Insource, Outsource, Everything as a Service

I have spent a long time in and around the IT industry – 24 years and counting. During this time I have been a consultant, lead an outsourcing team and now I am a CIO. As a result I have been both a seller and buyer of services. Currently as the CIO of The Warehouse, I get approached many times a year by vendors who want to sell me something. Some of them (but not many) actually want to help me and my organisation succeed. Trade magazines and online forums are full of articles about the merits of cloud computing and outsourcing. Most of these stories urge CEOs and CIOs to change the way they buy computing. The current theme is that everything should be bought on demand; don’t own anything as others can do it better and cheaper. Not so long ago strategic outsourcing and ERP filled the magazines and while the buzz has gone from the media, vendors still knock down doors on a regular basis to impress upon you, your CEO and your team that their services are the ones that will make the difference. It is great to have choice, but how do you decide? Whenever I am approached by a vendor the questions I ask myself are:

  • Is the process or functionality being discussed strategic and/or a source of competitive advantage for my organisation? If the answer is yes then I am unlikely to commit to an externally-provided solution. Why? Because building and maintaining sources of competitive advantage are critical to the future success of the business and core to my job as an executive and as a member of the executive team leading the organisation. While you do need to avoid the tendency to see competitive advantage in everything you do, where it is genuine I will keep that in-house. Because to outsource the most important services, is in effect to outsource the primary responsibility for your job.
  • Can the provider meet the service levels that I need?Many vendors bombard you with a huge list of certifications and performance statistics to show how credible they are. ITIL and CoBIT compliant, ISO X, Y and Z certified, CMM level and so on. Most vendors talk about availability, many are proud of their 99.99 percent or 99.999 percent availability. This list of achievements is impressive and very few corporate IS teams can match the full array of certifications and point to 5 9’s availability. The real question however is, does it matter? While some of the services I provide do need to be highly available (Eftpos for example) very few of my services need to be at 99.99 percent. What does matter to me is geographical diversity. I need to provide services into many of New Zealand’s small towns. Greymouth, Alexandra and Kaitaia for example. The point is, I don’t want generic solutions and certifications I want my specific needs met.
  • Are your services cheaper than what I can provide myself for the required level of service?It will not be a surprise that cost is a major factor in any deliberation of how to source. I have had many discussions with sales teams where they have tried to convince me that cost is not all that matters. There are the vast array of value adding services that they can bring. Value adding to who? As the services that I am looking for an external party to provide are unlikely to be strategic or critical to my competitive advantage (see question 1!), cost for the agreed level of service that I need IS THE criteria and anything past commodity prices is added cost for no value.
  • Are you prepared to share my risk? Most vendors are very good when talking about risk early in a sales cycle. Most vendors however, want no part of risk when it comes to the detail of the contract. While you can never truly “outsource” risk as it is my business that suffers when a service fails, suppliers need to recognise the critical nature of what they do for their clients. They also need to demonstrate they believe in the quality of what is on offer and the value of those long lists of certifications. The best way I know to do this is to put some skin in the game and agree to put things right when they go wrong. So, how do you decide? What will you have to pay in order to meet the required level of service?

 

First published on cio.co.nz