Management Update: System Integrators Can Contribute to ... · Three case studies illustrate system...

Management Update: Evaluatingand Mitigating Outsourcing Risk

Every party entering an outsourcing relationship wants the deal to be asuccessful one. But only enterprises that can effectively manage risk

will be able to address the issues that will inevitably arise that couldprevent a truly successful outcome. Gartner provides advice and recommen-dations to help enterprises achieve success.

Keys to Success in Outsourcing

Entering into an outsourcing relationship is all about leveraging competen-cies and managing risk. Failure to recognize and mitigate risk throughoutthe outsourcing life cycle leads to:• Unrealized expectations• Frustration with service• Pricing that is out of line with the expected budget• A deal that will be deemed a failure nearly 100 percent of the time

In This Issue...

1Management Update:

System Integrators Can Contributeto Web Services Project Success

Some enterprises need a system integratorto help implement their Web servicesprojects. Gartner presents three case

studies that illustrate key attributes thatcontribute to the success of Web services

system integration projects.

1Management Update: Evaluatingand Mitigating Outsourcing RiskIn an outsourcing relationship, only

enterprises that can effectively managerisk will be able to address the issues thatwill inevitably arise that could prevent a

successful outcome. Gartner providesadvice and recommendations that will

help enterprises achieve success.

10Management Update: Network

Managed Services Gain in PopularitySourcing management of enterprise

network infrastructures to third parties isgaining popularity because the viability ofinnovative solutions is growing. Gartnerprovides advice and recommendations tohelp enterprises address challenges and

potential pitfalls.

15CIO Update: Intrusion Detection

Should Be a Function, Not a ProductIntrusion detection, despite the potentialof intrusion protection, is not obsolete.

Intrusion detection should be incorporatedinto other products instead of being

implemented as a stand-alone product.

17At Random

(continued on page 2)

InSide Gartner This Week Vol. XIX, No. 32 6 August 2003

(continued on page 6)

Management Update:System Integrators Can Contributeto Web Services Project Success

Some enterprises need a system integrator to help implement their Webservices projects. Gartner presents three case studies that illustrate

key attributes that contribute to the success of Web services system integra-tion projects.

Attributes Contributing to Success

Three case studies illustrate system integration project attributes that contrib-ute to success. One common attribute among the three cases is an emphasison understanding business requirements and aligning business and ITstrategies. In addition, the three projects reflect a common theme of opencommunication and teamwork between the system integrator and the client.

2 Inside Gartner This Week

© 2003 Gartner, Inc. and/or its Affiliates. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has beenobtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissionsor inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. Theopinions expressed herein are subject to change without notice. Comments should be e-mailed to: [email protected].

Management Update: System Integrators Can Contributeto Web Services Project Success (continued from page 1)

Strategic Planning Assumption:Through 2005, 50 percent of dealswith external service providers willdeliver higher business value whenan open approach to negotiation andongoing communication are em-ployed (0.7 probability).

Case 1:A Regional Tax Agency

Tactical Guidelines:• An incremental approach to

articulating business processrequirements helps keep projectson track.

• Including key members of theclient’s IT staff on the systemintegration project team will helpensure knowledge transfer.

The Regional Income Tax Agency(RITA) supports more than 90communities in Ohio. It has 100employees and a small IT staff that ismostly skilled in COBOL.

RITA found that adding new com-munities or services was costly andtime-consuming. To address thatissue, the executive director of theagency wanted to create a “virtualagency” that was accessible throughthe Web, and greatly simplify theextension of tax services to newcommunities.

Before the project began, the agencyhad no e-mail or network infrastruc-ture and no external Internet access.The agency’s core application for

revenue collection was a 30-year-oldCOBOL mainframe program thatwas largely undocumented. RITAhad already tried and failed todevelop a new Web-based infrastruc-ture, so it decided to seek help from asystem integrator.

RITA selected BearingPoint as itsconsulting and system integrationfirm from nine bids.• Phase 1 of the project involved

establishing an IT strategy andinfrastructure for the agency.

• In Phase 2, BearingPoint evalu-ated commercial applicationsbefore recommending the develop-ment of a new, Web services-basedapplication suited to RITA’sneeds. This work spanned Janu-ary 2001 through August 2002.

The most significant challenge facingthe project was a lack of understand-ing about the current state of RITA’slegacy systems, because most wereundocumented. BearingPoint walkedthrough each screen in the agency’slegacy system to identify current-state business processes. Workingwith RITA, BearingPoint consoli-dated 45 legacy screens into onescreen or one Web service within thenew system.

RITA had already invested heavilyin training its people on Microsofttechnologies. As a result, a .NETapproach was selected over J2EE(Java 2, Enterprise Edition). Oneissue was whether to use Microsoft

Visual Basic 6.0 or .NET to constructthe new system, because it wouldeventually have to be transitioned to.NET. Ultimately, the joint teamselected .NET.

Spending the time to get everyone onthe same page regarding businessprocess requirements paid off — fewbusiness surprises surfaced in Phase3. Using a blended team also worked,both for requirements analysis andfor knowledge transfer.

Case 2:A Consumer Travel Portal

Strategic Planning Assumption: Byyear-end 2006, 60 percent of e-commerce-powered sales willinclude an interenterprise Web-services-powered connection tofacilitate the transaction’s consum-mation (0.7 probability).

Tactical Guideline: To better alignbusiness objectives with IT, select asystem integrator with a full comple-ment of capabilities, from businessstrategy to implementation.

Société Nationale des Chemins deFer Francais (SNCF) is France’s state-owned railway system. SNCFmanages more than 800 millionpassengers and 135 million tons offreight annually. SNCF made itsinitial foray into e-commerce in 1998.Two years later, the railway decidedto significantly upgrade its obsoletetechnology.

36 August 2003

SNCF was seeking a system integra-tor to help it establish a businessstrategy and an IT solution toexpand its reach in the Europeantransportation market. SCNF hadworked with Accenture on otherprojects and was familiar with itscapabilities in the travel and trans-portation industry. As a result,SNCF engaged Accenture.

The business strategy phase of theengagement spanned March toAugust 2000. Expedia.com wasalready an SNCF alliance partner.Part of the business strategy was therealization that, through collabora-tive integration technology, SNCFand Expedia could share theircustomer accounts and increaserevenue by cross-selling each other’sservices. Once SNCF and Expediaagreed to the new business model,the SNCF-Accenture developmentteam had five months to build anend-to-end solution that would linkthe two companies’ databases andbooking engines together.

The joint development team decidedto use SOAP (Simple Object AccessProtocol) technology supported byBEA Systems’ WebLogic to enablethe sharing of customer accountinformation and cross-sellingopportunities with travel partners.Web services technology allowedSNCF to directly link to Expedia’sbooking engine, enabling its custom-ers to purchase nonrail servicesimmediately without having to leaveSNCF’s Web site, www.voyages-sncf.com (see Figure 1).

