Santa Clara based Ketera Technologies, a provider of on-demand eProcurement
solutions, has just set up a development centre in India. Ketera outsourced its
design work and is currently in discussions with vendors to manage its network.
Agenda: onsite/offshore project management, certifications and security.
"Looking at the track record of the management team and its integrity to
maintain the right level of security is important. I would see if there are
checks and balances in the vendor company-if the key is in the hand of one
person, it could be dangerous," Raj Shah, a vice-president with the
company, says.
He airs a view widely circulated in foreign shores. Many American and
European firms know the potential of network outsourcing services in offshore
locations, but have apprehensions that go beyond security and loss of control: a
reason why Indian companies have few international clients in this space-traditionally
the forte of IBM, NCR, Compaq and HP. But the potential and the value
proposition, even in the domestic sphere, looks huge with more and more banks,
large hotel chains, the manufacturing industry and large software companies
looking to outsource their network management.
Many small to medium level companies, which include local systems
integrators, hosting providers, and facilities management firms, have reported
30-40 % growth rates in business in the past year. And since the base is still
small, companies with $1-4 mn of infrastructure management business today will
grow even faster.
The volume chase
This brings us to the important question of having more international
clients.
On the technologies to be put in place for remote infrastructure management,
an area of analyst concern is 'country risk'; if you have the Network
Operation Centre (NOC) in Bangalore as opposed to distributing operations all
over the world, what happens when Bangalore suffers a downtime? Vendors
obviously can't say they didn't provision for it or talk about disaster
recovery in some other country that would take another 48 hours or more to set
up. A foreign client's general uptime demand is 99.9%.
"Take the recent case. Last month, networks all over the country went
down after one land and one sea cable were cut simultaneously the same day. All
offshore centres were affected. This kind of a problem for application
development is not a big issue. The uploads configured could be done later. But
in remote infrastructure management, if a server is down, you won't even
know," notes GK Prasanna, vice-president of Technology Infrastructure
Services with Wipro.
Wipro has, therefore, invested in two NOCs outside India-the US and the UK.
If one goes down, the other takes over. Secondly, the company's solution is a
three-tier architecture; a portion of the solutions that reside on the customer's
IT infrastructure. If a customer is cut off from the world, Wipro still doesn't
lose a single client alert.
For start-ups, having multiple NOCs is a rare possibility. But MphasiS, which
is working towards getting into the remote network management business by
2005-06, has invested over $1 mn in its new Global Network Operation Center (GNOC).
"NOCs can give you a physical level of comfort. I tend to be much more
business driven. A lot of the comfort factor with clients comes from the level
of relationship that you have with them. They need to understand who you are,
your company and your background in the area," says Aditya Menon, MphasiS
group CIO.
The value network
Some medium-level players have also started thinking in terms of multiple
NOCs. Network Solutions, for example, has also invested in a GMC but had started
off with a disaster recovery center in Bangalore and is now looking at having a
second one, either in Mumbai, Hyderabad or Singapore. They are also looking at a
lot of value additions to get that international edge.
"Most of our competitors are using third party tools. All the tools we
use are developed in-house. It has its advantages: it becomes easy to control a
product since you need to customise something or the other for customers,"
Sudhir D Sarma, managing director of Network Solutions says.
NOCs are, therefore, turning into value centers where transparency of
information is given prime importance. "When a customer calls up citing
poor response, you have to figure out if it is a LAN or a WAN issue, a systems
or a database problem. Arriving at that conclusion takes a lot of time. If you
have intelligent tools, you can provide a lot of co-relation and narrow down on
the problem," Sarma informs.
A feeling of security
Security still is a concern for international companies, but no longer an
overriding one. But, most vendors need to engage a third party to do an audit of
their information security objectives, say experts.
"When you say you are BS7799 certified, it means you follow certain
systems and processes which are acceptable to foreign clients. The guarantee is,
I am not going to mix your environments with that of someone else. Assume there
is one NOC from where I manage multiple customers. I should be able to partition
all these so that security is not really a concern," says Sarma.
"You cannot do an audit yourself or indulge in self-certification. Hire
a third party who is certified to do so. They will come up with suggestions,
recommendations and architecture plans to fill existing security gaps. This will
go a long way in building confidence in foreign clients," opines Hari
Venkatacharya, president and CEO of network security firm Cyrca.
While the top 5 outsourcing companies have good security imperatives in place
for client servicing, about 500 Tier 2 IT services companies in India are still
playing catch-up. There are customers at different maturity levels in an
off-shoring programme-after the vendor proves his capabilities and
credentials, he is allowed to take work offshore.
But for Indian services giants, there are considerations apart from customer
comfort zones. It's a decision taken on merit. "There are customers who
have done enormous amount of off-shoring, for whom we run some processes totally
onshore. It is a question of stability. Secondly, even in a steady relationship
with a company, we configure the onsite/offshore model. We design the solution
in line with the responsibility we are taking," Prasanna says.
And, off-shoring has ceased to be a moneysaving game. India is no longer a
very low-cost center, going by what some companies say-retaining talent, for
one, is a cash-intensive game. The feeling is that the cost game can't keep
you in business for long. With competition and more services firms entering the
picture, the end rate to customers is obviously going to go down. Only value
will survive.
The Challenge
(For medium-sized Indian companies)
- Need to expand beyond a single NOC.
- Need for a disaster recovery plan.
- Finding and retaining good people.
- Providing market differentiators.
- Threat from existing service providers.
- Train security professionals in CISSP and CISA certifications.