Capability: Cloud Development & Migration

Customising your infrastructure in the cloud

How to spot a failing outsourced relationship

Posted on: 8 November 2021
How to spot a failing outsourced relationship

A relationship breakdown is never easy, not least when it’s with your IT outsourcing partner. But what makes a seemingly good relationship go bad, and can you spot the signs of impending IT outsourcing failure before it’s too late? To get some insight from both sides of the relationship, we asked Backbone Connect Co-founder and Director, David McLeod, as well as our own CACI Network Services Sales Director, Liam Delaney, to share their outsourcing experiences, reveal the red flags to watch, and the secret to maintaining a successful relationship with an IT outsourcing partner. Here’s what they told us…

1. Communication has broken down

One of the earliest warning signs that your relationship with your IT outsourcing partner is flagging is that the frequency of your communication has dropped. “There’s always a honeymoon period with any new outsourcing relationship – the energy levels are high, and contact is constant,” explains David. “The issues arise when that contact becomes less routine and conversations turn forced and fractious,” he continues.

“Confusion about how a team should communicate with their outsourcing partner can also lead to protracted conversations and frustrations from both sides of the relationship if they’re not clearly defined at the outset,” says Liam. Further, changes over time can significantly contribute to communication barriers. “Through the duration of any long-term outsourcing relationship, team members leave, and a legacy starts to develop, which limits the potential of your outsourcing partnership,” says David. Liam agrees, “Whenever there’s a major personnel change on either side of the partnership, it’s time to review the service and make sure that it’s still meeting your needs.”

2. The vision has become (or already was) blurry

While both David and Liam agree that a successful IT outsourcing relationship is one that evolves over time, Liam highlights the necessity of starting the relationship with clear expectations. “You can’t outsource a problem that you can’t define,” he warns. “Outsourcing partnerships can bring a wealth of expertise and experience into your team as well as achieve cost savings, but you need to be clear on what success you’re looking to achieve.” If the goals aren’t clear, it can be difficult for an outsourcing provider to take effective action.

David also advocates working with outsourcing partners whose cultural values align with your business to ensure longevity in the relationship. “Your business’s culture is the one constant, unchangeable thing, so it should be one of the key measures you use when considering any potential outsourcing provider.” He adds, “Put simply, if you’re wearing t-shirts, and they arrive in business suits, you’re likely to have a problem.”

3. Fingers are being pointed

“When something goes wrong and blame is being thrown around, you stop being on the same team and your pathway forward becomes blocked,” says David. Liam agrees, “A good outsourcing provider is one that acts as an extension of your team, always looking to add value and deliver positive outcomes, especially when tackling an unexpected challenge.”

While it’s important to understand why a problem has occurred, both David and Liam agree that maintaining open, honest and constant communication can ensure both sides of an outsourcing relationship resolve conflicts and challenges together, although David notes that “when you seem to have a stream of issues, a stigma can become attached to the outside party, making it difficult for that partnership to continue effectively if it’s not addressed.”

Liam says that establishing a communications flow which facilitates continuous feedback is one way to avoid minor problems becoming bigger issues, although he also acknowledges the value in a proactive vendor – “At CACI, we’re always trying to anticipate our clients’ potential roadblocks and challenges, so we’re providing solutions before something becomes a problem.”

4. Your contract has become a constraint

A contract provides both parties in an outsourcing relationship the benefit of structure and protection, but it can become a barrier to progress when projects pivot in a new direction. Working with a vendor that can be flexible and offer an element of elasticity in their approach can help to avoid partners becoming stuck in a bind.

However, the size of an outsourcing provider can also impact on how agile a partner can afford to be, warns David. “Smaller organisations are typically more agile than bigger providers, but they can be highly volatile as they grow and evolve, which can lead to issues later. On the flip side, a very large outsourcing provider may not be able to offer the personal, value-add partnership that you’re looking for.”