SNCF has France’s largest e-com-merce site and the second-largesttravel site in Europe, supporting270,000 transactions a day with aresponse time of less than 2.7seconds 97 percent of the time.Voyages-sncf.com enables travelersto quickly book not only traintransportation, but also air travel,hotel, car rental and other arrange-ments from a single site, where faresand travel costs can be optimized.The new site also provides access toimportant travel and weather

information, as well as an electronichome for a personal profile.

The site generates an incremental$15 million in revenue each monthfor SNCF from cross-selling toExpedia accounts, and it saves $15million a year.

Although Web services expertise wascritical to the project’s success,nontechnical criteria were alsoimportant. In this particular case, theclient wanted a single system

Web Services

• New Customer Account• Update Customer Account• Login

Web Services

Source: Accenture

expedia.comvoyages-sncf.com

Web Services

New CustomerAccount

UpdateCustomerAccount

Login

New CustomerAccount

UpdateCustomerAccount

Login

WebServicesLayout

CustomerAccount

Management

Figure 1Synchronizing Customer Account Information With Channel Partners


integrator for addressing businessstrategy as well as solution designand implementation. Extensiveknowledge of the travel industry,particularly rail travel, was also avery important criterion. In addi-tion, the client sought a largesystem integrator that could handlea high-availability, business-critical solution, and it wanted avendor that had considerable localpresence in France.

Case 3:A City Health Alert Network

Strategic Planning Assumptions: By2005 (0.8 probability):• Identity management solutions

will perform user account andprivilege management functionsfor internal and external users ofWeb and non-Web applications.

• User provisioning solutions will bethe work engines for accountcreation and access rights mapping.

• Extranet access managementsolutions will perform real-timeenforcement of user and transac-tion privileges for Web-basedapplications.

Tactical Guideline: Enterprisesthat have a central integrationcompetency center will be able toimplement some form of centralapplication integration repository.Their development times and costswill be lower than those of enter-prises that do not manage integra-tion metadata centrally.

The City of New York’s Departmentof Health (DOH) wanted to developa Health Alert Network (HAN)

application to mobilize physicians,hospitals, local departments ofhealth, and state, local and federalagencies if a communicable diseaseoutbreak or a bioterrorism eventoccurred.

The DOH selected Dimension Datafrom a pool of 58 system integrators.Dimension Data performed most ofthe work for the project off-site.

The solution integrates a SharePointdocument management system andportal with threaded messaging andonline conferencing. It is integratedwith the DOH’s existing installation ofa broadcast messaging suite for healthalert distribution via phone, fax and e-mail to users of the HAN site.

The site uses Active Directory forauthentication and user profilemaintenance. Custom componentswere developed in Active ServerPages (ASP) and ASP.NET. Othertechnologies used in the systeminclude:• Microsoft’s SharePoint 2001,

Windows 2000 Server, ActiveDirectory and C#.NET

• Akiva’s WebBoard 5.0• Interwise’s Enterprise Communi-

cations Platform• Dialogic Communications’

Communicator• Compaq Computer ProLiant

servers• XML, Extensible Stylesheet

Language (XSL) and XSL Trans-formations

The HAN project was the first on-time, on-budget, enterprisewideproject performed by a system

integrator for the city’s healthdepartment. The HAN supports avariety of interaction styles, includ-ing inbound and outbound alerts,bulletin board and chat functional-ity, and library search capability (seeFigure 2). Users must log directly into the HAN, and subscription is byinvitation only.

The HAN is based on ActiveDirectory, and the Medical ProviderPortal will be supported by NovelleDirectory Portal. As a result, oneof the critical considerations for thesuccess of the project involvedfinding a system integrator skilledin Microsoft and Novell directorytechnologies.

Another important selectionconsideration was to find a systemintegrator that not only had theright skill sets, but that was also ona list of 350 vendors approved atthe state level. Another criticalelement was the system integrator’scapability to use formal andinformal methods to obtain busi-ness requirements and “buy-in”from the agency and a variety ofhealthcare providers, because thissolution represented new ways ofworking for many users.

Bottom Line

• Enterprises embarking on systemintegration projects should expectconstant change.

• The projects described in eachcase study underwent majorchanges in scope, target applica-tions and approaches to projectgovernance.

Management Update: System Integrators Can Contributeto Web Services Project Success (continued)

56 August 2003

• Do not assume that good manage-ment will enable you to controland prevent change in yourproject.

• Establish open-flow communica-tions. A critical success factor in aservice deal is the establishment ofa free flow of information betweenboth parties — and that informa-tion flow must not stop when thedeal is signed.

Written by Edward Younker,Research ProductsAnalytical source: Michele Cantara,Gartner Research

This article is an excerpt of a chapter froma new report, “Harnessing the Power ofWeb Services and Middleware: Building andDeploying Integrated Applications for theAgile Enterprise.” The report is an offeringof the Gartner Executive Report Series, anew business venture of Gartner Press thatprovides buyers with comprehensive guidesto today’s hottest IT topics. For informationabout buying the report or others in theExecutive Report Series, go towww.gartner.com/executivereports.

For related Inside Gartner articles, see:• “Management Update: Web Services

Consulting and System IntegrationMagic Quadrant,” (IGG-07302003-01)

• “CIO Update: Web Services CaseStudies From the Front Lines,” (IGG-07092003-01)

• “CIO Update: Web Services ProviderPlatforms and Delivering Functionalityas a Service,” (IGG-06042003-02)

• “Management Update: SecurityStrategies for Enterprises Using WebServices,” (IGG-05282003-02)

• “Management Update: A ConceptualEvolution, From Process to WebServices,” (IGG-05142003-01)

Source: Dimension Data

Conferencing

•Web Server

•Exchange ConferenceServer

•Exchange Server 2000

Conferencing

•Web Server

•Exchange ConferenceServer

•Exchange Server 2000

Alert Broadcast

•Dialogic

Alert Broadcast

•Dialogic

Document Management

•Web Server

•SharePoint:Document Management

•Data Store

Document Management

•Web Server

•SharePoint:Document Management

•Data Store

Bulletin Board & Chat

•Web Server

•BuzzPower/WebBoard:Bulletin Board & Chat

•SQL Database

Bulletin Board & Chat

•Web Server

•BuzzPower/WebBoard:Bulletin Board & Chat

•SQL Database

Departmentof Health

Other HealthcareWorkers

Departmentof Health

Other HealthcareWorkers

Centers forDisease ControlCenters forDisease Control

HospitalHospital

Departmentof Health

Administrator

Departmentof Health

Administrator

SQL Structured Query Language

Figure 2An Alert Network Supports Multiple Interaction Styles


Remember Murphy’s Law: Ifanything can go wrong, it will —and at the worst possible moment.Why should outsourcing agree-ments be any different? Whileconsiderable work may have goneinto finalizing the deal, once thedeal is done, it takes considerablyadditional effort to manage it into asuccessful relationship.

It all comes down to balance —expectations and results, risks andrewards, success and failure. Risk isinherent in every aspect of thesourcing life cycle. Agreements thatare not balanced will end in failure.

Management and perception of riskdrive the different parties’ motivesand actions. It is not simply a matterof drawing up a contract and livingby it. Most people who have man-aged successful outsourcing relation-ships will tell you it was not thecontract that deserved primarycredit. Sound management practices,mitigation of risk and a focus onensuring that results meet mutualexpectations — operationally andfinancially — are typically the keyfactors that lead to success.

