Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
IT WEEK • 1 NOVEMBER 2004 36 COMMENT Could better risk assessment methods help Sainsbury’s to get more value from technology? 36 INTERVIEW CSC refines IT outsourcing offerings MANAGEMENTWEEK WHERE TECHNOLOGY BECOMES BUSINESS REALITY Editor: Madeline Bennett Business security grows up Madeline Bennett T he IT security industry is maturing and has become more responsive to the needs of businesses, but government and vendors still need to do more to ensure security is integrated into product development, according to experts. John Holland, European head of security firm Cybertrust – newly established from the merger of TruSecure, Betrusted and its subsidiary Ubizen – said, “[For security vendors] it’s becoming less about adding another box and more about risk management and integrating your security solutions into what the business is doing.” This could be welcome news for IT departments, which rate security as their top concern, according to recent research. Companies are increasingly looking for security partners who can talk the language of business, said Holland. “This means understanding risk, process, procedures and policies – not pieces immediately associated with technology,” he said. “The business side is not worried about if you have put antivirus or a firewall in place, they’re worried PRIORITIES FOR about if the business will System continue in light of a secsecurity urity [problem].” Information The IT security indsecurity ustry is now maturing, Business interaction argued Holland. “If you Business look at the IT industry at continuity any given time, there are always technology areas that are in their birth, teenage or adult stage,” Holland added. “[But now that] security is moving towards the adulthood, you’re not having to prove to people they need to buy it anymore.” However, other experts argued that more secure development processes and government intervention are still needed to further improve IT protection. “We need to draw attention to the fact that some of our development processes are broken,” said Simon Perry, vice-president of security strategy at software vendor Computer Associates. Perry said patching causes particular concern, and that this is partly due to vendors and IT employees not being sufficient- Agile advice for Euro IT Madeline Bennett T he Agile Alliance launched its European arm last week to promote uptake of so-called Agile IT processes that aim to improve software development and the management of IT projects, though some analysts said the methodology currently takes too narrow a focus. Agile Alliance Europe, a non-profit organisation, offers a forum for software developers, IT managers and business people to share ideas and access data about Agile methods. Agile is a set of principles and methodologies for developing software and managing IT projects. The launch of the European branch of the Hanly: higher value software itweek.co.uk Agile Alliance follows the establishment of the US arm in 1992. For the past 18 months, the alliance has set up special interest groups in various European locations as focal points for information sharing. However, it is now ready to launch for general membership, giving more UK and European firms an opportunity to learn about and adopt the processes, according to Brian Hanly, a director of software consultancy Exoftware, which is a key sponsor of Agile Alliance Europe. Hanly said more use of Agile processes would lead to better value and quality in software.“It will impact value for money in the software development industry,”he said. “So much is wasted on this area at present, there’s a lot of poor quality products.” Hanly said Agile processes can help firms respond to changes more easily and argued that traditional methodologies treat change negatively. “Change is inevitable, especially considering how fast technology ly proactive. “We have got better at discovering the current security stance 77% and closing off vulnerabil73% ities before exploits occur,” he said at a recent 57% security event in London. “That’s critical, but in the 56% long term it’s also still just being reactive.” Perry added that the government could do more to monitor the quality of IT products and encourage better security. “If the government can recall a pizza because the quality is not right, why does software have no recall programme?” he asked. Perry argued that the government should do more to promote quality control schemes such as Common Criteria. This government scheme grades and certifies technology products against set criteria, to encourage security to be built in during the development process and to help organisations to assess the level of protection offered by various IT systems. www.cybertrust.com www.ca.com www.commoncriteriaportal.org IT STRATEGY AGILE METHODOLOGIES The Agile Alliance, a non-profit • body, is promoting Agile IT process- • es for better software development and project management. It shares information and aims to improve the quality of software. changes. You have to embrace it,” he said. Analyst firm Forrester Research recently called for more focus on tools as part of the methodology.