A value focus for enterprise IT

Recently, Forrester Research has been picking up signals of a shift in mindset among IT executives. For weeks after the credit crunch hit, most IT leaders welcomed “survive the recession” advice. But, after months of firefighting, downturn fatigue has set in. No one thinks our troubles are over, but apparently many IT leaders feel they have taken ­ or at least defined ­ the steps needed to support business stability in the short term. Now they want to refocus on more thoughtful topics.

Most senior IT leaders recognise that enterprise IT is in a period of sweeping change that does not simply reflect the economic crisis. As computing becomes ever more embedded in all aspects of business, the control of IT has moved out of the datacentre and into the hands of business leaders.

Meanwhile, commodity IT has become more stable, for example through the adoption of infrastructure virtualisation, application rationalisation and the uptake of standardisation tools, such as service-oriented architecture. As IT leaders drive these ongoing shifts, they must focus on business issues and business architecture as well as maintain operational management of the rationalised systems they control.

For a typical chief executive or chief financial officer, cost containment may have been the dominant issue for managing IT in 2008, but longer term it is the business-value impact of IT that matters. IT leaders know that in future they will be judged on value impact, based on business performance metrics, such as time to market with new products, or improved customer retention.

Forrester believes this value-oriented agenda for IT will increasingly reassert itself over the course of 2009. To stay ahead of this, IT leaders must focus on three agenda items:

Linking what IT does to business value. All IT staff need to understand that their success will be judged in business terms in future. More business and IT leaders will jointly agree objectives, metrics, and governance structures that couple IT activity and outputs to overall business goals.

US financial firm USAA has used technology to support its drive for improved customer relationships. As a result, it consistently scores best among leading US finance firms in Forrester’s annual consumer survey on customer-centric finance providers. It is this kind of IT value outcome that leaders will expect IT to facilitate.

IT leaders must drive value individually. The CIO and direct reports must engage with business leaders to identify and execute on areas of value delivery. Inside the IT group this means leading by example ­ for instance, by devoting time to business issues and prominently featuring business impact in internal communications. Outside IT, building personal networks across the wider business, and marketing IT activities to business leaders.

Focusing IT’s collaboration with others on value outcomes ­ for example, building a business-value focus into relationships with external suppliers. For example, coaching the vendor management team to focus on value-generating supplier contributions. Linking supplier governance and performance criteria to value outcomes will support external partners that contribute to overall business objectives.

These three lines of attack represent a vital aspect of the renewal and rebuilt momentum that IT leaders need to achieve with their teams during the coming six to 12 months.

Forrester’s thinking about Redefining IT’s Value For The Enterprise is the overarching theme of its European IT Forum in Berlin, 3-5 June 2009. For more information on this event please visit www.forrester.com/ITForumEMEA2009.

For complimentary research from Forrester, visit http://forrester.com/computing.uk.

Andrew Parker is vice president for sourcing and vendor management at analyst Forrester Research

Adopting a frugal approach to the web

In the era of the consumer-centric web, people expect rich, engaging and satisfying online interactions with companies and brands. Since the recession will do nothing to depress this expectation – ­ indeed, it will likely make consumers more fickle and demanding – ­ firms should avoid the temptation to apply across-the-board IT budget reductions to external web projects.

Before cutting the budget of their web content management (WCM) initiatives, executives should consider their responsibility to do no harm to what is frequently the company’s primary channel for attracting and servicing customers. Rather than radical changes in the name of cost savings, Forrester recommends that businesses adopt a strategic approach we call “frugal WCM”.

Instead of slashing budgets in a panicked reaction to an immediate crisis, frugality should combine the wise use of what you have with careful consideration of what you acquire, all in the service of long-term health and sustainability.

Companies can practice frugal WCM by extracting the maximum value from their existing systems and investigating lower-cost alternatives for specific enhancements.

Many firms use only a fraction of the capabilities of their WCM tool and poor adoption by contributors remains a key reason for under-performing WCM projects. Despite improvements, the user interfaces of many leading WCM products remain hostile to users. Companies can increase adoption by allowing business users to create content in favoured desktop applications or team collaboration sites and designating a few power users to manage content in the WCM system.

Creating content is hard enough –­ yet some teams create the same content multiple times due to lack of co-ordination on multi-lingual sites, multiple web properties, or across non-web channels. By the same token, companies should review whether existing content can add value to other sites. For example, one European resort chain significantly improved revenue simply by displaying floor plans during the booking process.

