To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/itdirector/0,39024673,39117282,00.htm

The Bloor Perspective: ID theft, infrastructure modelling, new breed of consultants
This week Robin Bloor's team looks at why companies need to take ID theft more seriously, the opportunities for outsourced and centralised IT reporting and the shift to networks of independent consultants...

By Bloor Research

Published: Wednesday 10 December 2003

Traditionally, the most common way for thieves to obtain ID information is carelessness on the part of individuals and not taking sufficient care to safeguard personal information, especially when disposing of it. One of the richest treasure troves for thieves looking for personal information are household and company rubbish bins.

However, as the use of the internet has grown, so too have the incidences of online identity theft. But why should businesses care? For a start, theft of credit card and account information is one of the most common reasons for identity theft, but consumer liability is generally capped in the case of such fraud - leaving financial institutions to pick up the pieces.

Until recently, identity theft has been less of a threat in Europe than in the US. One of the reasons why it has been such a problem in the US is the traditional use of social security numbers as an identifier - a piece of information that, when linked to the name and address of the individual, makes it relatively easy for a thief to assume an individual's identity.

Companies need to be aware that identity theft is a pressing problem for them - especially since the vast majority of fraud is carried out by insiders. There have been numerous reports recently of employees involved in theft of information, such as customer credit card numbers. And companies are increasingly finding themselves being held responsible.

Companies need to think about how data is distributed in their organisations and must train employees on privacy matters relating to customer data. Policies should be drawn up and enforced regarding which employees have access to what data in which circumstances and procedures need to be put in place to handle complaints arising from its misuse. To reduce the likelihood of the problem occurring, background checks should be made on all employees.

Much legislation has been passed that affects this area and there will be more to come. But, as a rule of thumb, companies that comply with the principles of the 1998 EU Data Privacy Act will be in a good position to ensure that they are less likely to be targets of identity theft attacks.

*Outsourced reporting and monitoring*

Any infrastructure management architecture can be divided into three distinct activities. At the lowest level there are facilities for monitoring and reporting events within IT components. At the highest level are to be found the reporting and analysis functions that provide the information at the level it is required. In the middle, providing the abstraction needed to get from the physical IT infrastructure to the reporting, is a modelling function.

There is a clear opportunity for third parties to work at the middle and higher levels; taking event information from the IT infrastructure and feeding it into their own management models. Until recently this was not really possible because the levels of interaction between monitoring agents from different management solutions was not good. However, today we see that all of the major enterprise management solutions and some of the lesser ones have the ability to share event information collected by each others' agents.

This is good for the customer because it can use the best monitor for each technology component. It is even better for a third party outsourcer because, now, it only needs to set up a secure and reliable NOC using a single technology supplier. It can then feed information from all its remote customers regardless of their preferred solutions.

Why is outsourcing an option? The answer to that one is in repeat business. As its customer base builds, it can provide rapid time to market because the central management is already configured and it can provide instant intelligence because it will have event management procedures for the majority of components already defined. It's a better solution available more quickly.

The major effort required is in the development of the model and reporting. This is unique to every customer but the modelling can support everything from basic device monitoring through to full-scale SLA implementation. Web based reporting ensures corporate dashboards, SLA compliance or even shared consoles are easily available - even if the NOC is in another country.

Whilst there are obvious parallels with ASP's - the need for a very robust operations centre and an ability to move on at the end of a contract - this is a single specialist service. With the right pricing model, the opportunities exist for businesses of all sizes to implement or evolve their management solutions at whatever level they need for a reduced initial investment. Think about this next time you consider how much your company spends delivering its managed IT services.

*Independent consultants*

After the biggest ever recession in the consulting industry, the shape of the industry seems ripe for change - driven by low cost outsourcing and the increased popularity of networked organisations. Clients will have new options for their assignments; highly experienced independent consultants for advice and low cost commodity implementers for the large-scale tasks.

In the last 10 years, we have seen consulting companies taking on the management of large programmes and projects. For large consultancies, the attractions were clear, by undertaking the implementation of their advice they increased the size of their assignments and made better use of scarce senior consulting skills. Their clients also preferred action and results to reports that just sat on the shelf.

Now the cycle of consultancy has turned and a new model emerged that has much in common with the original consulting model where the client developed a high level of trust and a personal relationship with the consultant and received practical and tailored advice. Clients didn't expect the consultants to implement the advice in projects. They realised that if they were going to get the full benefits of the advice they had to take ownership of the solution and put it into practice themselves.

In the new model, clients will use networks of very experienced independent consultants to deliver high-level tailored advice, change management, programme and project management while coaching management and transferring their skills to the client staff.

Networks of consultants have been around for some time. These consultant networks form agile virtual teams where membership qualifications assure quality delivery. Consulting networks provide the benefits of access to a large pool of expertise while ensuring that the costs and politics of large consulting companies are avoided.

The beauty of the network is that it makes a wide range of expertise available to the client. As a sole practitioner or member of a small firm, each consultant is fully committed to the client's success and has no other agenda than the clients' interests. Because overheads are low, this approach is very cost-effective and companies gain access to levels of experience they could not justify using from other sources.

However well a consulting company supports its consultants, experienced clients know that the most important criteria in selection is the experience and ability of the individual to be given the assignment. Networks of consultants provide the most effective method finding and commissioning these key individuals.