, the customer pays less. But the strategy also boosts profit margins for IT companies, raising questions about which model is better for customers.

Murthy was a rising star at Infosys as California-based global head of sales before leaving in 2002 after a sexual harassment lawsuit against him and the company, which made headlines at the time and was settled out of court.

"If you look at the external environment, customers don’t know exactly what their revenues are going to be, what their volumes are going to be, and therefore passing on that risk to the vendor is a very appealing concept right now," Murthy said in a recent telephone interview.

Traditionally, iGate and other smaller IT outsourcers have competed with Indian heavyweights such as Tata Consultancy Services and Infosys on price.

Murthy, 49, founded a company that was bought by iGate, which is based in Fremont, California, but has the bulk of its staff in India. In 2011, he teamed up with buyout firm Apax Partners for iGate’s $1.2 billion purchase Indian rival Patni Computer Systems, which was more than twice its size.

Murthy has been an outspoken critic of the industry’s traditional billing model, known as time-and-material. In a marketing campaign, iGate dismissed the model as a "criminal" practice that has "swindled" billions from large companies.

IGate took out an advertisement in The Economist magazine in January that read, "If this ad does not deliver results, we’re not paying The Economist", marking a rare foray into mainstream media for an outsourcer.

While the company’s irreverent tone is striking for an industry that tends to be staid, part of it is bluster: Outcomes-based pricing accounts for just a single-digit share of revenue. Most of its business is billed in the traditional way. Murthy wants to grow the share of outcomes-based billing at iGate to 15-16 percent this year and 30 percent by 2017. By comparison, the industry may earn about 22.5 percent of revenues through that billing model by 2018, predicted Ray Wang, principal analyst at Constellation Research based in California.

BETTER DEAL?

India’s $108 billion-a-year outsourcing industry got there by throwing hundreds of thousands of bodies at everything from selling credit cards by phone to processing mortgages and managing complex computer networks from remote locations.

Peter Bendor-Samuel, chief executive of Everest Group, a U.S. consultancy that advises clients on outsourcing, said outcomes-based pricing is more opaque than the time-and-material model. "In the short term, that creates margin opportunities. Over the medium to long run, clients recognise that and the way they deal with that opaqueness is to introduce competitive pricing, and what does competitive pricing do? It compresses margins."

"Complicated models lead to mistrust, and also complicated models are much harder to scale," he said.

Murthy, however, believes outcomes-based billing lends itself to the move towards providing services through technology and away from deploying large numbers of people. If a company can deliver results with fewer people, costs come down. Margins for outcomes-based work are 7-8 percentage points higher than for traditional work, Murthy said. The time-and-material model encourages IT companies to add people because they bill based on man hours.

Sundararaman Viswanathan, a Bangalore-based manager at consultancy Zinnov LLC, said iGate’s campaign to push outcomes-based billing is good for the industry: "It’s a game changer because they are forcing everyone to start talking more openly about the pricing models."

Analysts expect iGate’s earnings to grow the fastest among key rivals including Infosys and U.S.-based Cognizant Technology over three to five years at a compound average annual rate of 19.5 percent, Thomson Reuters data showed. Chandrashekar Kakal, senior vice president and global head of IT services at Infosys, said that while outcomes are important to customers, Infosys views them as a part of its overall offering and not as a driver of pricing.

"Pricing model could be anything, so you keep it aside," Kakal said on the sidelines of an industry event on Feb. 14.

Murthy, who still owns Infosys shares from options he received when he worked there, argues that outcomes pricing is a better deal for clients and enables him to answer questions he said frequently arose at his earlier employer. "When I was in Infosys, while it had a great model, the four or five questions which customers always asked me, which I couldn’t find an answer to were: you learn at our cost, you are putting junior people on the job, you are getting paid whether we are successful or not, you are getting paid whether the project meets its business case or not," he said.

But for some clients, simpler may be better. "I think that model which he’s espousing, while attractive or sounding attractive, is going to be increasingly hard," said Everest’s Bendor-Samuel. "If you’ve got a simple model operating right next to it, the larger market will opt for simplicity."

Source: http://www.wallstreetandtech.com/operations/ex-infosys-exec-aims-to-shake-up-it-outs/240149195

Did you like this? Share it:

9 top threats to cloud computing security

9 top threats to cloud computing security

Cloud computing has grabbed the spotlight at this year’s RSA Conference 2013 in San Francisco, with vendors aplenty hawking products and services that equip IT with controls to bring order to cloud chaos. But the first step is for organization to identify precisely where the greatest cloud-related threats lie.

