Its Halloween time, so we’re all cowering in our homes dreading the knock on our doors that signals another bunch of costumed kids or behoodied hooligans demanding money with menaces. Now IT departments face a similar danger, and they’ll need more than candle-lit pumpkins in their windows to keep these guys at bay. Perhaps it’s the economic downturn hindering normal sales efforts, but, judging by the volume of client inquiries on the subject, software vendors are increasingly active in the area of license compliance audits.

Most software vendors subcontract compliance audit work to specialist teams from the major accounting firms. The vendor starts the process with a nice letter that explains this is just part of its standard process, yada yada, nothing to worry about yada yada. Unfortunately, some of our clients have been taken in by this approach and have only come to Forrester for help after the audit team has been in, by which time it may be too late. Some software companies focus on deliberate IP infringement and take a sympathetic view of accidental non-compliance, but others seem to be like traffic cops hiding with a radar gun in the bushes at the bottom of a hill. Vendor managers who receive the notice-of-audit letter should do their own thorough assessment and fix any problems before the vendor’s team is allowed in – it will be much easier to do this proactively than after the vendor has found them and converted them into a revenue forecast.

Have you fallen foul of a software compliance audit in the last twelve months? Forrester would like to hear from you, so that we can include any lessons learned in a research report. Please contact my research associate Antonin Shanahan on ashanahan@forrester.co.uk if you would be willing to participate in a 30 minute discussion with me, Duncan Jones, on this topic.

By Sudin Apte
On Saturday, September 13, 2008, terrorists struck India once again. New Delhi, India’s National Capital, was hit by five consecutive bomb blasts of moderate intensity. More than a month ago, Bangalore saw six such blasts; and the following day, Ahmedabad, a key financial hub, was hit by seven blasts. There were similar terrorist attacks in Hyderabad, Jaipur, and a year prior in Mumbai and Delhi as well. Immediately after the terrorist attacks, the Indian government and political parties went through the standard drill — press statements, announcements of some immediate measures, and the usual political bickering. On Sunday, September 14th, New Delhi — and more specifically, the areas targeted by the blasts — were functioning normally (at least on the surface).

Clearly, firms that send their work to offshore locations in India need to take note. If India continues to suffer from terrorist attacks, sourcing professionals should re-visit risk and explore ways to mitigate it. Here are some steps I believe companies should take with their Indian service providers:
·  Re-examine suppliers’ disaster recovery and business continuity plans. Traditional disaster plans for events like earthquakes and fires fall short of the “new age” disasters caused by terrorists. Firms should focus on a supplier’s ability to shift their work — ideally along with trained resources — to alternate locations in record time. Factors such as proximity to airports, continuity of flight connections, and a city’s terrorism attack history and plans in the event of an attack are some new points firms should look at.
·  Increase your emphasis in the continuity of process and applications, not just infrastructure. Given that much of the work outsourced to India is process centric — be it BPO, call centers, or applications hosting — it is of the utmost importance that process continuity and application hot swapping is maintained. Our experience shows that traditional disaster plans place much greater emphasis on the data center and the network.
·  Promote usage at smaller cities. Tier two and tier three Indian cities are — at least to date — less risky. Bangalore, Delhi, and Mumbai have seen multiple rounds of organized terrorist attacks and will likely remain as soft targets. In comparison, tier two locations such as Cochin, Coimbatore, Mangalore, and Pune have so far been relatively safe places. In addition, these places offer less attrition and are much more cost effective.
·  Assess your supplier’s campus security. While Forrester has noticed that security — especially at the entrance of firms with larger campuses such as Infosys and Wipro — has been substantially increased in the last two years, we encourage sourcing professionals to check whether the provider has multiple levels of security in place. If possible, conduct random inspections, ask the provider to show their campus security log, and periodically witness steps they have taken to ensure that they can deliver the work without disruption. Since clients (and analysts) often all pass through one standard gate to access secure areas on campus, arrangements may appear sufficient. But given that several providers’ campuses house over 10,000 people, have a dozen or more gates, and use more than 300 buses to transport the staff, one can imagine the complexity of the challenge.

By Allison Thresher
Discussions with clients in recent inquiries and at the first edition of the Building The Vendor Management workshop inspired this blog.

Forrester defines the sourcing lifecycle as including three major elements: preparation, execution, and vendor management. While everyone seems to agree about the activities included within this lifecycle, we’ve found that there exists significant debate concerning what falls into each area as well as what you might call these elements (sourcing? Procurement? Vendor management?).

To illustrate: in the case of demand management, one could say that this hits at both the preparation and vendor management phases of the cycle. Moreover, from an organizational standpoint, this might well be the responsibility of either procurement or the vendor management group. 