Liam also advises that businesses pay attention to the finer details when firming up their outsourcing requirement. “It’s important to consider the unexpected and unusual use case scenarios. You can’t capture everything, but having awareness and alerting your vendor of the potential changes and challenges ahead means they can be prepared to act and adapt, preventing your project from coming to a standstill.”

5. You’re not growing together

“A clear sign that your outsourced relationship isn’t working is when you start to feel anchored,” says David. An outsourced relationship that continues to evolve and enhance your business as it grows is one that is truly valuable according to our experts. One way to form a relationship that adds long-term value is to select an outsourcing partner that has a wider capability offering. “I’m always thinking about the longevity of a relationship, looking beyond the initial requirement, and thinking about what else we can do to add value to our clients,” says Liam.

Nonetheless, capability isn’t the only thing to look out for. As Liam explains, having a future-focused mindset is also critical to a long-standing relationship. “I believe that the most successful partnerships are the ones where the provider brings both vision and value. They’re not just focused on what the client currently does, but they’re looking at what else they can be doing to improve.”

However, both our experts noted that, like any relationship, an outsourcing relationship requires investment and trust to realise its full potential. “It’s all about building and nurturing a partnership,” says Liam. David agrees and adds, “Trust is critical, and it’s not established overnight. Take the time to get the basics right – once you’ve got that with the right partner, you can achieve much bigger things.”

Looking for an outsourcing partner to help with your network operations? Contact our expert team today

7 signs that your company needs to outsource IT

Posted on: 21 September 2021
7 signs that your company needs to outsource IT

From reducing costs to meeting tight project deadlines and accessing specialist expertise, there are many advantages that come with outsourcing IT, but when does outsourcing offer the most benefit to businesses? We asked Brian Robertson, Resource Manager at CACI, to reveal the common signs that indicate a business would be better with an outsourced IT solution.

1. Your IT costs are high

Are budget worries keeping you up at night? Cost control is the most obvious reasons for businesses outsourcing IT. Indeed, a 2020 study by Whitelane Research found that 71% of UK businesses said that cost reduction was the main driver for outsourcing IT. But, is outsourcing really cost-effective?

“Just having a couple of IT specialists on your payroll can really rack up costs,” says Brian. It’s not just high salaries and the cost of employee benefits that are a concern. Companies that opt to run in-house IT departments also face the costs of purchasing, maintaining, and upgrading hardware as well as purchasing the software they need. “With outsourcing, these fixed costs become flexible, allowing you greater control of your budget,” says Brian.

2. You have skills gaps

The severe shortage in tech skills has long been a challenge for businesses, but as Brian explains, “The pandemic put organisations across every industry on a fast-speed trajectory to digitalisation.” He adds, “now, the focus is to keep that momentum going, but we’re seeing that many of our clients are looking for very specific expertise in a fiercely competitive and increasingly expensive marketplace.”

With recent research by ManpowerGroup finding that 69%, of employers globally are struggling to find workers with the right blend of technical and interpersonal skills, it’s clear that many businesses are fighting a losing battle. “This is where working with a trusted IT outsourcing partner can prove to be a strategic move,” says Brian. “A good outsourcer will always assess their client’s requirements holistically – matching skills and experience as well as cultural fit with end goals.”

3. Your IT infrastructure is outdated

“IT infrastructure is a vital component in every business, but it can become a huge drain on productivity, not to mention a growing security risk if not invested in,” warns Brian. He adds, “However, upgrading an outdated infrastructure is a resource investment that many lean I.T departments can ill-afford, creating a stalemate situation that prevents a business from maintaining competitive advantage.”

Therefore, if a business is struggling to maintain and manage its day-to-day IT operations,  outsourcing may provide a practical solution. In addition to unlocking access to the latest and greatest tech, working with a reliable IT outsourcing partner will ensure your IT operations are optimised for enhanced performance, releasing your in-house staff to focus their efforts on achieving your business objectives.