“Agile development processes explicitly de-emphasise tools, but tools are nonetheless crucial to Agile projects’ success,” the firm said. It said software configuration management, unit testing and build management tools would be key to the success of the Agile approach. But Hanly denied that Agile does not place enough importance on tools. “We look at people and processes first, and then tools. You definitely need automated testing and continuous integration. Just don’t get caught up on the tools, as interaction with the business is more important.” www.agileallianceeurope.org CONTENTS 36 COMMENT Sainbury’s decision to overhaul its IT systems could backfire if it sets up manual processes without assessing risks and benefits, warns Madeline Bennett 37 INTERVIEW Keith Wilman, UK chief executive of IT services company CSC, explains the latest trends in outsourcing in the public and private sectors in the UK Mail scanner spots danger in content David Neal Messaging specialist Sendmail has released a new message management application, called Mailstream Content Manager (MCM).The system can filter out spam and viruses, scan text and attachments and enforce internal usage policies, according to Sendmail. “This product is not just an upgrade, it is a way of managing both emails and applications,” said JF Sullivan, head of marketing at Sendmail. MCM is the first app developed on Sendmail’s Advanced Content Engine – technology acquired with the purchase of a startup last year. Built on Extensible Stylesheet Language (XSL), the system processes messages, and is designed to easily integrate with firms’ existing infrastructure. According to Sullivan this openness is important because it is impossible to predict how messaging is likely to develop.“You have to be able to integrate it into everything you have. It must be easily adaptable and ready for the next big thing,” he added. Sullivan also emphasised MCM’s ability to monitor outbound messages as well as internal ones.“Previously, tools would be bought by network security people who would look to see whether it protected them from external threats,” he said.“Now, with [regulatory] compliance issues and other issues, [messaging] has come to the attention of the CEO and CIO.” Sullivan promised that support for anti-spam systems using Sender ID and DomainKeys would be added in future. The MCM system, available now, has a dashboard interface and flow controls such as message throttling. It provides an overview of spam and virus attacks being blocked, and includes other admin tools such as a log of blocked messages for further review. www.sendmail.com 35 MANAGEMENTWEEK IT WEEK • 1 NOVEMBER 2004 Sainsbury’s discounts IT Sainsbury’s recent decision to reclaim control of its IT systems, write off huge technology investments and beef up manual systems may be too drastic, warns Madeline Bennett T he recent announcement that Sainsbury’s plans to overhaul its IT operations because of falling sales should serve as a warning to other firms. The supermarket chain blamed the drop in sales on poor stock control and under-performing IT systems, which left goods stuck in depots and warehouses. A security expert recently told me the Sainsbury’s situation was a prime example of poor risk management. He argued that the supermarket had tried to cut its costs without taking into account the risk of not having people in place to get goods on the shelves. This is a classic trap that firms can fall into – I want to cut my costs, so I must cut the number of staff, and I must buy more technology to replace the human element. All very well if firms follow proper risk evaluation processes. I could have told Sainsbury’s its new stock control systems weren’t working long ago, without the aid of complex risk assessment methodologies – simply based on my experiences at my local store. Over the past five years there has been a slack attitude to stock management. Many items were off the shelves by lunchtime on weekends, and a game of bakery roulette left either hundreds of unwanted loaves lingering on the shelves at closing times – or not a roll in sight. In an attempt to turn its fortunes around, the retailer is writing off £260m worth of technology and supply chain systems and plans to cut 750 head-office jobs, while taking on an extra 3,000 in-store staff. The firm said it will replace its automated supply chain system with a manual stock control process, and undertake renegotiations with Accenture, its current IT outsourcing partner, in an attempt to reclaim control of its IT capabilities. Sainsbury’s move may indicate a growing divide between the needs and expectations of outsourcing customers and suppliers. While Sainsbury’s argued some of the IT systems implemented by Accenture were unusable, the consulting firm countered that it did not have control over some automation systems. As further evidence of a divide, we have the recent decision by investment bank JP Morgan to pull out of its outsourcing deal with IBM and