We’re interested to see how our clients and readers weigh in on this issue. Please feel free to leave comments or questions on this issue. Analysts from the team will be weighing in as well.

by Tim Sheedy
HP today announced that they plan to acquire EDS for US$13.9 billion. The company plans to integrate HP’s outsourcing capability into EDS — but at this stage no one is certain what will happen for the consulting and systems integration capabilities.

While it is still very early — the deal needs approval —it is expected to go through and should close in H2 2008. What we can predict with absolute confidence is that there will be a lot written about this over the next six months and there are still a lot of uncertainties.

Make no mistake: this is a BIG acquisition for HP. The companies' collective services businesses, as of the end of each company's 2007 fiscal year, had annual revenues of more than $38 billion, 210,000 employees, and were conducting business in more than 80 countries. This merger will distract both companies for the next two years as they determine the best way to merge their businesses. In terms of capabilities, there is a huge amount of overlap — and while the deal will bring the company scale — it will also add a huge amount of complexity. For example — in every process that the businesses undertake for managing a desktop, a decision will have to be made whether to take the HP process or the EDS process. Then there will be the massive amount of retraining required — and on top of that, decisions will have to be made about how current clients are managed (i.e. whether to change the processes with them, keep the existing ones, etc.).

So if you are considering EDS or HP now for a project or an outsourcing engagement, should you continue to consider them? YES. But, proceed with caution. This acquisition could be considered a huge leveraging point for you to help bring down the HP or EDS price. In the end, the salespeople will have quotas that they have to hit, and you can use this as leverage in the deal. However, make sure you manage the process tightly. Ask to have terms and conditions inserted into the contract about how the acquisition will affect your deal (will the team remain the same, will the service levels be affected, etc.). While managing vendors through tight contractual terms and conditions is never a recommended best practice, in this situation it may be necessary. But don’t forget that the two companies should go out of their way to ensure that their deal does not impact your deal.

And if you are thinking longer term but had not previously considered HP or EDS specifically for a project, should you include them now? If it is a large outsourcing project — YES — definitely. Even if for no other reason to give you more leverage with IBM, CSC, Accenture, etc. But the reality is this decision will come down to your own personal dealings with these organizations in the past and their status and capabilities in your particular geography. Will the service they offer get any worse? Unlikely. Will it get any better? Watch this space…

by Lisa Pierce
Prior to yesterday’s announcement concerning the formation of the new Clearwire, it was becoming increasingly evident to us from both an opportunity and cost perspective that Sprint’s near term objectives for Xohm’s should be refocused — less initially towards serving the needs of high end mobile consumers — and more towards the needs of enterprises — particularly those with small sites who would like to ‘cut the cord’ on ILEC T1 access. That a number of technical issues would have to be worked out to meet this aim is certain. But demand for such connectivity — especially from a nationwide provider — is sky high. Moreover, Sprint’s share of enterprise networking is small; this type of offer could provide it with an important impetus for growth.

The substance of yesterday’s announcement does nothing to diminish business customers’ needs for alternatives to incumbent strangleholds, but it does raise more questions than answers about the ability of the new entity to serve their needs. Based on its cast of owners, the new Clearwire is decidedly focused on consumers. Despite this, it’s possible that Intel and Sprint together could exert the necessary influence to prioritize funding modifications to make WiMax enterprise-class. But whether this will occur soon is unknown. Should this type of opportunity be missed, it only reinforces the dominance of the current AT&T-Verizon duopoly.

by Tim Sheedy
A factor that tends to be considered when choosing an IT service provider is how many project failures they have had – particularly when some of those failures are large, costly, and well-publicized. And if that is not a formal consideration, project failures are often on the mind of sourcing organizations. In fact many companies that I have spoken with over the past 12 months have actively excluded some players from their short list due to their previous failures. These types of metrics tend to work against the large players as they have more contracts and therefore, if they run at an industry average failure rate, they are most likely to have more failures. IBM, as the company that probably does the most IT projects, has the most failures (assuming that their failure rate is the same as that of their competitors) – and this works against them. I have actually heard people say that they would never have IBM in as an IT services partner because of the fact that so many of their projects fail. And this does not only refer to IBM – you could switch in any large IT services vendor’s name here as the sheer number of projects they work on means that they are likely to have more problems too (as very few IT projects go smoothly). If the failure rate is 1 in 10 (and this is just a guess) then a vendor that has undertaken 1,000 projects will have more failures than one who has undertaken 10…

In my humble opinion, focusing on failures or project problems is a short-sighted view. Project failure is rarely the fault of your IT services partner – even if it is, it is your fault for not managing the process effectively and pulling them up before it turns into a failure. The only time when the partner is to blame is when they promise to do something that simply is not possible – and again, they are probably just responding to your impossible requests.