4. Your business is vulnerable to security threats

Cyber security breaches are increasing. According to a survey released by GOV.UK last year, 46% of UK businesses and charities reported a cyber attack during the year, with 33% of those claiming they experienced a cyber breach at least once a week in 2020 – up from 22% in 2017.

The growing sophistication of cybercrime puts immense pressure on in-house teams as they struggle to stay on top of critical security practices such as 24/7 networking whilst also maintaining the myriad security systems they have in place. As Brian warns, “When it comes to cyber security, it’s not just a case of having the right technology in place, you need round-the-clock specialists that have the experience and expertise to utilise those tools and prevent potential threats before they become a problem.”

The global shortage in professionals with the right security skill sets are an additional challenge for businesses as they struggle to recruit and retain the specialists they need. Partnering with a trusted IT outsourcer can provide a cost-effective and reliable solution, as outsourcing removes vulnerabilities by ensuring a business’s security defences are ‘always on’.

5. Compliance is a concern

While cyber security is one concern, ensuring regulatory compliance is another, particularly in heavily regulated industries such as financial services. Failure to comply can lead to reputational damage and hefty fines, but to ensure compliance, organisations must have the capability to implement, maintain, monitor, and accurately report on IT infrastructure and security processes. As Brian explains, a partnership with a reliable IT outsourcer can offer significant value to a business that is under pressure to maintain compliance, “As well as providing the necessary resources and expertise to ensure compliance, an outsourcing partner will keep abreast of regulation changes, so your business is always one step ahead.”

6. You need flexibility

When you’re embarking on a new project, getting the right people with the right skill sets in place can be a difficult task. While upskilling your existing team members can be beneficial, inexperience coupled with a limited bandwidth can pose major risks to your project delivery as well as have a negative impact on your day-to-day operations. These problems are more acute if your delivery deadline is tight.

“Hiring new talent in-house is an option, but often it’s not the best one if a project is short-term or requires a range of specialist skill sets,” explains Brian. In these instances, partnering with an IT outsourcer can provide the most strategic, timely and cost-effective route forward because solutions are tailored to your specific needs. “Clients also gain from the insights and expertise of an experienced team – with the added benefit of elasticity to adapt if requirements change,” says Brian.

7. You need niche expertise

More budget-friendly than hiring a team of in-house specialists, and more reliable than challenging your existing team, outsourcing IT is often the most effective option when it comes to delivering projects that require niche expertise such as cyber security. Brian also highlights the benefit of introducing an outside perspective, “One of the most overlooked benefits of outsourcing is that businesses don’t just get access to specific skills and knowledge, they get to tap into a whole wealth of experience.”

“That’s why it’s so important to look for an IT outsourcing partner that has a proven record of proficiency and delivering results. Knowing what’s worked before, how to handle specific challenges, and what pitfalls to avoid –is truly invaluable to finding the solution that’s really going to work for your business.”

Looking for a reliable IT outsourcing partner? Share your requirements with our expert team today

Secure home working part 2: Three more key questions to ask your technology team

Posted on: 21 June 2021
Secure home working part 2: Three more key questions to ask your technology team

Every team faced new challenges during COVID-19 disruption, but your technology team might also have faced the monumental task of transitioning everyone in the company to home working. It’s impressive how quickly everyone adapted – but as we explored in the first blog post of this series, that speed has left many companies with some worrying gaps in their security profiles.

Now the dust has settled, and employees are into the rhythm of remote working, it’s time for technology teams to take a step back and assess their security measures. To keep your teams and data sets safe, your technology team should be regularly backing up your data, managing user privileges, and updating your security patches and signatures. If these key maintenance processes are ignored, it could put your entire company at risk.

To help put your mind at rest, we’ve gathered some key security questions you can ask your technology team to ensure they’re keeping your company safe.

QUESTION #1: HOW OFTEN ARE YOU AUDITING USER PERMISSIONS?