Respect, understanding needs, andshared vision and goals are vital tosuccess. What’s done on a dailybasis — outside of the writtencontract — is critical: Deal manage-ment and sourcing-office capabilitiesare needed to manage and mitigaterisks and help keep both partiesaligned and looking out for eachother’s success.

Managing Strategic Risk

Strategic Planning Assumption: By2005, 75 percent of enterprises thatfail to recognize and mitigate riskthroughout the outsourcing lifecycle will fail to meet their out-sourcing goals because of mis-aligned objectives, unrealizedexpectations, poor service qualityand cost overruns (0.6 probability).

Tactical Guideline: Evaluation andselection of an external serviceprovider (ESP) starts with a clearunderstanding of business needs.Sourcing management drivesperformance that supports theattainment of mutual expectations.

Effective sourcing management isstrategic in its importance, and is thekey to achieving a relationship thatfulfills expectations. As in any long-term relationship, you have to behonest regarding the attainment ofmutual expectations and performanceagainst those expectations, and youhave to continually work at it.

Test the chemistry early, andconsider potential service provid-ers’ ability to react to the need forinnovation to keep the relationshipgrowing. The following are keyconsiderations:• Do you match up well?• Are roles and responsibilities

understood and agreed?• Do you have the confidence that

each party will live up to itspromises and is trustworthy in itsactions?

• Do you have a scorecard formeasuring success?

• Does a means exist to providehonest feedback relative toperformance by each deal man-agement team?

• Can you assess customer satisfac-tion and pricing relative to marketconditions and trends?

If the answer to any of those ques-tions is “no,” you can expect thatmany unresolved issues will crop upthat will give the sense that the dealis not working, and both parties willbecome frustrated and unhappy.

Strategically, significant risk exists ifthe outsourcing strategy is designed to:• Solve short-term business

problems• Atone for poor IT leadership• Correct misalignment and achieve

reconciliation between IT and thebusiness

Managing Tactical Risk

Tactical Guideline: An outsourc-ing contract must be crafted tosustain the business throughmyriad changes.

Tactically, you must build the rightframework for success. Selecting apartner starts with a clear under-standing of a business need andwhat capabilities and competenciesin a provider are necessary to besuccessful.

Selecting a service provider requiresknowledge of the provider’s account

Management Update:Evaluating and Mitigating Outsourcing Risk (continued from page 1)

76 August 2003

Likelihood

Impacton

Business

Rare Unlikely Moderate Likely AlmostCertain

Low

Minor

Moderate

Major

High

Major RiskDevelop detailedrisk mitigation

plans

Moderate RiskIdentify risk

mitigation actions

Minor RiskAccept or ignore

Moderate RiskIdentify risk

mitigation actions

Source: Gartner

team. Identify the members of thisteam and ensure that they areintimately involved during theselection process.• See how they react to pressure and

the need for a flexible approachand innovation.

• Do they take responsibility fortheir actions or do they alwaysneed permission?

• Be clear on your selection criteria.• Ensure that the selection criteria

are tied to attributes necessary tomeet business and performanceobjectives.

In an ideal situation, the outsourcingcontract will be the artifact of thepartnership. It will lay out businessarrangements, performance expecta-tions, governance mechanisms, andorganizational roles andresponsibilities. If craftedwell, it will be a livingdocument designed tosupport the need forconstant business change.At the same time, it shouldhelp reduce the risk ofambiguity by settingexpectations and beingspecific with regard toperformance, cost andcapacity — leading to betterpricing and performance.

Mitigating Risk

Tactical Guideline: Riskmitigation is focused onmoving risks from “major”to “moderate” or “minor”levels.

occurrence and the expected impacton the business. For each major riskidentified, a detailed risk mitigationplan must be created and agreed toby both parties. The risk mitigationplan should lessen the impact ofrealized risk by reducing the fre-quency of occurrence or the impacton the business, or hopefully both(see Figure 3).

Sourcing Scenarios

Tactical Guideline: Consideration ofsourcing scenario risk helps drivethe selection of appropriate servicesfrom the ESP, and mitigates opera-tional and financial risk.

A frequently asked question fromGartner clients is, “How should

Mitigation is defined as “to cause tobecome less harsh or hostile or tomake less severe or painful.”Outsourcing is all about mitigatingrisk. Risks must first be identified foreach expected service. They shouldthen be analyzed according to thefollowing categories:• Business process risk — Can we

manage the business?• Technical deployment risk —

Have we deployed the righttechnical solution?

• Financial results risk — Are wemaking our numbers?

• Economic realization risk — Arewe realizing the expected eco-nomic benefits of outsourcing?

The risks should then be mappedaccording to their likelihood of

Figure 3Risk Mitigation: Assessing Impact and Likelihood


decisions about what to retain andwhat to outsource be made?” Select-ing or retaining service deliverycapabilities poses a considerablechallenges on a number of fronts:planning, operational, financial,management and political.

In assessing the risks of each sce-nario — in-house or outsourceddelivery (see Figure 4) — the follow-ing issues should be considered:• On the planning front, how likely

is, and what are the consequencesof, a failure to deliver the envi-sioned business value from thisscenario?

• On the operational front, howrapidly can this scenario yield therequired results in a reliable way?Does this scenario compromisethe enterprise’s future flexibility,and will it irrevocably removefuture business options?

• Financially, what is the potentialfor costs to exceed forecasts, andby how much? What are thefinancial and business conse-quences of an operational failurein this scenario, and can they bemitigated?

• From a management perspective,how is the level of managementcomplexity affected by this

scenario, and could that complex-ity become unmanageable? Ifskills or knowledge are excised ortransferred to another party, arethey irrecoverable?

• What political barriers hold thepotential to compromise theviability of this scenario, and canthey be mitigated?

Action Item: Ensure that thedecision model for selecting amongscenarios takes full account of therisks inherent in the organizationtoday and in its envisioned futurestate.

Management Update:Evaluating and Mitigating Outsourcing Risk (continued)

Low High

Business Value Failure

Low Speed to Operation

Lack of Cost-Effectiveness

Operational Failure

Political Resistance

Inhibited Future Flexibility

Management Complexity

Low High

DevelopApplications

Internally

ApplicationsDeveloped by aService Provider

Source: Gartner

Risk Categories

Figure 4Sample Risks by Sourcing Scenario

96 August 2003

Risk Reduction Strategies

Tactical Guideline: As part of therisk review program, the sourcingmanagement team must continuallyassess the effectiveness of individualmitigation strategies and theiroperational, financial and manage-rial effects, as well as the applicationof lessons learned.

When evaluating risk mitigationstrategies, start with an assessmentof the clarity of outsourcing objec-tives. Often, the true objectives arelost in the construction of the deal. Inthe drive to get the deal done, losingsight of objectives and the gover-nance mechanisms necessary tosupport the deal can negatively affectthe development of a performance-based outsourcing contract.