The “X-factor” that seems to separate the average from the excellent in IT implementations is not their ability to avoid failure, but how they respond to failures and issues when they invariably do happen. I just completed many client reference interviews for the ANZ SAP Implementation Wave that I am working on at the moment, and nearly every client had a major issue at some stage within the project. Now remember that these client references were actually supplied by the providers themselves, so these are the GOOD ones – which means that in the real world the number of major issues within projects is even higher! It is how the provider responds to these challenges that sets them apart. Some have great project management to resolve the situation, some have individual experts who went above and beyond the call of duty to fix the problem, and some have management who were happy to step in and do whatever it took to ensure the project gets back on track.

So therefore when you speak to client references (which you should do before undertaking a major project or outsourcing a large chunk of your IT) focus more on the problem resolution aspect and less on the rate of failure or the number of issues – for you will have issues no matter how much planning and prep work you do! What you will find out in the process can be hugely valuable when looking for the right partner. For example, one company I recently spoke with mentioned that whenever things went wrong, the senior management of their partner always stepped in to make things right. On the surface that sounds great – exactly what you are after in a partner – commitment at the management level! But they then went on to say how the CEOs of both their companies are good personal friends and look out for each other. This should ring warning bells (unless, of course, your CEO is good mates with your IT services partner’s CEO!). Others mentioned how whenever there were problems they were resolved due to their own company’s great project management methodologies. If you don’t have these great methodologies then this is something to watch out for as well.

Projects do go off the tracks. And while I have no empirical data to prove this, my gut feeling is that the number of failed projects has decreased significantly over the past few years as project implementation methodologies improve, IT departments are closer to the business to ensure project alignment, and project sizes have decreased (or at least implementation times have shortened). It is how you and your partner respond to the issues that will define not only the outcome of the project, but how much grey hair you get along the way.

I was fortunate enough to attend the SAP Influencers Summit in Boston towards the end of 2007 - this gave me the opportunity to get a better understanding of SAP's product and solution vision going forward and of the challenges that both SAP and their customers will face over the next few years.

One of the biggest issues that will also be the hardest to resolve is the shortage of skilled SAP consultants. This will not only make it difficult to source the best skills for a project but will also drive up the cost of SAP implementations as the demand for the limited skilled resources continues to increase while the supply stagnates. SAP themselves forecast that between now and 2010 the market will need between 30 and 50 thousand new SAP consultants. And while India, China and other low-cost high skilled markets may take up some of that slack, our recent research into SAP Implementations (undertaken by Liz Herbert & Stephanie Moore in the US and myself in ANZ) has shown that there is usually a requirement to have a considerable proportion of people on-site in SAP implementations - so skilling up within the offshore providers will not fill the gap entirely.

SAP will need to make a number of changes to the SAP ecosystem in order to lower the entry barrier and make it more attractive for both new graduates and consultants skilled in other ecosystems. With the reduced numbers of IT-based graduates coming through universities in many developing countries on top of an aging workforce with a large proportion of staff retiring in the next 5-10 years, just maintaining the current skills base will be difficult. SAP will need to look to other non-traditional sources of skilled labor. An example of this in Australia is where they have teamed up with a local TAFE college (a technical education institution traditionally known for training tradespeople) to offer SAP certification. While this is a step in the right direction for them many more such as this will be required to ensure the SAP consulting market does not price the complete SAP solution (software plus services) out of the market.

SAP themselves are experiencing the same challenges as the other SIs in sourcing skilled consultants for their own internal consulting business. They have begun to "productize and standardize" processes and knowledge within the business in order to make the roll-out of SAP solutions less labor intensive. And this is the best way for both you as a sourcer of IT services, SAP as the software provider and the SIs themselves will need to go about solving the challenges faced by SAP implementations. More of the approaches to implementation and integration will need to be standardized, automated and templated in order to reduce the requirement for skilled SAP consultants.

I believe that in the long run we will be moving towards a polarized market for SAP skills - where the the less complex implementations and those that can be highly automated or templated will be sent offshore for the most part, and the more complex implementations that do will remain onshore. This is not implying at all that the offshore-based vendors will only do the simple implementations and the offshore ones will do the complex ones - as the line between offshore and onshore vendors is gray.

Acquiring and retaining in-house SAP consultants will continue to be a challenge - if you have not already you should consider moving  your SAP consultants up the skills stack and outsource much of the basic maintenance and management of the existing solutions. Have your internal people work on the more exciting projects where the business outcome can be understood. This will hopefully stop them from accepting the lucrative offers to join an SAP SI that abound in the market at the moment.

From an enterprise user perspective, the appointment of Dan Hesse as Sprint's new CEO is the appointment we hoped Sprint would make. The company is facing a number of important challenges, and thus can greatly benefit from Mr. Hesse's depth of industry experience. Several key issues that the new CEO should swiftly address include:

1. The appointment of a chief operating officer. Sprint's ambitions and challenges are such that one man can't do it all in the timeframe that critical decisions need to be made and executed upon. Despite Mr. Hesse's strong track record in telecom operations, the COO position is a full time job, and Mr. Hesse already has one as CEO.