Web teams can begin to experiment with personalisation features despite the stranglehold on their budgets. Most WCM tools are able to support basic content targeting, for example, with simple modifications to visitor profiles and the rules that control delivery. As it is best to start small with site personalisation, experimenting now will allow a team to move more quickly after the recovery.

Frugal WCM is not only about getting more out of what you have. It can also reap benefits when making new investments.

Given the potential for top-line growth from optimising the online customer experience, firms will continue to justify large investments in new or existing WCM projects during the recession. But supporters can expect intense scrutiny of business need and return on investment.

As the web shifts from information delivery to customer experience, more projects are opportunistic. They may require quick turnaround, such as a sales promotion; focus on social elements, such as a fan site for a sporting event; and be highly interactive.

Frugal WCM counsels investigating lower-cost alternatives to custom development of the firm’s WCM, even at the risk of multiplying the number of systems you need to manage.

Smart firms will use the recession to adopt new approaches, such as frugal WCM, that will contribute to their success long after the crisis ebbs.

Tim Walters is senior analyst at Forrester Research

Please visit www.forrester.com/computinguk for several complimentary reports made available to Computing readers by Forrester Research

Slump exacerbates internal threats

The dire state of the economy will have a direct impact on enterprises in 2009. Financial losses initially confined to the sub-prime loan market infected broader financial services and, in turn, rippled outward to the construction, retail, and transportation industries.

All businesses are now under pressure to cut costs – and that means eliminating jobs. With more mass layoffs expected to come later this year, chief information security officers (CISOs) will be asked to take decisive measures to keep their firms’ confidential data from walking out the door along side their employees.

To this end, Forrester expects that in 2009 data protection tools will be seen as a critical technology for limiting the loss of sensitive information before layoffs happen.  Employers will buy data leak prevention (DLP), device control, and Web filtering technologies to help them clamp down on nervous employees sending themselves attachments to outside Webmail addresses, copying documents to USB thumb drives, or posting to outside blogs.

Full disk encryption will also be a key tool in the CISO’s bag as a complement to DLP. Disk encryption protects the entire contents of a worker's computer in the event of theft or loss. Of 500 large enterprises Forrester recently surveyed, 35 per cent have already deployed full-disk encryption. Forrester expects that by 2011, three-quarters of large and very large enterprises will make full-disk encryption a standard part of their PC builds.

In addition to taking steps to safeguard company data and documents, CISOs will be asked to watch another worrying concern: the abuse of privileges by authorised.  Enterprises often grant employees too many application privileges, or fail to remove access to applications when they take new positions within the company.
 
In 2009 entitlements will give business leaders major headaches; personally identifiable information will cause much of the discomfort. Some of the drivers of the problem may include employee curiosity. Forrester predicts that more high-profile stories about unauthorised snooping will become much more common next year. If 2008 was "The Year of the Lost Laptop," 2009 will be "The Year of the Curious Customer Service Representative."

Another driver may be the temptation to earn ‘quick money’, as customer information used to manufacture identities and open credit continues to be valuable. Recent security intelligence from Symantec, for example, states that underground prices for consumer credit card details range from $0.50(£0.35) to $12 (£8.40) per card. By that measure, an entitled employee with excessive privileges at an online merchant with sloppy internal controls could sell 10,000 card numbers and make a quick $100,000 (£70,000).

Further to spirited and public debates over wide-open healthcare records, interoperability and access control of electronic personal health records will become a more significant priority and drive greater awareness of entitlements in healthcare, life sciences, and beyond.

As auditors have gained more experience assessing compliance with Sarbanes-Oxley and other statutes, they have become increasingly aware of the perils of excessive entitlements. Greater awareness has led to tougher audits. Now enterprises must be prepared to explain who got access to what application features, and why.

Forrester expects that deployments of hosted application and desktop virtualisation technologies, such as those from Citrix, Microsoft, and VMware will rise in 2009.  Client virtualisation has long been used to address remote access and manageability concerns. But today, the majority of Forrester clients justify new client virtualisation deployments by the need to secure data on the user PCs. Increased data concerns will make client virtualisation more palatable to CIOs because enterprises will see it increasingly as a dual-use technology that can increase productivity and security at the same time.

Historically, highly regulated industries such as healthcare and financial services adopted client virtualisation first because of the clear linkages to security. Throughout 2009, increased turnover in employee ranks will offer further justification to these and other industries, based on client virtualisation's potential for decreasing the possibility of data breaches. As a result, data security will continue to be the No. 1 driver of client virtualisation initiatives through 2011.