You have to assess whether theproposed service levels support thebusiness and mission priorities.• Have all alternatives been ex-

plored and the contingenciesaddressed?

• What changes in process andgovernance are required toimprove the success rate?

In developing a performance-basedcontract, performance metricsembodied in service-level agreementsshould provide an appropriatelinkage of business and operational

results with performance achieve-ment, and include penalties forfailure to meet agreed service levels.Performance attributes should bemeasured in the areas of processes,costs and client satisfaction, withappropriate trend analysis.

Capacity controls that affect costlevers must be understood by allstakeholders, as well as the impacton outcomes — either operationallyor financially. Assets must beprotected. Points to consider include:• Does the ESP have an adequate

asset management plan?• Does a secure infrastructure

environment exist? Will it supportthe applications load?

• Does a tested business continuityplan exist?

• Does a knowledge managementplan exist to capture and transferprocesses?

• Are lessons learned applied?• Does the deal management team

know where the program needs togo from here?

Bottom Line

• Examine delivery alternatives andtheir inherent risks, and developrisk mitigation strategies toimprove the odds of success.

• Ensure that the decision model forselecting among scenarios takesfull account of the risks in the

organization today and in itsenvisioned future state.

• Look beyond the standard contractterms and conditions to develop therules and guidelines for managingcomplex relationships.

• Critically evaluate the maturityand complexity of new serviceofferings. Risk management iscritical in any evaluation ofsourcing options.

• Integrate risk management intodaily sourcing managementpractices, because risk manage-ment and mitigation are never-ending processes.

Written by Edward Younker,Research ProductsAnalytical source: Jim Murphy,Gartner Consulting

This article is an excerpt of a chapter froma new report, “Successful IT Outsourcing:Strategies, Tactics and ManagementApproaches for Effective Strategic Sourc-ing.” The report is an offering of the GartnerExecutive Report Series, a new businessventure of Gartner Press that providesbuyers with comprehensive guides totoday’s hottest IT topics. For informationabout buying the report or others in theExecutive Report Series, go towww.gartner.com/executivereports.

For related Inside Gartner articles, see:• “CIO Alert: U.S. Offshore Outsourcing

Leads to Structural Changes and BigImpact,” (IGG-07232003-01)

• “Management Update: The Road toSuccessful HR Business ProcessOutsourcing,” (IGG-07162003-02)

• “Management Update: The HR BusinessProcess Outsourcing Market IsBooming,” (IGG-07092003-02)


Management Update:Network Managed Services Gain in Popularity

Sourcing the management ofenterprise network infrastruc-

tures to third parties is gainingpopularity because the viability ofinnovative solutions is growing.However, using network managedservices solutions has challenges andpotential pitfalls. Gartner providesadvice and recommendations.

Managed Services OfferingsAre Emerging

A stable network provides thecommunication gateway needed forenterprises to be profitable, to meetgoals and objectives, and to sustainsuccessful business operations.Foremost among the new offeringsfor network operations and manage-ment are remote monitoring andmanagement, or “managed services”offerings. Besides offering continu-ous network management, remotelyor on-site, managed services providethe problem notification and perfor-mance reporting vital to maintaininga reliable network, and to planningfor future strategic development andnetwork expansion needs.

Network managed services solu-tions, however, have challenges andpotential pitfalls. One enterprise’sperformance increase may beanother’s budgetary “black hole.”Focus, research and negotiatingskills are needed to secure the rightsolution. Enterprises will navigate amorass of potential offerings indetermining the following:• The network segment that most

requires external intervention (forexample, local- or wide-area

networks, or on-premises voiceinfrastructures)

• The types of providers best-suitedto perform the requisite servicesand adhere to required servicelevels (for example, systemintegrators, outsourcers, carriersor manufacturers)

The Casefor Managed Services

Strategic Planning Assumption: By2005, more than 50 percent ofenterprises will source the operationand management of premisesnetwork infrastructure to externalservice providers, or ESPs (0.7probability).

A number of business and economicpressures are, in some cases, squeez-ing the network manager and, inother cases, expanding the networkmanager’s role and budget.

Networks are under increaseddemand from Internet, intranet, e-business and supply chain initia-tives that connect the enterprise toexternal suppliers and customers.Network managers must optimizethe use of their infrastructures andplan for the successful deployment ofnew applications.

Networks are experiencing chaotic,unpredictable and changing trafficpatterns to and from other enter-prises, as well as within the enter-prise. Larger numbers of remoteusers require access to corporateresources, and those users areexperimenting with new handheld,cellular and wireless devices.

The complexity of networkingtechnology continues to increase,and higher-speed bandwidth isbecoming available at lower prices.At the same time, increasing vendorturmoil triggered by new vendors,mergers, acquisitions and bankrupt-cies makes investment decisionsmore difficult.

Business managers now scrutinizethe enterprise network as a strate-gic corporate asset. Networkmanagers must report on networkservice levels and return on invest-ment (ROI) in terms that can beunderstood by business managers.Business managers are choosing tooutsource services when networkmanagers fail to deliver on service-level agreements (SLAs).

Action Item: To help identify the bestmanaged-services solution, identifythe pressures that are leading theenterprise to consider the use of athird party to manage its networks.

Network Managed ServicesDefined

Tactical Guidelines:• The end of the “hands-and-feet”

model for ESPs is approachingrapidly. Enterprises can expectnetwork and infrastructuremanaged-services offerings todominate the market.

• Enterprises must understand howwell the managed-service provider(MSP) can work with internalsupport staff and external mainte-nance and professional-serviceorganizations.

116 August 2003

Network managed services deliver operations andmanagement capabilities for networks over anetworked connection, using a pay-as-you-go model.

Frame Relay

CentralSite

SecureServicesGateway

InternetRouter

BranchSite

InternetNetwork

ManagementServersVendor

NOC

DMZ LAN

CommunicationsServer

MediaGateway

Router

DataSwitch

LAN local-area networkNOC network operations centerSource: Gartner

DMZ demilitarized zoneFRAD frame relay assembler/disassembler

Hub

Switch

FRAD

Figure 5What Are Network Managed Services?

Managed services are externallyprovided operations and manage-ment capabilities provided over anetworked infrastructure, using amonthly subscription model, ormonthly recurring charge (seeFigure 5).

MSPs offer the ability to increaseavailability, improve system effi-ciency and reduce deployment risksthrough proactive monitoring ofinfrastructure — and to increasenetwork efficacy through deliberatechange management processes and

methodologies. An MSP can providemanagement services for security,network elements and appliances,databases, servers, storage, applica-tions, and application transactions.

The services provided by MSPs fallwithin three functional areas:• Monitoring• Automated operations• The active administration of

devices

Managed services are dynamicofferings that use people, processes

and technology to manage thenetwork while striving to reducenetwork management costs. MSPsuse a standard fault isolationmethodology and problem resolutionoperating procedures to respond tonetwork events. That ensuresconsistent, reliable service. Themethodology is generally outlined indetail in SLAs.