2. The future of enterprise services, particularly landline. Enterprises need alternatives to the effective duopoly of AT&T and Verizon Business and would like Sprint to be a key enterprise service provider going forward. In order to fulfill this objective substantially, sustainable commitment from Sprint and its new CEO is required in 2008 and beyond. 

3. The future of WiMax. A key component of commitment to enterprises is their need to find an alternative access mechanism to traditional ILEC T1 connections, which are expensive and increasingly prone to outages.  WiMax has the potential to be that vehicle, and can bring with it packets and minutes to enhance Sprint's top-line revenue.

- Lisa Pierce

The change of command at the top is never an easy undertaking.  However, we see opportunity in Sprint's decision to bring in a new CEO, especially when considering enterprise services.  With the consolidation of providers to near-oligopoly status in the US, we think a new CEO at Sprint's helm could help re-energize the languishing domestic enterprises services marketplace – if (and it may be a big if) he or she elects to re-commit Sprint to enterprise services. 

• First and foremost, this would require a significantly deeper commitment to enterprise landline services, something that Sprint has been falling farther and farther behind via-a-vis its competitors. 

• Secondly, the use of WiMax as an alterative to traditional T1 connections for smaller enterprise sites has potentially huge potential to improve the customer experience—both for end-to-end service performance, and at lower prices.  Virtually every enterprise client we work with says they are interested in 'cutting the (ILEC) cord' for their smaller sites. 

• And more and more enterprises are also looking at mobile services as critical business enablers.  Among the largest US enterprise telecom service providers, Sprint has been the strongest vocal advocate of mobility, but it has not been the strongest on total delivery of these types of services to the enterprise. For instance, clients tell us repeatedly that Sprint's 3G activation experience needs improvement. So, it's time to re-commit here too.

• Regarding its support for multinational enterprise customers, the provider's strategy also needs reinvigoration – mainly around managed mobility (including mobile voice and data roaming).  Given all the items on Sprint's enterprise plate, its current partnership-oriented approach to supporting international customers is good enough.

The more that Sprint embraces a renewed focus on building up a stronger, broader, and deeper suite of enterprise landline and mobile services and an improved customer experience throughout the entirety of the contract lifecycle, the more enterprise clients should look at Sprint. It's been said that actions speak louder than words. A new CEO's actions will tell us all volumes about Sprint's future viability as an enterprise telecoms supplier.

by Lisa Pierce and Brownlee Thomas, Ph.D. 

I attended an event last week with HP in Christchurch in New Zealand. The event was aimed at positioning the New Zealand operation as an offshore location for Applications Modernization. The model definitely has merit. In 2005 HP acquired CGNZ, the New Zealand operation of Cap Gemini that had previously gone independent through a management buyout. This acquisition has given the HP New Zealand operation the status as second largest consulting and systems integration vendor in NZ - one of the few economies around the world where HP has such a presence in this market.

The skills acquired have given HP a considerable presence in the Application Modernization space - providing some good processes and methodologies for export to other locations around the world. While it is hard to quantify why, New Zealanders bring an ability to look at challenges from different angles and think outside the square when approaching projects. Other offshore locations may be better (and cheaper) at running the process, antipodeans (loosely defined as Australians and New Zealanders) clearly are good at developing the process in the first place.

The challenge that HP will face is that NZ is not on the way to anywhere. It is an "out of the way" location and one that does not have access to a largely under-utilized and well educated workforce such as that in India, China and some Eastern European countries. And while the New Zealanders will have the ability to hop on planes to help define and lead opportunities and projects in all parts of the world, it is not a great model for business. The NZ operation has had success with a number of high priority business IT implementations for Australian and New Zealand enterprises and government departments, and this is partly due to the fact that CGNZ already had the relationships at the senior business level within their clients. HP, in many countries, does not have these relationships - they are very strong in the CIO world but not so strong in the business leader/CEO world.

The real opportunity for HP in NZ will be as an internal process development center - to help create and build processes for offshoring Applications Modernization and Testing - and then to implement these processes within HP's larger offshore centers - particularly those within India.

For me, the real outcome of the event in Christchurch was the ability to see how successful HP could be in the consulting and systems integration markets when they acquire a good and established player in this space - one that brings with it the business and IT relationships to push HP's message and its solutions all the way through an organization.

HP is clearly strong in the IT infrastructure services market - but to truly benefit from the shift to Business Technology they will need a strong partner or acquisition that can take them to the CEO's office and have HP help to define the strategic direction of IT within their clients.