By Andrew Jaquith, senior analyst at Forrester Research

Please visit www.forrester.com/computinguk for several complimentary reports made available to Computing readers by Forrester Research.

Time to hone your sourcing skills

Making sourcing decisions against a background of economic crisis should be easier ­ during a recession companies focus on cost and cost alone. Right now, the ability of vendors to respond rapidly to business needs will be thoroughly tested by recession, and Forrester expects most firms to renegotiate their sourcing contracts or reduce the number of service providers with which they engage.

That has many ramifications for IT leaders.

First, you should cut costs wherever you can. Focus on what you can do to rationalise your infrastructure and applications environments to cut costs ­ this will mean working across the business to identify any redundancies.

Accelerate those sourcing projects that will avoid near-term expenses ­ for example, rapidly migrating remaining applications from a “burning” database engine could avoid software licence maintenance fees for the coming year.

Solicit proposals from your vendors to get a better understanding of what they can offer in terms of service automation or application rationalisation frameworks.

Identify labour-intensive areas as candidates for sourcing. The largest efficiency improvements should be possible in the areas that consume the most labour resources. For example, look at your internal application-testing processes ­ testing occurs on every project, and test data generation, test setup, and test execution can be extremely resource intensive. Vendors that we track continue to strengthen service offerings in these areas, helping firms reduce the cost of this key activity.

Meanwhile, it is important to scrutinise all the IT sourcing proposals available, and to take a jaded view of them all. Make sure all the evidence from a vendor is convincing to all the decision makers involved before you reach any conclusions. Send the statement of work to a dedicated team to analyse proposed project plans and make the necessary adjustments to ensure any initial investments from your side are kept to a bare minimum.

Vendors are great at painting a picture of a happy ending but they lack the clarity to undertake the transitioning, and it often costs more than you realise. Go back to the RFP and include targeted questions concerning what investments they have made to accelerate project delivery. For example, do they use fast deployment methods or testing automation?

Encourage your internal stakeholders to voice their views and take on board what they have to say. Reach out to those business managers who are not already knocking on your door so that the entire organisation has an opportunity to benefit from your expertise and experience. Be ready to offer advice on consolidating vendors, proactive suggestions on changes to upcoming renegotiations, and information on how to get more value through better vendor management ­ what Forrester terms “activist sourcing”.

Most importantly, market yourself. IT leaders must explain to key stakeholders what they can do. In addition to offering advice based on your stakeholders’ stated needs, use this as an opportunity to offer consultative help that they might not realise you can provide.

For example, many users do not realise that sourcing teams can be brought in even before the decision is made to bid a piece of work or hire a vendor. Use your research skills to help colleagues understand some of the emerging contracting mechanisms, such as shared risk and reward or managed outcomes, which can de-risk projects from a cost perspective. This makes the sourcing role more consultative and proactive.

Please visit www.forrester.com/computinguk for several complimentary reports made available to Computing readers by Forrester Research.

Euan Davis is a principal analyst at Forrester Research.

Paying by results can reduce costs

Many enterprises turn to external service providers for application-related services. Forrester Research surveys show that between one- fifth and one-third of large companies in the US and Europe use external service providers for each of a number of categories of application services. Established services include staff augmentation for software development projects, application outsourcing, maintenance and support, testing and quality assurance, and newer forms of provision such as software-as-a-service. Forrester estimates the European market for these services at more than $40bn (£32bn) in 2008.

Too many companies focus on the time and effort involved in delivering these services, rather than the outcomes required, when negotiating contracts with providers. Worse still, the cost or price benchmark is too often the most important yardstick for the initial selection of a service provider. These numbers have their uses, of course, but by themselves they give very little indication of the value for money achieved.

One of my colleagues, Bill Martorelli, has recently investigated the potential benefits to companies from a more outcome-led approach to negotiating. He calls this the managed outcome model, and describes it as “an application development and/or maintenance relationship based on defined outcomes and priced on a fixed-bid basis”. This relies on defining the service relationship in terms of deliverables, service levels, and price, rather than according to the number of resource hours or days committed.

Enterprises stand to reap significant benefit from transferring more work to the managed outcome model. Payoffs include a one-off cost/benefit boost from moving work across from internal processes to those of the service provider.

Additional advantages may include more effective knowledge retention through the provider’s more industrialised knowledge systems, avoidance of lengthy and challenging negotiations over appropriate levels of effort under time-and-materials contracts, and a more defined approach to innovation and business value delivery through building these goals into the expectations placed on the service provider.