The primary objectives of managedservices are to provide enterpriseswith increased network availability


and reliability by offering servicessuch as:• Network event data collection and

notification, to enable responsive-ness to critical network problems

• Fault isolation and problemmanagement, delivered on a 24x7or as-needed basis

• Performance reporting to high-light network traffic trends andexpansion needs

• Asset reporting, which capturesvital management informationbase data for easy componentconfiguration reference

• Web interfaces for accessingnetwork performance, asset andproblem status reports

• Configuration managementservices to provide networkwideconfiguration changes

• Software management services todeploy software updates or newsoftware on a networkwide basis

• Change management to ensurethat only customer-authorizedchanges are implemented

• Service managers, who act as theprimary point of contact for eachcustomer with respect to accountand program management tasks,to ensure that all deliverables aremet and to achieve customersatisfaction

Action Item: Consider trial deploy-ments with MSPs focused on trouble-some segments or regional locations.

Growing Importance

Strategic Planning Assumption: By2006, the leading providers of

managed network infrastructure andtelecommunications solutions will besystem integrators and outsourcers,not carriers (0.8 probability).

Tactical Guideline: Networkmanaged services represent anopportunity to migrate from stan-dard sourcing contracts that are upto 80 percent fixed costs and 20percent variable costs.

The managed-services market wasnot born yesterday. Many carriers,system integrators, outsourcers andmanufacturers have been offeringthese management services at somelevels for almost 10 years. Manufac-turers, such as private branchexchange vendors, have long offereddial-in diagnostics, including some

Management Update:Network Managed Services Gain in Popularity (continued)

Source: Gartner Dataquest

35%

50%

51%

66%

0% 20% 40% 60%

Help Desk

SecurityManagement

RemoteManagement

Monitor andReport

Most Important Services Used asPart of the Network Sourcing Strategy

1.652.3

3.4

1

3

5

7

2000 2001 2002

Importance of Monitoring and ManagementServices in the Overall IT Sourcing Strategy

1 = No Importance 7 = Extremely Important

(151 survey respondents)

Figure 6The Growth in Network Managed Services

136 August 2003

software or change manage-ment capabilities.

Unfortunately, those ser-vices were generally focusedon the manufacturer’s ownhardware. The lack of realmultivendor monitoring andmanagement capabilitieshampered market credibility,because most enterprises donot manage single-vendorenvironments. Security wasalso a major inhibitor to theadoption of those services.

However, more and moreenterprises see those ser-vices as an offering that willbecome more important totheir efforts to stabilize theIT environment (see Figure6). In a recent survey ofenterprises that sourced orplanned to source the managementof some portion of their network froma third party, more than 50 percent ofrespondents indicated that they use,or plan to use, monitoring or remotemanagement for their networkoperations.

Action Item: When evaluating anMSP, look to case studies andreference accounts to determine theeffectiveness of its offering and itstrack record.

Risk Reduction

Strategic Planning Assumption:Through 2005, the greatest benefitoffered by MSPs will be the reductionof risk, not cost (0.8 probability).

Tactical Guideline: Enterprisesconsidering MSP alternatives shouldforce the implementation costs andrisks to the MSP itself, and shouldjustify the MSP alternative throughthe benefits of risk reduction.

As resources to build and manage thenetwork become scarcer, risks growfrom reduced internal head count andcapability to support the networkenvironment. Risk associated withnew infrastructure or applicationsalso becomes intolerable.

The deployment of network andsystems management (NSM) tostabilize the IT infrastructure is alsofraught with risk — both opportu-nity- and cost-based. The risks can be

shifted from the enterprise by usingan MSP (see Figure 7).

Software vendors create the require-ment for an incredible capital outlaysimply to purchase the right to usethe software. With the MSP model,neither a capital expenditure nor anydepreciation issues or maintenancecosts are associated with NSMsoftware purchases. In most cases,no hardware acquisition costs occur,either.

But it is in deployment or implemen-tation areas that MSPs really mitigatethe largest and most costly risk.Software vendors often fail to pointout the costs of implementation,which significantly exceed the

No Capital Outlay

Impact Is Organizational

Lower Entry: “Pay as You Go”

Utility-Based Service

Managed-Service Promise

Implementation Burdenon the MSP

Structured Processes

Sticker Shock

ImplementationFailure

Vendor Lock-In

Enterprise Risk

InadequateImpact Analysis

Cost of Capital

IT Anarchy

Source: Gartner MSP managed service provider

Figure 7Shifting the Risk Away From the Enterprise


purchase price (some solutions aresix times more expensive to imple-ment than to purchase), and the veryreal possibility exists that thesoftware may not be implementedsuccessfully. This is, in fact, thelargest savings opportunity thatMSPs offer.

Potential Benefits

Tactical Guideline: Enterprisescannot measure the unknown. Animportant part of the networkmanaged services provisioningprocess is an audit to determineweaknesses in architecture andprocess at the front end, as a “for-fee” engagement.

Although IT environments differdepending on the size and thevertical sector of the organization,customers of MSP services have beenable to quantify consistent dataregarding their advantages.

Gartner conducted in-depth inter-views of 10 enterprises — repre-senting a range of large and mid-size businesses — to determine thesavings and other benefits theyachieved through their use of MSPservices. The 10 reference accountsprovide solid insight into thepotential benefits of networkmanaged services.

“Hard benefits” that the enterprisesreported include:• Reductions in capital and operat-

ing expenditures (ranging fromthousands to millions of dollars)

• Accrued an average of $250,000worth of benefits per year fromimproved availability

• An average 85 percent reductionin critical faults, and 65 percentreductions in total faults

“Soft benefits” reported include:• Increased customer satisfaction• Improved change management

effectiveness and efficiency• Predictable performance and

support costs

The enterprises also providedcautionary information regardingbest practices for “managing themanagers” of their networks.

Action Item: When qualifying poten-tial MSPs, require them to quantifycritical metrics on costs, operationsand network performance.

Bottom Line

• The managed-service industryremains fairly new as a widelyadopted IT service architecture.

• However, real benefits can beachieved if the service, provider

and internal teams are structuredand managed appropriately.

• Enterprises must understand theintegration issues posed bymanaged services — people,processes and tools.

• Enterprises should recognize thatthe managed-services market isvery immature, but that it repre-sents the future of networkmanagement solutions.

Written by Edward Younker,Research ProductsAnalytical source: Eric Goodness,Gartner Research

This article is an excerpt of a chapter froma new report, “Successful IT Outsourcing:Strategies, Tactics and ManagementApproaches for Effective Strategic Sourc-ing.” The report is an offering of the GartnerExecutive Report Series, a new businessventure of Gartner Press that providesbuyers with comprehensive guides totoday’s hottest IT topics. For informationabout buying the report or others in theExecutive Report Series, go towww.gartner.com/executivereports.

For related Inside Gartner articles, see:• “CIO Alert: U.S. Offshore Outsourcing

Leads to Structural Changes and BigImpact,” (IGG-07232003-01)

• “Management Update: The Road toSuccessful HR Business ProcessOutsourcing,” (IGG-07162003-02)

• “Management Update: The HR BusinessProcess Outsourcing Market IsBooming,” (IGG-07092003-02)

Management Update:Network Managed Services Gain in Popularity (continued)

156 August 2003

CIO Update:Intrusion Detection Should Be a Function, Not a Product

Intrusion detection’s permanentplacement in the Trough of

Disillusionment of the GartnerHype Cycle for Information Secu-rity does not mean that it is obso-lete. Intrusion detection should beincorporated into other productsinstead of being implemented as astand-alone product.