While setting teams up for remote working, it’s likely your technology team needed to grant new users access to various applications and storage locations. But now that remote working has become a new normal, it’s important to go back and regularly audit who has access to specific data sets.

And it’s not just about setting the right privileges. It’s also about actively monitoring when certain documents are being accessed. If your company experienced a data breach, it would be difficult to track down the source that caused it without accurate records in place. These logs and ledgers should be managed by your IT administrators, and analysed often to check that important data isn’t being accessed by the wrong users.

Luckily, these steps aren’t difficult. Most cloud storage providers and security solutions offer easy-to-use tools for tracking user privileges and data access reports, and even enable IT administrators to set up alerts for any suspicious activity. But it’s still important to make regular audits and remove permissions when they’re no longer needed – especially at a time when it’s difficult to determine who has access to your employees’ devices.

QUESTION #2: IS OUR DATA BACKED UP – AND CAN WE RECOVER IT WHEN WE NEED TO?

Storing your data on a cloud service isn’t a case of uploading and forgetting about it. Instead, you need to make sure you understand your responsibilities for backing up and protecting your data.

All cloud providers follow the “shared responsibility model”, which dictates which party has responsibility for specific security measures:

  • As a customer: you’re responsible for everything in the cloud – including your data, the firewalls you use to protect it, and the users you grant access to.
  • As a cloud provider: they’re responsible for the security of the cloud – including the compute, storage, and networking capabilities.

This distinction means that if an important data set goes missing, it’s not likely you’ll be able to hold your cloud provider accountable. So, whether you use native capabilities built into your cloud platform or create a physical data backup location for critical data sets, it’s important you have a strong replication strategy in place to protect yourself against permanent data loss.

QUESTION #3: ARE OUR SECURITY SIGNATURES AND PATCHES UP TO DATE?

Everyone knows how frustrating updates can be – they take valuable time from the working day, reduce productivity, and are often prompted when it’s inconvenient for the user. And due to these frustrations, many employees don’t keep their devices regularly updated with the latest security patches. But sometimes, a small compromise in productivity can save the stress and cost of a major data breach.

If patches and updates are ignored, it can create some major gaps in your security profile. In fact, in last year’s Security Boulevard report, it was revealed that 60% of data breaches were linked to a vulnerability where a patch was available, but not applied.

It’s down to your technology team to make sure all patches and security signatures are being kept up to date across your entire team. That means making mandatory, scheduled update bookings – ideally out of working hours – and maintaining a clear visibility of every employee device on your network. And the same process should be made for your cloud platforms too, ensuring you’re effectively protecting your data where it resides.

PROTECT YOUR DATA DURING THE REMOTE WORKING PERIOD

There’s a lot to think about when it comes to data protection, and it can quickly become overwhelming if you haven’t got a clear strategy in place. But don’t worry; we’re here to help.

We’ve created a short, one-page checklist that covers the key points you need to think about when assessing your security profile.

And if you missed the first blog post in our series, take a look to find out how you can strengthen your data management strategy.

Secure home working part 1: Three questions for stronger data management

Posted on: 21 May 2021
Secure home working part 1: Three questions for stronger data management

Over the past months, we’ve all had to adapt to home working and rapidly equip teams with the tools they need to continue operating as normal. This quick shift has forced organisations to adopt new systems and services, from cloud storage platforms to file sharing tools, to keep teams connected and offer easy access to the data they need.

But in many cases, the pace of change has been prioritised over data protection. Some organisations are now left without a clear view of their security profile – creating rich opportunities for fraudsters. That’s why it’s critical you have a clear view of where your data is, how it’s being used, and who’s using it at all times of the day.

Don’t panic though; filling these data security gaps doesn’t need to be difficult. In this blog post, I’ll ask three important questions about your data. Answering them will help identify some easy ways to strengthen your security profile and keep your data safe.