Of course, this change of approach involves challenges, too. Not least of these will be winning the internal debate inside the buyer company about loss of control or increased risk from handing over day-to-day service management to the provider. What’s more, some internal stakeholders may not find the benefits from the changed approach so obvious. And, of course, the internal change management  involved in the transition from one approach to the other for the buyer company can be tough to execute on a day-by-day basis.

So where should companies considering this transition make a start? Forrester’s research indicates that large opportunities ¬ like a major application development project ¬ work best. For the provider this means more scale of work, which makes it worthwhile for the supplier to take on the risk of working on a fixed-price basis. For the client, it means more potential cost savings.

Martorelli also recommends that buyer companies should favour opportunities that can be well specified, and where historical data exists. It may seem obvious, but in practice too few firms embark on a service engagement with a clear set of outcomes defined upfront. If it is possible to specify the requirements clearly, then the chances of a managed outcome approach succeeding are that much higher.

Please visit www.forrester.com/computinguk where several key studies on this topic are available to Computing readers free of charge.

Andrew Parker is research director at analyst Forrester Research

People are your best defence

As many as 81 per cent of chief information security officers (CISOs) rank data protection as an important or very important priority for their organisation during the next year, according to Forrester Research.

The prioritisation of data protection is correct, as few IT issues ­ let alone IT security issues ­ have achieved such interest at the executive level.

Data security is a top priority because breaches can be incredibly costly. If you collect sensitive customer data, you are not only bound by regulatory and legal requirements, but also by potential fines and legal costs.

In addition, breaches of corporate intellectual property or other sensitive corporate data might not make the headlines, but they can have a catastrophic business impact.

CISOs often view data protection as desktop and storage-level encryption, and perhaps deploy data leak prevention technologies.

While these have their place, what is missing, or not emphasised, is the process and people aspect of data security ­ application security, training and awareness.

Many security professionals that grew up concentrating on infrastructure are often unaware of the types of development environments and processes that are now dominant.

And as with any unfamiliar technology area, security leaders hold a diminished level of influence. CISOs often struggle to establish application security processes as part of a company’s software development lifecycle.

Application developers often view security as an annoying layer of cost and inconvenience. Security controls can slow application development and testing, and reduce the actual performance of tools.

With data security now high priority, there are strong arguments in favour of a more proactive approach to application security. Applications are the primary target of hackers ­ roughly two-thirds of vulnerabilities discovered by Symantec are web
application-related.

Estimates from the National Institute of Standards and Technology have also shown that fixing vulnerabilities after applications are developed has produced costs up to 30 times more than fixing during the design phase.

Given the inevitability of vulnerabilities and the trends in hacker behaviour, there are clear risk and cost arguments for proactive application security ­- finding and fixing vulnerabilities as early in the development process as possible.

Security training and awareness is another area that is rightfully getting more attention, because the little training that takes place usually tends to be superficial.

Your workers serve as a critical line of defence, and security training ties directly into the effectiveness of other initiatives.

For example, incident management equips the organisation to deal with unforeseen events, so a lack of training will result in chaos and confusion at the time of security breaches.

Lack of training also leads to unreported security incidents. Many people do not know what activities should be viewed with suspicion, or whether to report them.

Both endeavours ­- application security and training -­ promise to enhance data security, deliver good return on investment and improve programme effectiveness.

Jonathan Penn is vice president of security and risk management at Forrester Research. Computing readers can download free Forrester reports at: www.forrester.com/computinguk

A strong rupee won’t undermine offshoring

Many IT industry watchers have had a lot to say recently about the rise of the Indian Rupee against the US dollar.

Despite this currency shift, leading Indian service providers like Infosys and Cognizant have sustained strong revenue growth in North America, but in some cases not without seeing some challenges to their profit margins in the region. One consequence has been a marketing surge by Indian firms in Europe, where local currencies have held up against the rupee. Many of the top 20 Indian IT services firms achieved higher revenue growth in EMEA over the course of 2007 than in North America.

More recently, sterling has begun to weaken against the US dollar, meaning that Indian service providers face more margin pressures in the UK market also – threatening their largest source of business in Europe. This has prompted speculation that the IT industry will soon reach an inflection point where the low-cost advantage enjoyed by India’s offshore service providers will shrink to a level where their revenue growth will peter out.

An extreme view sees the advantage enjoyed by Indian firms vanishing completely. Proponents of this argue that wage inflation, high attrition rates, and increasing headcount growth in higher cost regions like Europe will reinforce the currency shifts to push Indian services prices more into line with those available in Europe.