A Flood of Questions

In “Hype Cycle for InformationSecurity, 2003” (R-19-9974), Gartnerstated that “intrusion detectionsystems are a market failure. Vendorsare now hyping intrusion preventionsystems, which also have stalled.The functionality is moving intofirewalls, which will perform deeppacket inspection for content andmalicious traffic blocking, as well asantivirus activities.” Although thisstatement was supported by recentresearch, it generated a barrage ofquestions from Gartner clients.

Should I simply not try todetect network intrusions?

You should continue to detectintrusions. However, you shouldn’tinvest in stand-alone, network-basedintrusion detection systems (IDSs).Network-based IDSs suffer from twomajor shortcomings:• Too many “false alarms” occur.

Without extensive, continualtuning, network-based IDSsgenerate thousands of alerts forevery actual attack detected.

• They don’t work at wire speeds.Most network-based IDS productsdon’t detect attacks in real time,

and they can’t handle the highspeeds of internal networks.

The first shortcoming has causedenterprises to abandon their IDSinvestments, outsource monitoring tomanaged security service providersor invest in security managementproducts to plow through falsealarms to detect actionable events.The second shortcoming means thatthe IDS is purely reactive — it detectsattacks that have already hit theirtargets by the time security staffresponds to the alarm.

Have IDS vendors improvedIDS accuracy andperformance?

IDS vendors have slightly improvedfalse-alarm performance compared tofirst-generation systems. However, afundamental flaw exists in IDSvendors saying that they have solvedthe false-alarm problem and can runat wire speeds. If they can detect realattacks with high accuracy, and doso at wire speeds, why just sound thealarm — why not block the attack?

Although the false-alarm andperformance problems primarilyhave been associated with network-based IDSs, host-based IDSs alsomust move toward “more blocking,less alarming.”

Should I block networkattacks if, by doing so, I riskdisrupting legitimate traffic?

The two most widely used securityproducts are firewalls and antivirus

products. Both block attacks. Becausenetwork-based IDSs have terriblereputations for producing falsealarms, enterprises likely will notbelieve that their IDS products willstart blocking attacks. However, by2006, most enterprises will performintrusion detection as part of firewallprocessing with next-generationfirewalls.

The three classes of events are:• High-confidence normal traffic —

allow to pass• High-confidence attack traffic —

block• Unidentified traffic — log or alarm

(intrusion detection)

Firewalls already perform this typeof processing, although mostly at thenetwork protocol level. Web applica-tion firewalls and other deep-packet-inspection-based products havebegun to perform this processing atthe application level. There havebeen enough advances in algorithmsand high-speed network securityprocessors to enable next-generationfirewalls to perform network intru-sion detection and blocking at alllayers of the protocol stack. Matureproducts will ship in 2005.

If I depend on the firewall forintrusion detection, isn’t thatlike saying that automobilesdon’t need car alarmsbecause the locks will keepout thieves?

If car alarms went off 10 times perminute and only issued real alarmstwo hours after the car was actually


stolen, then we would say that caralarms were a market failure. IDSsmust improve their performance to beuseful. If performance improves, IDSscan be used to block attacks. Firewallswill absorb the functionality.

Should I use an IDS on internalnetworks to detect attacksthat don’t come through thefirewall?

Most internal attacks consist ofauthorized users taking unautho-rized actions or otherwise abusingtheir privileges. Network-based IDSsystems don’t detect this type ofactivity. Network IDS sensors candetect internal hacking events, butthese comprise less than 5 percent ofthe “insider” problem.

IDSs can be useful on internalnetworks to discover “rogue”servers, or servers that have suspi-ciously changed their behavior.However, the cost of configuringinternal networks with IDS sensorsis not much higher than placing in-line firewalls at the same points. Asthe technology matures, the perfor-mance and pricing of next-genera-tion firewalls will allow internalintrusion detection to be performedas part of network zoning efforts thatcan greatly reduce the impact ofworms and other blended attacks.

Using firewalls to deny orallow application-levelconnections will requiremany rules on the firewall.Are firewall performance and

security degraded when rulesets get large and complex?

Enterprises require extensivetuning of the network-based IDSs touse them effectively. These tuningactions are essentially securitypolicy rules that determine what isallowed or denied (where denialmeans issuing an alarm), similar towhat a firewall does. Therefore, anyapplication-level security approachwill require more rules than simplenetwork-protocol-based securitycontrols.

Next-generation firewalls canimplement complex rule sets at wirespeeds. Leading products willprovide user interface and manage-ment capabilities to support enter-prise security needs.

What should I do with mycurrent or near-term IDSdeployments before next-generation firewalls areavailable?

• Abandon plans for “IDS every-where” deployments. Use yourIDS investments to focus on trustboundaries (directly insidefirewalls) and LAN segments thathouse high-value servers.

• Purchase security managementproducts — see “CIO Update:Gartner’s IT Security ManagementMagic Quadrant Lacks a Leader,”(IGG-04092003-04) — to performIDS alarm data reduction andcorrelation to firewall and vulner-ability assessment logs, oroutsource IDS monitoring tomanaged security service providers.

• Redirect network-based IDSfunding to host-based intrusionprevention on high-value servers,and to automated vulnerabilityassessment and remediationprocesses and products.

Written by Edward Younker,Research ProductsAnalytical sources: John Pescatore,Richard Stiennon and Anthony Allan,Gartner Research

Gartner has published a new report thatincludes material on intrusion detection andprevention, “Securing the Enterprise: TheLatest Strategies and Technologies forBuilding a Safe Architecture.” The report isan offering of the Gartner Executive ReportSeries, a new business venture of GartnerPress that provides buyers with compre-hensive guides to today’s hottest IT topics.For information about buying the report orothers in the Executive Report Series, go towww.gartner.com/executivereports.

For related research, see:• “CIO Update: Enterprise Firewall Magic

Quadrant for 1H03,” (IGG-07022003-02)• “CIO Update: IT Security Management

and Gartner’s Magic Quadrant,” (IGG-06252003-02)

• “CEO and CIO Update: Establish a StrongDefense in Cyberspace for InformationSecurity,” (IGG-06182003-02)

• “Management Update: What You ShouldKnow About the Antivirus Market,”(IGG-06112003-02)

• “CIO Update: Enterprise SecurityMoves Toward Intrusion Prevention,”(IGG-06042003-03)

• “Four Paths to True Network Security,”(COM-20-0571)

• “Defining Intrusion Prevention,” (TU-20-0149)

• “Deep Packet Inspection: Next Phase ofFirewall Evolution,” (T-18-0340)

• “Network Security Platforms WillTransform Security Markets,” (M-18-6519)

• “Intrusion Prevention Will ReplaceIntrusion Detection,” (T-17-0115)

CIO Update:Intrusion Detection Should Be a Function, Not a Product (continued)

176 August 2003

At Random

Microsoft Security Flaws Highlight Urgent Need for Personal Firewalls. On 9 July 2003, Microsoft issued three newsecurity alerts that identified critical vulnerabilities in the Windows operating system and Windows-basedapplications.