QUESTION #1 – DO YOU KNOW WHERE YOUR DATA IS?

Even before the shift to home working in 2020, it’s likely you were either already using cloud services, or in the process of migrating some of your key resources to one. It’s a great way to lower your costs, improve collaboration across your teams, and give employees access from remote locations. But while cloud platforms provide plenty of benefits, there are a few security risks to look out for.

With many cloud platforms, it’s not always clear where your data is physically being stored, or how it’s being used. Even if you’re accessing your cloud service from the UK, many software-as-a-service (SaaS) and cloud storage providers rely on international data transfers and remote data centres to store and manage your data. And if you’re an organisation that handles sensitive data that’s bound by tight regulations, this process can create some major challenges.

Breaking GDPR alone – a regulation that applies to any company storing personal information about EU citizens – can cost companies up to 4% of their annual global turnover.

Our advice:

When considering a SaaS or cloud provider, look closely at their data sovereignty policies, and ensure you have a clear understanding of where your data is being managed. The big three cloud storage providers – Google, Microsoft, and Amazon – all have data centres across the globe to solve this issue, and often let you choose exactly where you want your data to be kept.

Alternatively, if your organisation has specific sensitive data sets that can’t be stored on a cloud platform, you could use a hybrid cloud model to gain greater control over how your data is stored managed.

QUESTION #2 – WHAT DEVICES ARE ACCESSING YOUR DATA?

When you sent your employees to work from home, you may not have had the budget to equip everyone with new laptops and mobile devices. And that’s okay – many organisations encourage people to use their own devices for working; it saves additional costs and improves convenience for employees. But if you’re taking this approach, it’s important you have strong, standardised security measures in place.

Using personal devices can create new data security risks that might not be immediately clear. For example, most employees will be the system administrator of their own device – whether it’s their home computer or their mobile phone – which means your technology team has limited control over their security settings. If just one person’s device is compromised, it could offer direct access to data and company infrastructure.

And it’s not just digital security you need to consider – it’s the physical security of those devices too. With employees spread across different locations, it can be difficult to know who has access to their devices. In most cases it’s likely just family members, but in a worst-case scenario, it could be a thief looking to gain access to your data.

Our advice:

Overcoming risks related to personal devices is easier when you have strong endpoint security measures in place. These can often be as simple as making regular, automatic endpoint health checks using a dedicated security solution, or sometimes even native cloud platform features.

It’s also a good idea to take the time to educate your employees around common threats like phishing attacks, to ensure they can identify them when they happen, and avoid compromising the rest of your company.

QUESTION #3 – HOW ARE YOUR PEOPLE ACCESSING
YOUR DATA?

In most modern workplaces – from schools to investment banks – employees need to transfer files to each other, access shared data, and even collaborate on the same documents. When all your teams are in the office, it’s easy to connect everyone through your company’s network – but at home, it’s a new challenge.

Many businesses have turned to virtual private networks (VPNs) for a quick, user-friendly way to connect employees from remote locations as if they’re working in the office. It’s a convenient solution, but it also comes with the compromises of reduced defence against malware, limited control over employee devices, and a lack of protective resources.

In other cases, employees may have adopted their own methods of file sharing. Popular tools like WhatsApp messaging and email are all handy for sharing low-risk documents in our personal lives, but they can’t offer the robust security measures needed for handling sensitive data.

Our advice:

To prevent employees taking file sharing into their own hands, you need to ensure you’ve got a secure, reliable, and easy way for employees to access and share data.

That might be a robust cloud platform that enables real-time document collaboration and secure data storage, or through your existing infrastructure using dedicated security measures to protect transfers.

STRENGTHEN YOUR REMOTE WORKING SECURITY PROFILE

Data management is just one half of what it takes to create a strong remote working security profile.

Read the second blog post in our home working series, where we explore the maintenance tasks your technology team should be completing to keep your data secure in a post-COVID world.