Does this analysis stand up? Work by Forrester Research suggests not. A forthcoming Forrester report examines the factors involved, like the wage inflation rates among software programmers employed by the indigenous IT services firms in North America and Europe – alongside those for the Indian firms. The research also evaluates Indian firms’ ongoing work to improve productivity - revenue per head - in areas like application development and maintenance services.

Forrester’s analysis shows that a typical programmer in North America, earning something in the region of US$82,000 annually today, will likely earn upwards of US$100,000 by 2012. By contrast, an equivalent programmer in India today will earn between US$10,000 and 15,000. When adjusted for currency effects and the overheads of working offshore, the cost to the client still amounts to no more than US$20,000.

By 2012, the research shows that figure may have reached no more than US$25,000 per annum. Even taking a worst case scenario, with higher currency impacts, greater Indian wage inflation, and no productivity progress, the Indian programmer’s cost to the client would reach no more than US$50,000.

Quite a few IT execs in Europe – especially on the vendor side – appear to be assuming that economic factors will take the Indian service providers out of the game and leave the local services industry a clear field to consolidate its dominance in local markets. Forrester’s work makes that seem more like wishful thinking. Instead, it is far more probable that India’s offshore impact is here to stay, and all of us in Europe need to plan accordingly.

At Forrester Research, Andrew Parker serves sourcing & vendor management professionals and is joint global leader of the team that delivers research and consulting to help these professionals.

Please visit www.forrester.com/computinguk where several key studies from the Forrester sourcing & vendor management team have been made available to Computing readers free of charge.

Activist sourcing is the future

For many years, the approach taken to IT supplier management focused on contracting activities within the overall procurement function. But things are changing.

A report from Forrester Research shows the rise of a new approach that we call activist sourcing.

Companies adopting the approach aim to boost IT performance ­ as well as eliminate cost ­ by building a mature approach to the full lifecycle of each supplier relationship. Outsourcing has become a crucial target for such an approach.

A major European bank offers one example of the shift. The bank’s IT group had more than 100 service providers under contract and decided to create a formal vendor management office to impose more discipline across its relationships.

The bank implemented software governance tools to link underlying infrastructure and applications to specific business processes, and to measure vendor performance.

And the implemented governance tools became the fundamental platform for a new services management department, charged with oversight of all suppliers.

Along the way, the company identified several million euros worth of savings by eliminating overcharges and unused systems.

Vendor governance is just one part of an activist sourcing approach.

The full picture involves a set of pre-contract activities, such as setting sourcing strategy, requirements gathering and requests for proposal processes.

Post-contract, such activities give way to spend analysis, supplier reviews, compliance monitoring, process rationalisation and risk management.

Firms that typically set up a formal vendor management office (VMO) begin with only a subset of multiple activities, gradually expanding the responsibilities of the VMO to cover a spectrum of issues.

Forrester’s research reveals that about half of large European firms possess a formal VMO, but that the percentage is rising.

Staff numbers involved tend to be small: a typical VMO may employ fewer than 10 people, although the largest firms may employ 50 or more.

A typical pattern for the VMO involves setting up the group within the IT organisation and dividing work by spend category.

However, some very large companies choose a different setup, placing the VMO outside the IT group and creating a process-led responsibility.

In such cases, actual governance of the suppliers tends to be retained within individual business units.

Creating a greater formality of approach in managing IT suppliers provides more evidence of the increasing maturity of buyer behaviour in blue-chip technology.

The rise of activist sourcing will contribute to higher adoption of selective outsourcing, or multisourcing, as opposed to one-stop shop approaches.

Such approaches will maintain the downward price pressure in IT services markets, and continue to boost the use of more defined operational metrics around service delivery in IT services agreements.

Andrew Parker is vice president and research director at Forrester Research.

The Forrester report, “Building An Effective Vendor Management Office”, along with other key research, is available to Computing readers free of charge at: www.forrester.com/computinguk

Outsourcing must not be a battle

Forrester’s research into outsourcing frequently shows buyers berating providers for failing to innovate. Most recently, Forrester’s Enterprise IT Services Survey, from April 2007, threw up new evidence. Of more than 1,000 IT executives we interviewed, 28 per cent said their outsourcing provider was unable to respond rapidly to changing business needs.

There are two areas of focus that could close this innovation gap and help to alleviate the grumbles.