rehire 4,000 IT workers it had earlier transferred to the company to cuts costs. But other evidence points in the opposite direction. Outsourcing specialist TPI says that mega outsourcing deals are on the up again, indicating that some firms are still willing to invest trust – and huge amounts of cash – in third parties. I can’t imagine Sainsbury’s will be a participant in any more mega IT agreements for a while, judging by its recent experiences. But its decision to revert to manual processes could leave the supermarket in a worse position than when it started. CSC refines outsourcing bids Keith Wilman of services firm CSC explains the latest trends in IT outsourcing in the public and private sectors in the UK OUTSOURCING INTERVIEW BY LEM BINGLEY IT Week:As head of IT services giant CSC in the UK, can you explain your firm’s current business priorities? KeithWilman: Firstly, it’s to be number two [in the market]. Which might seem like a crazy goal, but in terms of worldwide revenue, CSC is at $15bn but IBM Global Services, at number one, is around $40bn. That’s too big a gap to close in the medium term, but EDS is at $21bn and dropping, so our goal is to overtake EDS. What about your position in the UK market? [Analyst company] Ovum Holway would say we are already number two in outsourcing in the UK, behind EDS. And again we expect EDS to fall back. It’s now at about £2.1bn revenue; we’re over a billion. to gain a stronger reputation in business transformation. We do a lot of business transformation in our IT outsourcing, it just doesn’t come across as strongly as it does for some competitors, such as Accenture. So we’ve set up a separate business unit. Another area is world sourcing. Do you mean offshore outsourcing? We pitch it differently. We take a lot of people on board from our clients when we do outsourcing. The [client’s staff] don’t want to hear that you’re going to sack them all, and the client doesn’t want to hear it either. We wouldn’t win business, or hearts and minds, that way. How will you increase revenues? Wilman: work We’re changing the business to try on global scale 36 So what does world sourcing mean? We look at our assets globally. Sure, we are putting work into India – we have 2,000 people there and it’s growing rapidly – but we will put work where we need to put work. For years we ran some operations out of Australia, because that let work follow the sun. But no one thought of that as offshoring. Why the recent move into public sector outsourcing in the UK? Three years ago, when we had absolutely no government business, the government said, look, we’d really like more than one top-tier firm bidding. And it said the same thing to IBM. Government business is counter-cyclical. When the private sector is not doing so well, government tends to spend money. So we decided to go for 40 percent of revenue through the public sector. Has this proved successful? After a couple of false starts [on tenders for work with the DVLA and Crown Prosecution Service] we learned how to bid for government contracts. We were ticking all the right boxes but then there was the price. We were used to bidding for commercial contracts but government is fundamentally different. Government has to have an open tender and tough competition. It’s also pretty expensive to get involved, so we had to change our ways. Having made the decision to invest £3bn to upgrade the supply chain process, why throw all these developments down the drain? Yes, some elements may have proven complex and unworkable, but surely these could be simplified. Properlydeveloped supply chain technology can offer firms a centralised, realtime management system that ensures stock levels are monitored and replenished according to need. When deals go wrong it’s tempting to take a completely new tack. But before taking such an extreme step, it might be worth examining root issues such as comms channels or contract management to see if the problems might lie there. ITW [email protected] ABOUT KEITH WILMAN Wilman is president and chief • Keith executive of CSC’s UK division. joined the IT services firm in • He 1997 as vice-president responsible • for the British Aerospace account, then CSC’s largest global outsourcing contract. He has also served as UK chief operating officer. Before joining CSC,Wilman was managing director of Easam, a UK software and services firm. The Office of Fair Trading is concerned about public sector IT procurement processes. Are there positive examples? I think Richard Granger [director general of IT at the NHS] showed us all how to do it [with the NHS’s National Programme for IT]. He got so quickly to contract, he has to be applauded for that. He’s shown that it can be done. But there are predictions that the project will run 400 percent over budget... There is a cost of procurement and a cost of deployment. The users will have to learn to use [the new system]. But there’s nothing special about that – most people have computer skills across the board these days. So I don’t know why anyone thinks it’s going to be so expensive. ITW itweek.co.uk