To that end, the CSA (Cloud Security Alliance) has identified "The Notorious Nine," the top nine cloud computing threats for 2013. The report reflects the current consensus among industry experts surveyed by CSA, focusing on threats specifically related to the shared, on-demand nature of cloud computing.

First on the list is data breaches. To illustrate the potential magnitude of this threat, CSA pointed to a research paper from last November describing how a virtual machine could use side-channel timing information to extract private cryptographic keys in use by other VMs on the same server. A malicious hacker wouldn’t necessarily need to go to such lengths to pull off that sort of feat, though. If a multitenant cloud service database isn’t designed properly, a single flaw in one client’s application could allow an attacker to get at not just that client’s data, but every other clients’ data as well.

The challenge in addressing this threats of data loss and data leakage is that "the measures you put in place to mitigate one can exacerbate the other," according to the report. You could encrypt your data to reduce the impact of a breach, but if you lose your encryption key, you’ll lose your data. However, if you opt to keep offline backups of your data to reduce data loss, you increase your exposure to data breaches.

The second-greatest threat in a cloud computing environment, according to CSA, is data loss: the prospect of seeing your valuable data disappear into the ether without a trace. A malicious hacker might delete a target’s data out of spite — but then, you could lose your data to a careless cloud service provider or a disaster, such as a fire, flood, or earthquake. Compounding the challenge, encrypting your data to ward off theft can backfire if you lose your encryption key.

Data loss isn’t only problematic in terms of impacting relationships with customers, the report notes. You could also get into hot water with the feds if you’re legally required to store particular data to remain in compliance with certain laws, such as HIPAA.

The third-greatest cloud computing security risk is account or service traffic hijacking. Cloud computing adds a new threat to this landscape, according to CSA. If an attacker gains access to your credentials, he or she can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. "Your account or services instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks," according to the report. As an example, CSA pointed to an XSS attack on Amazon in 2010 that let attackers hijack credentials to the site.

Source: http://www.infoworld.com/t/cloud-security/9-top-threats-cloud-computing-security-213428

Did you like this? Share it:

How a ‘model’ employee got away with outsourcing his software job to China

Bob was his company’s best software developer, got glowing performance reviews and earned more than $250,000 a year.

Then one day last spring, Bob’s employer, an American infrastructure company, thought its computer network had been attacked by a virus.

The ensuing forensic probe revealed that Bob’s software code had in fact been the handiwork of a Chinese subcontractor.

Bob was paying a Chinese firm about $50,000 a year to do his work, then spent the day surfing the web, watching cat videos and updating his Facebook page.

“This particular case was pretty unique,” computer security investigator Andrew Valentine, who helped uncover Bob’s scheme, said in an e-mail to The Globe and Mail. “We thought it was actually pretty clever.”

Mr. Valentine made Bob’s tale public in a blog post on Monday and it has since been the talk of tech websites.

“While the large-scale data breaches make the headlines and are widely discussed among security professionals, often the small and unknown cases are the ones that are remembered as being the most interesting,” Mr. Valentine wrote in his blog.

He said the creative but deceitful programmer, whom he called by the pseudonym “Bob,” was a family man and long-time employee in his 40s, “inoffensive and quiet. Someone you wouldn’t look at twice in an elevator.”

Mr. Valentine, who works for the global communications company Verizon, wouldn’t identify Bob’s employer except to say that it was a private “critical infrastructure company” in the United States.

For the past two years, the firm had increasingly been getting employees to telecommute or work from home.

To connect remotely to the company computer system, staffers needed a personal identification number, which changed at regular intervals. Employees were issued security tokens, small devices that updated them with the latest generated PIN.

Last spring, the company grew concerned about computer security breaches and asked its IT department to inspect more closely its remote-access logs, looking for unusual patterns of activity.

To their surprise, they saw that someone connected into their network every day from Shenyang, a city in the historical Manchurian north of China, near the Korean peninsula.

More interestingly, the Chinese intruder was logged in using Bob’s PIN and credentials, “yet the employee is right there, sitting at his desk, staring into his monitor,” Mr. Valentine wrote.

“Based on what information they had obtained, the company initially suspected some kind of unknown malware that was able [to] route traffic from a trusted internal connection to China, and then back. This was the only way they could intellectually resolve the authentication issue. What other explanation could there be?”

Verizon investigators were contacted. They inspected Bob’s workstation, trying to find whether he had unintentionally downloaded a virus.

Instead, the cyber-sleuths discovered hundreds of invoices from a software developer in Shenyang.

The investigation revealed that Bob had outsourced his job. To get around the changing PINs, he couriered his security tokens to the Shenyang subcontractor.

It wasn’t clear how long Bob’s scheme had been running because log records only dated back to six months.