First, buyers must recognise that outsourcing at its best is rooted in focused innovation. Leading service providers such as HP, Capgemini, IBM, and EDS have to innovate just to meet the demanding cost-reduction expectations of clients. These firms labour to consolidate and rationalise infrastructure, implement strong service management disciplines and processes, and impose structured metrics and measurement on service delivery. This is real value-generating innovation, delivering a more reliable, agile infrastructure, often at substantially reduced cost. But too many stakeholders inside the client do not recognise this innovation because its impact does not by itself provide direct business performance gains.

Customer owners of outsourcing relationships need to address that failure of communications and make sure their colleagues grasp the true value of the services delivered.

Second, buyers of outsourcing must stop wanting to have their cake and eat it. They want to impose a contract that drives the outsourcer to deliver a rigidly commoditised service at a rock-bottom price. Simultaneously they expect the provider to bring all kinds of improbable performance improvements to the business. Service providers compound this problem by promising a raft of improbable inputs from company scientists, research facilities, centres of excellence and the like ­ but allowing the client to studiously ignore such niceties in the hard language of the contract.

Both sides need to break away from this destructive collusion during the negotiation of outsourcing deals. Clients that want innovation built into an outsourcing contract have to directly express this in the contract ­ and be prepared to pay a market price for the added value. Outsourcing providers in turn must clearly represent the various areas of value delivery they offer ­ from commodity desktop services, for example, to business performance consulting ­ and properly represent to the client how to procure those services on appropriate terms.

Too many outsourcing buyers still approach the contracting process as an adversarial contest to be won on all terms. To combat this imbalance, outsourcing advisers such as TPI have begun to talk increasingly of promoting a more win/win-oriented approach to setting up outsourcing relationships.

Forrester can only agree ­ and if the market can act upon this advice, then that might see the first tentative steps taken to lay to rest the old moans about outsourcing’s innovation deficit.

Andrew Parker is vice president and research director at Forrester Research

Computing readers can download Forrester Research reports free of charge at www.forrester.com/computinguk. For more information on Forrester’s Sourcing and Services Forum held on 29-30 November in Nice, visit: www.forrester.com/sourcing2007

The three steps to outsourcing

Companies that frequently use IT outsourcing fail to co-ordinate well across multiple contracts, meaning that not all their provider relationships pull in one direction.

The outsourcing world has shifted from off-loading all IT to one service provider to taking a more selective sourcing approach. Businesses often outsource various domains, such as desktop services, data centres, network management or support services, to a range of different specialists.

To add to the complexity, the providers selected may vary, such as an international manufacturer that uses three separate desktop services suppliers just to meet its European requirements.

To address this issue, a recent report from Forrester Research sets out a three-step framework to define a more co-ordinated outsourcing approach. Each step should allow firms to move forward in an organised fashion, in alignment with the realities of the IT department and the company’s outsourcing goals.

Step 1: Shortlist only outsourcing models that align with the current IT realities of your firm. Some outsourcing models simply do not fit with existing IT structures and behaviours.

For example, a centralised, global deal with a single service provider will not fit with a highly decentralised, fragmented IT organisation where powerful local IT directors respond to local business leadership.

Similarly, targeting outsourcing to deliver business transformation is not likely to work if your IT organisation focuses mainly on commodity, low-cost IT operation.

Step 2: Evaluate internal IT staffing issues. A significant outsourcing project brings substantial changes in IT staffing. Planners must be clear which skills must be retained and which can move to an external provider. For example, a company whose custom applications deliver a competitive edge will aim to keep the relevant software development group in-house.

A firm that faces difficulty in recruiting the right IT skills in a given geography may choose a capable local outsourcing partner to address the shortfall. The general principle being: choose outsourcing options that help you invest in and retain the IT skills you need internally.

Step 3: Shape the outsourcing approach to meet your IT spending and maturity issues. An IT organisation that shows best-in-class cost benchmarks and operates mature, robust processes, will require a very different strategy from one that falls short in these areas. For example, companies that have poor process maturity in the application development group often struggle to work well with process-centric Indian service providers.

Outsourcing planners’ expectations of external providers must adjust to the realities of IT spending and financial targets set by the business. Equally, the same planners need to consider the required inputs from the outsourcer in relation to growing the maturity and stability of IT delivery – often working with recognised frameworks such as ITIL or CMMI.

Andrew Parker is vice president and research director at Forrester Research. Computing readers can download the Forrester report “Three pragmatic steps to an outsourcing strategy” at www.forrester.com/computinguk. For information on Forrester’s Sourcing and Services Forum in Nice in November, visit www.forrester.com/sourcing2007