The Hindu Business Line : Take guesswork out of outsourcing engagements

Let me begin with the story about a medium-sized IT (information technology) consulting organisation that had an outsourcing project. It was so fraught with communication failures that it was labelled `Project Misunderstanding.' How sad!

"The project involved 20 software engineers, 5 systems analysts, 2 quality assurance personnel and a project manager, lasted for eight months and involved interaction between staff members at the US corporate office and the offshore staff in India." The US-based group was responsible for `requirements gathering, final testing and delivery,' write Mark J. Power, Kevin C. Desouza and Carlo Bonifazi in The Outsourcing Handbook, from Kogan Page (www.vivagroupindia.com) .

There were over 20 critical misunderstandings between requirements gathering and design phases. Reasons? "Poor standards of documentation, usage of localised jargon, and making assumptions on what knowledge was possessed by the team in India." The initial meeting between the two groups didn't happen because `no one specified the reference time'. How so? "An excerpt of the e-mail from the US project manager said, `let us schedule a meeting for 4 - OK?' The response from the team leader in India went, `sure... see you then.' Never was it clearly specified whether this was 4 a.m. or p.m. and in what time zone."

Failure to communicate effectively is one of the most commonly cited reasons for outsourcing failures, note the authors. It is important, therefore, to set the communication conventions. "For example, what is meant by `urgent'? And if a matter is urgent does one call or send an e-mail; how long should the average response time be; what happens if the primary contact is not available... "

The book begins with `ten common traps of outsourcing'. Trap 8 is `not appreciating cultural differences'. Even if the vendor speaks English, it may be a dialect that causes key points to become distorted in the interpretation, caution the authors. "Subtle differences in language and the context of words make for distinct semantics."

It may be sobering to read this snatch about cultural differences closer home: "Indian companies are hesitant to tell their UK or US clients that they do not have the capabilities to execute an assignment or that they are experiencing problems during a project. The clients may not know, until the final days before a milestone, that the project is not on schedule or that there are significant cost overruns or functional deficiencies in the deliverable."

A section on `knowledge management' distinguishes between employee possessing knowledge and organisational knowledge. The latter is not the simple summation of individual know-how, explain the authors.

"Once organisations have the basic outsourcing life cycle in operation, they must begin to create knowledge about it. Doing so will require them to seek feedback from those involved in the various stages of outsourcing, have them document their experiences, and share these experiences."

One simple way to create organisational knowledge is to conduct post-mortem analysis after projects. "The intended result of post-mortem should be learning and not project evaluation. Evaluation can lead to people not sharing experiences that they think can embarrass them."Take the guesswork out of the outsourcing engagements by using the right metrics - that is, `critical indicators against which to benchmark performance'.

Four rules that the authors lay down about metrics are: "Measure a stable process. Understand the nature and variations in processes. Use multiple measures. And never manipulate metrics." Useful guide.

Auditing tools work both ways

Do you want to become a `Certified Wireless Security Professional'? If yes, here is the `official study guide', CWSP, second edition, from Tata McGraw-Hill (www.tatamcgrawhill.com) , written by Grant Moerschel, Richard Dreger and Tom Carpenter.

"Many things have changed in wireless networking since the first edition was released in 2003," notes the introduction. For example, three years ago, cracking WEP (wired equivalent privacy) needed hours or days, but now it can take just about six minutes. "Not only have older attacks gotten easier, but newer attacks have been introduced as well." To ensure that you perform well in the certification exam, the authors insist on hands-on experience with the technology; this will `really lock in the concepts from a practical perspective'.

Chapter 1 is on wireless LAN (local area network) auditing tools. Auditing, in the context of network security, means `the act of verifying if the configuration of the network is in compliance with policies and provides adequate protection from attackers of both the malicious and unintentional natures.'To perform the many auditing procedures such as `penetration testing, configuration verification, and so on' there is `an extensive list of software and hardware tools'. But remember, "auditing tools double as discovery or hacking tools for the attacker or bandwidth thief," warn the authors.

The chapter on `gathering information' discusses the many methods that prospective attackers use. One method is `garbage collection' or `dumpster diving'. This involves "digging through the trash or any other discarded materials, like old computers, to find information that might be helpful for a network attack." So, be careful with flip charts used in network planning meetings! "The only real protection you have against dumpster diving is effective training in sensitive material disposal." Use the shredder effectively, therefore, and switch to `dry erase boards' instead of flip charts.

`War driving' is another phrase that frightens network administrators. Perpetrators use this method to find `free high-speed Internet access and networks on which to practise their intrusion skills'. How is this done? "Using NetStumbler, Airopeek, a spectrum analyser, or any number of other tools, anyone can drive through a city or neighbourhood and easily locate wireless networks." What does the unauthorised person gain by riding on the network? Free Internet access? No, that may be the very least he may look for. "Using simple auditing tools, a malicious attacker can scan a network for other devices or even use the VPN (virtual private network) connection from the gateway into a corporate network."Ever heard of `war chalking'? A relatively new term, say the authors. "The practice involves marking a sidewalk or building near an accessible wireless network with chalk, notifying other war drivers that there is a wireless network nearby, and offering clues as to the structure of the network."

One learns that there is a developing language of signs for those who practise war chalking, available on www.warchalking.org. Thus, "If a network has been war chalked, that network has also been war driven or war walked. If a network has been war driven, that network has likely been hacked, or at least `borrowed' for free high-speed wireless Internet access... "

Looks like CWSP certification is what we may urgently need!

Tailpiece

"We were getting so many projects wrong that we appointed a CU."

"You mean, a new CIO?"

"No, CU for chief undertaker!"

http://BookPeek.blogspot.com

More Stories on : Books | Books 2 Byte | Outsourcing

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page