While Bob physically reported to the company that hired Verizon to investigate him, he also padded his income as a contract worker for other local firms, for which he also relied on his Chinese outsourcing arrangement.

Looking at his web browsing history, investigators found that Bob spent his workday checking sites such as Reddit, Ebay, Facebook and LinkedIn and watching cat videos. Then he would type an e-mail at the end of the day to update management about his “work” and left at 5 p.m.

Bob was fired for violating internal company policy, Mr. Valentine said in his e-mail to The Globe and Mail.

By all accounts, the Chinese contractor did an excellent job and until then it reflected well on Bob.

“His code was clean, well-written, and submitted in a timely fashion,” Mr. Valentine noted. “Quarter after quarter, his performance review noted him as the best developer in the building.”

Source: http://www.theglobeandmail.com/technology/how-a-model-employee-got-away-with-outsourcing-his-software-job-to-china/article7409256/

Did you like this? Share it:

Software engineer ‘outsourced’ his entire job to China for a fifth of his salary

Flickr | China flag

Outsourcing has been a reality in the American workplace for years now, but we haven’t heard of an employee outsourcing his entire job — until now. According to the BBC, a software engineer was apparently outsourcing his entire job to China by paying a fifth of his six-figure salary to a local firm in Shenyang who handled his job for him. The employee reportedly did this through a "fairly standard" VPN connection that was set up to allow employees to work from home. The man actually mailed his RSA security token to China so that workers there could log in to his account, and on the surface it seemed as if he was performing a normal day’s work. However, further scrutiny revealed the connection to China, which at first was believed to be malware. Furthermore, a Verizon investigator told the BBC that evidence "suggested he had the same scam going across multiple companies in the area." It seems this was less a case of sheer laziness and more a case of someone using cheap foreign labor to pull off a fairly involved scam.

Source: http://www.theverge.com/2013/1/16/3882900/verizon-software-engineer-outsourced-his-entire-job-to-china

Did you like this? Share it:

US Software Developer Caught Outsourcing His Job to China

PHOTO: A U.S. developer was busted for outsourcing his job to Chinese programmers.

A software developer was busted for outsourcing his job to a programmer in China while he surfed the Web at work.

The case was described by Andrew Valentine, a principal with Verizon Enterprise Solutions, who published a blog post about the incident.

"We’ve seen plenty of employee misconduct cases, but not typically like this," Valentine told ABC News of his consulting caseload, which includes large scale data breach events.

Valentine’s team was contacted by another company based in the U.S. for assistance over "anomalous activity" it noticed in records of employees logging remotely into the company’s IT system.

Verizon Enterprise Solutions is not releasing the name of the company or the employee.

The company’s security team eventually found that someone was logging in from Shenyang, China with the American employee’s credentials — while that employee was staring at a computer monitor in his U.S. office.

In his blog, Valentine described the employee as being in his mid-40s with a "relatively long tenure with the company, family man, inoffensive and quiet. Someone you wouldn’t look at twice in an elevator."

A search of the employee’s computer found hundreds of PDF invoices from a third party contractor/developer from Shenyang.

Eventually, it was discovered that the employee had outsourced his own job to a Chinese consulting firm, paying about $50,000 to the firm out of his salary of several hundred thousand dollars.

Once on-site, Valentine said it took about two days for investigators to collect relevant evidence and put all the pieces together.

In the blog, Valentine wrote that according to his Web browsing history, "a typical ‘work day’" for the employee looked like the following:

9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos

11:30 a.m. – Take lunch

1:00 p.m. – EBay time.

2:00 – ish p.m. – Facebook updates – LinkedIn

4:30 p.m. – End of day update e-mail to management.

5:00 p.m. – Go home

The employee had sent his company log-in key through FedEx to China so that the third-party contractor could log in under his credentials during his workday.

The "best part" of the story is that "for the last several years in a row he received excellent remarks" in his performance review, Valentine wrote in the blog.

"His code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building."

Valentine said the employee was terminated for violating internal company policy.

"The employee denied everything at first, but then changed his story once we produced the invoices that were recovered from deleted disk space," Valentine told ABC News.

"Honestly? I thought it was pretty clever. I think he took a calculated risk by knowingly violating company policy, for sure — but it was clever."

Valentine said that if he was even cleverer, he would have set up a server at home, or somewhere else off-site, for the Chinese consulting firm to access. Then he could proxy their traffic, making it appear that the traffic was coming from his home.

"That would have been a smarter way to go about it. But yes, either way, pretty clever," Valentine said.

Source: http://abcnews.go.com/Business/us-software-developer-busted-employer-outsourcing-job-china/story?id=18230346

Did you like this? Share it: