|
The evolution of business process outsourcing architecture leads to more efficient operations
 Hello again, Sun Inner Circle readers — it's Bob Worrall with my year-end column. Allow me to conclude 2007 with a subject familiar to regular readers — how IT can improve operational efficiency.
At Sun, we're improving operational efficiency by engaging with business process outsourcing, or BPO, providers. These vendors are vitally important in helping Sun concentrate on pioneering new technologies as they perform traditional business tasks necessary for running a corporation.
As we've learned, a robust IT architecture is a major contributor to successful BPO engagements. To give you an idea of Sun's approach, I spoke with Bruce Hoiem, Sun's director of IT architecture for User Services and Integration. Bruce's experience gives him unique insights into how to develop scalable and repeatable IT architectures for BPO engagements.
What follows are some highlights of our conversation, which I think you'll find valuable in your own BPO activities.
Worrall: How does Sun's approach to BPO architecture fit with the company's overall IT strategy?
Hoiem: Just like the way Sun provisions IT to its employees, my group is moving as many things to the edge as we can. Ideally, anyone with authorization will be able to use their choice of client or Web browser - and get the information and applications they need based upon their roles and the details of the BPO contract. We've reached this level with our email, calendar and even some HR services. As we move forward, we plan to eliminate the need to implement and manage virtual private networks (VPNs), which will reduce costs and implementation times in other areas.
Worrall: How do we fit particular BPO processes into the right infrastructure categories?
Hoiem: BPO infrastructures largely depend on two factors — work location and dependence on Sun infrastructure. At Sun, we categorize outsourcing by three levels. Outsourced datacenter operations and other vendors that work on-site are usually called level one BPO engagements. BPO vendors such as call center providers that need to access Sun applications remotely are typically level two engagements.
At level three — which is where we're trying to get with all our BPO — the vendor develops and operates business systems at its own facility. At Sun, these vendors are in fields such as human resources and benefits administration. They provide Sun with access to applications that they run in their own datacenters.
| |
Making the Most of BPO
Get details on Sun's three-level strategy to managing BPO for optimal operational efficiency, cost savings, and identity-based security — and how a similar approach can benefit your organization. Learn about:
- Level One: The initial step for BPO, with on-site activities
- Level Two: Halfway between on-site BPO and vendor autonomy
- Level Three: Vendor develops and operates BPO systems at its datacenter
Learn more now...
|
Worrall: What are the architectural challenges at each of these levels?
Hoiem: The architecture at level one is the least challenging because vendor staff are working at a Sun site and using Sun systems, just like our employees. At level two, things start to get more complicated because there are issues in securely connecting off-site vendor staff to Sun's infrastructure. At level three, where work is performed remotely on vendor systems, we typically deal with identity management issues.
Worrall: How do the cost savings break down at each level?
Hoiem: At level one, cost savings are mostly in having another company manage work traditionally performed by corporate support staff. Provisioning costs are still incurred, but not traditional employer obligations. This usually offsets the overhead costs of having vendor staff use Sun applications.
Interestingly, the middle ground of level two can be a bit more expensive than level one engagements. The reason? There are costs that accompany the communications links and management of Sun applications accessed remotely by third parties. But if the vendor's labor and facilities costs end up being less than the integration and operating costs for the engagement, level two BPO scenarios can still provide significant cost savings.
It should come as no surprise that level three engagements provide the most cost savings. It makes sense, if you think about it — the Internet connections that enable access to vendor applications are already in place.
Worrall: How is your team balancing security requirements with the access BPO vendors need to do their jobs?
Hoiem: The degree of security is usually dictated by the sensitivity of the information handled. For example, an office supply vendor doesn't need the same strength of security controls as an HR vendor. As we move BPO architecture farther to the edge, we're revising our security policies to ease the use of the vendor's desktops and infrastructure in all but the most data-sensitive cases, and this usually results in lower costs and faster implementation time.
We use Sun's identity management software in all three BPO levels to provide authentication and access control to applications and data.
At level one, vendors use Sun Ray thin clients to access the business systems, and we manage access to Sun applications and systems via role-based access control. And as in level two engagements, we manage and provision user identities with the Sun Java System Identity Manager.
In level three engagements, we prefer to implement federated identity and authentication with vendor systems through the Sun Java System Access Manager. This provides a single sign on between internal and external applications and implements stronger authentication for more sensitive applications. It also avoids the need to give user credentials to outside vendors. As far as the user is concerned, it's as if permission is immediately granted, but the value for Sun is that none of our user credentials are ever stored at the vendor site, which minimizes risk.
Worrall: How else are you using Sun technologies for BPO engagements?
Hoiem: Because many Sun applications and systems have grown up with the Internet, these technologies put us at an advantage in BPO engagements. Sun Ray thin clients have worked well for level one and two engagements because they minimize desktop costs, power consumption, and management requirements. Unlike Windows environments, the Sun Ray thin client environment doesn't tie users to a specific desktop, and this saves us money in level one engagements.
But as we push things to the edge, we're phasing out dependence on remote Sun Ray clients in level two engagements. Eventually, level two vendors will implement, provision, and manage and operate their own desktop client infrastructures and access applications at Sun through the Sun Secure Global Desktop Software. Most of our applications can be accessed through a Web browser, but not every organization is in this position. With the Sun Secure Global Desktop Software, applications with rich clients that can't be accessed directly by browsers can still be reached remotely through a browser.
Worrall: What's your advice for organizations that are starting to eye BPO engagements?
Hoiem: I think our experience can be quite instructive. In addition to insisting on federated naming services - which gives Sun the final say in access details such as passwords and user names — it's really important to have language in a BPO contract that fully defines performance standards. I can't stress this enough.
Sun's procurement process for BPO services includes descriptions of expected performance under normal load, definitions of maximum load, and expectations for performance under maximum load. Just as in most things, if you set expectations clearly at the outset of an engagement, the benefits of BPO usually follow.
Bob Worrall
CIO, Sun Microsystems, Inc.
| 