In little more than six months of 2003, Microsoft has issued 12 critical vulnerability alerts — more than half inthe past 90 days alone — that require enterprises to patch every Windows-based PC. Most hacker attacks focuson Internet-exposed servers, but the growing use of corporate desktops on broadband connections means thatcorporate PCs, particularly laptops used by remote workers, are more exposed to direct Internet-based attacks.Many of the recently identified vulnerabilities lend themselves to mass exploits via HTML-formatted e-mail,making unsophisticated, scripted attacks likely. Deploying the number of patches required by the Microsoftvulnerabilities to every corporate PC may take an enterprise six months or longer, and 18 months is not unusual.Moreover, Gartner believes that more Microsoft desktop vulnerabilities will be discovered in the immediatefuture.

System administrators should ensure that, at a minimum, every laptop in use — ideally every PC — has apersonal firewall that limits exposure to Internet connections and keeps unauthorized executables from run-ning. Internet Connection Firewall, built into Windows XP, is not sufficient because it blocks only incomingconnections. Enterprises should also implement URL blocking products at the corporate firewall that maintainblacklists of URLs known to lead to sites that attempt to exploit these vulnerabilities.

Analytical source: John Pescatore, Gartner Research

MCI’s Future Remains Secure Despite Multiple Concerns. On 7 July 2003, MCI lowered its revenue and earningsforecast for 2004 to 2006 due to increased competition in consumer and small and midsize business markets,along with new federal mandates such as do-not-call lists. On 7 July 2003, a U.S. District Court approved MCI’sagreement with the Securities and Exchange Commission (SEC) to settle civil fraud charges. MCI will pay a fineof $500 million in cash and $250 million in stock to a court-appointed distribution agent who will disburse thecash and stock proceeds to shareholders. The final settlement increases the amount MCI will pay by $250million.

MCI customers continually ask Gartner whether the carrier remains viable because they keep hearing bad news.Gartner believes that despite many challenges, MCI will emerge from Chapter 11 bankruptcy proceedings in2H03 largely intact and with a viable business. Here’s why:• MCI expects almost 25 percent less profit in 2006 than it did before. Under its more realistic revised fore-

cast, MCI would generate more than $4 billion in annual profit on revenue of $25 billion.• The good news in the SEC settlement is that the courts have now approved it and removed yet another

uncertainty from MCI. Probably the company will reach other out-of-court settlements (for example,with WorldCom shareholders). After it settles all these cases, MCI will likely still have more than $1billion in cash.

• Some political forces want to cancel federal contracts with MCI or block it from bidding on future work.These contracts represent more than 5 percent of MCI’s revenue. Predicting the outcome of complex politi-cal proceedings is difficult. Nevertheless, Gartner expects that MCI will feel a relatively minor impact.

• MCI will continue to address manageable business challenges, including the need for a complete wirelessstrategy, capital expenditures that will likely be higher than expected, controlling discounts to keep pricingconsistent, and consolidating its many business systems.


Gartner’s advice remains unchanged:• Consider MCI, especially for voice and data transport and interesting value-added services such as MCI

Advantage• Scrupulously watch service levels and review service-level agreements — tighten them where necessary• Expect MCI to divest a few more businesses, such as Skytel paging• Follow developments closely• Consider “out” clauses for contracts to protect you in worst-case scenarios• Nurture multiple providers, especially for critical facilities, to make switching providers less painful in

case it becomes necessary• Develop contingency plans (no matter which carriers you use)

Analytical sources: Jay Pultz, Eric Paulak, David Neil, Alex Winogradoff and Ron Cowles, Gartner Research

Challenges Will Likely Limit the Digital Signature Effort of Adobe and IBM. On 10 July 2003, Adobe Systems andIBM announced that Adobe’s Acrobat 6.0 would link with IBM’s Embedded Security Subsystem. Documentscreated in Adobe’s Portable Document Format (PDF) on IBM’s ThinkPad notebook and ThinkCentre desktopPCs can be signed with a digital signature.

This announcement furthers Adobe’s plans to capitalize on the trend to automate business processes involvingforms. In 2002, Adobe gained great potential strength in e-signed forms with the purchase of Accelio (formerlyJetForm). In April 2003, Adobe announced an XML-based document architecture for Acrobat 6.0 and AdobeReader that will facilitate automatic e-form processing. Now, Acrobat 6.0 will enable authors and recipients toadd digital signatures to a document in PDF. Also, for users that have public-key infrastructure (PKI), Acrobatcan certify a document created in any application once the document has been converted to Adobe PDF.

E-signatures — digital signatures are the most secure type — provide the several benefits. They make documentprocessing more efficient while reducing paper; they speed transactions and reduce costs, and they verify thesource and integrity of the document, thereby reducing fraud. However, adding e-signatures to documents isn’tas simple as buying a technology such as Adobe and IBM offer. The United States and other countries havetechnology-neutral laws that leave the choice of signature technology to the individual company, and the use ofthese signatures has not yet been tested in court. The U.S. E-Sign Act specifies that e-signed documents can’t beused for certain critical, time-sensitive notifications due to the possibility of a message being lost in e-mail. TheE-Sign Act also requires companies to provide paper copies of documents for transactions if consumers wantthem. As with hardcopy documents, some e-signed documents must be filed properly for legal purposes andarchived permanently, and methods for archiving e-signed documents haven’t been established. Until the legalsystem and IT vendors address these challenges, documents with digital signatures will have limited uses.

Companies should evaluate products or transactions using e-signatures carefully. Before considering a signa-ture product, determine what types of in-house and external documents require an original signature, the degreeof sensitivity of the documents requiring signature, which type of signature technology would best suit thesedocuments, and how much will it cost to implement such a technology.

Analytical source: Kristen Noakes-Fry, Gartner Research

At Random (continued)

196 August 2003

EDS’s Direction Starts to Come Into Focus. On 8 July 2003, COO Jeff Heller stated that EDS would not sell its man-agement consulting group, A.T. Kearney, and its software development group, Product Life Cycle Management(PLM) Solutions. On 11 July 2003, EDS announced an agreement with Fiserv, which plans to acquire EDS’sCredit Union Industry Group.

With these two announcements, EDS’s direction is taking shape. At an 18 June 2003 meeting, CEO MichaelJordan unveiled a “road map” for recovery and said that EDS would focus on its core assets — but offered fewconcrete examples of its plans. Because EDS’s services strategy was not made clear, it remained unclear whichof the company’s many units EDS considered “noncore” and therefore would put up for sale.

Gartner believes that the unit EDS will sell to Fiserv fits EDS’s definition of what the company considers“noncore assets.” EDS’s inclusion of credit unions in its solutions portfolio was unusual. Its competitors in ITand business process outsourcing — IBM, Accenture and Computer Sciences — consider the small to midsizebusinesses that comprise the credit union market too small to target profitably with vertical solutions.

By contrast, EDS will likely not divest itself of A.T. Kearney or PLM; its announcement affirms the company’scommitment to customers of these units. EDS did not release any specific figures on A.T. Kearney’s business, butHeller did note that PLM has generated $1 billion in “pull through” revenue for the rest of the company, a figuresupporting its stated commitment to PLM.

Customers of EDS’s Credit Union group should receive comparable or better service from Fiserv. They maybenefit from Fiserv’s strategic focus on core banking systems and processing as well as from its expertise inworking with smaller companies. If you rely on EDS consulting services from A.T. Kearney or use PLM software,you will benefit from staying the course and maintaining your relationship with EDS.

Analytical sources: Lorrie Scardino, Susan Cournoyer and Marc Halpern, Gartner Research

Carriers Should Help the FCC’s New Office of Homeland Security. On 10 July 2003, the Federal CommunicationsCommission (FCC) announced the creation of an Office of Homeland Security.

The new Office will likely enforce a stricter compliance with the Communications Assistance for Law Enforce-ment Act (CALEA), E911 and other mandates. Under CALEA, for example, carriers must enable the FederalBureau of Investigation (FBI) and other law enforcement agencies to monitor the network activities of thoseunder surveillance.

Complying with CALEA involves a variety of challenges. However, industry involvement in the development ofcompliance processes and standards preferable to the government developing them or mandating them by law.The new office will provide the venue for such developments. Moreover, Gartner believes the present complianceregime will not provide law enforcement and other government entities with the capabilities they expect,primarily due to the lack of a standardized approach. Without proactive industry involvement, in the nextnational emergency, when the FBI wants to track suspects’ e-mail or emergency responders want to communi-


At Random (continued)

cate, some carriers will likely not be able to help. The public and political leaders will likely then impose evenmore stringent requirements on carriers. Finally, industry has much greater sensitivity to customers’ privacyand security needs and has a role to play in assuring that government solutions do not backfire politically.

Gartner’s recommendations are:• Regulators: The FCC should examine how its own rules affect homeland security. For example, to spur

local telecom competition, incumbent carriers must allow competitors to co-locate equipment in centraloffices and in underground conduit systems. Since many states have lax carrier certification requirementsand some competitive carriers use contract workers, this rule leaves central offices and outside plantfacilities vulnerable to sabotage.

• Carriers: Carriers should cooperate proactively with the new office. In the end, carriers will have to providethe capabilities that CALEA, E911 and other mandates demand and in a uniform manner. Those imple-menting new technologies to make network traffic more visible may also be able to offer new services tocustomers.

• Vendors: Network equipment vendors should seize this opportunity by offering products and services tomake compliance less painful for carriers.

• Enterprises: Enterprises could be involved in providing information that will be transmitted via communi-cations systems during a national emergency. Also, depending on how their carriers react, networkservices and investments could increase or decrease.

Analytical source: Ron Cowles, Gartner Research

Grand Central Communications Appoints New CEO and Shifts Priorities. On 9 July 2003, Grand Central announcedthat founder and chairman Halsey Minor has become CEO. Minor replaces Craig Donato, who served aspresident and CEO since 2001 and who will leave after a short transition.

In 2001, Grand Central launched the world’s first Web services network. As CEO, Donato introduced someinnovative service enhancements, such as deferred Web services queuing and Contivo-based, on-networktransformation. But under him the company did not attract large trading communities or network volume.

216 August 2003

Minor believes that Grand Central’s solution is “already feature-rich enough” and plans to refocus on sales andmarketing. Gartner believes that this shift in focus is appropriate — and timely. Several leading U.S. traditionalelectronic-data-interchange value-added network (VAN) vendors will likely announce new Web servicessolutions within the next few months. Grand Central therefore needs to move quickly to close some major deals,grow network volume and establish itself as a long-term concern in the managed network service market.

In a post-Internet-bubble IT world that considers viability a top concern, not many operators will survive theinevitable VAN shakeout. With its well-focused, technically viable and competitively priced Web servicesnetwork, Grand Central still has the differentiation to close enough deals to emerge from the VAN turmoil.Minor, an IT industry veteran, has succeeded before in Internet businesses: He founded CNET as chairman andCEO in 1992 and built it into a $250-million-a-year company. He will rightly refocus Grand Central on sales andmarketing. But with time short, he must build the company quickly, lest it be overtaken by his quickly evolvingcompetition.

Consider Grand Central when:• You wish to outsource your Web-services-based trading exchange.• You need to “onboard,” or enlist, many trading partners. Grand Central can accelerate the onboarding

process, help deal with heterogeneity in protocol and data requirements, and provide a single point ofmanagement.

• You are a Type A (risk-tolerant) enterprise and seek an innovative, price-competitive alternative to tradi-tional VANs.

Consider alternatives when:• You wish to “insource” your Web-services-based digital trading exchange.• You need to onboard only a few, trusted trading partners (in this scenario, consider transaction delivery

network software or Web services-enabled brokers).• You are a Type C (risk-averse) enterprise seeking long-term viability, and your VAN provides Web services

support (most don’t yet, but some will soon).

Analytical source: Benoit Lheureux, Gartner Research


The Industry-DefiningConference in CRM

Gartner CRMSummit Fall 2003

September 8-10, 2003Los Angeles, Calif.

Westin CenturyPlaza Hotel & Spa

Rated the “MostInfluential of All

CRM ResearchTeams” in 2001 and

2002 by RealMarket survey

The Gartner CRM Summit is the one place where you willhave firsthand access to:

• The best independent view of where CRM is headingfrom industry leaders and Gartner’s top 30 CRM researchanalysts.

• Keynote Speakers: Professor N. Venkatraman andDon Peppers.

• The trailblazing companies in CRM — including the sixfinalists of the Gartner CRM Excellence awards. You’llhear their highly instructive case studies on what’sworking in CRM today.

• More than 60 sessions and an expanded vertical industrycoverage with more sessions on government, financialservices and many other industries.

• More case studies and best practices from astuteenterprises that are doing CRM right — and reapingsignificant rewards.

• Next generation CRM: Explore innovative technologiesthat will elevate pioneering companies to the next level of“customer experience” excellence.

Professor N. Venkatraman is a leading authority on strategyand technology. His keynote presentation “Opportunities inthe Networked Era” will explore his vision of the future of CRM— an era that promises to transform customer, citizen, andpartner relationships for those with vision and techno-savvy.

Don Peppers is an acclaimed author and founding partnerof the Peppers and Rogers Group, the world’s leadingcustomer-focused management consulting firm. Hisperspective on global business practices has earned him areputation as one of the leading authorities in CRM.

• The top CRM technology vendors will be on hand foryou to test-drive their solutions and find out aboutexciting, emerging and next-generation CRM technologies.

To register, or for further information,call 1-800-778-1997 or +1-203-316-6757,or visit www.gartner.com/us/crm

Management Update: System Integrators Can Contribute to ... · Three case studies illustrate system...

Documents

Transcript of Management Update: System Integrators Can Contribute to ... · Three case studies illustrate system...