A client of ours recently asked this question: “Are you aware of the trend of companies establishing shared IT services organizations with other companies – not cloud or outsourcing with managed providers but two companies deciding to share data centers or certain applications as an example.“ So, we asked our IT manager to look more into it and provide some more information. We would like to share that with our readers:
One thing to understand is that IT Shared Services Organization (or IT-SSO as it is called sometimes) could be an external organization that services the needs of multiple organizations OR two (or more) companies can decide to form a cost center by combining their IT organizations…these companies can also decide to have separate IT organizations but they share the load, act as each other’s backup or collaborate on projects and establish DR/HA practices. The first one where a company does the managed services for several companies has been around for years (example: IBM managed services in their data centers), what he was interested in here is the second trend where a couple of companies decide to form a cost center by forming an IT Shared Services Organization.
Before we dive into the details of it, first thing to understand is why is there even a need for IT-SSO for the second trend that we are seeing in the industry. Why would any corporation even consider looking into it?
In order to understand the need, consider this scenario – In a city, how many companies and within those companies, how many departments have their own dedicated network and cabling, each with their own:
- Internal Data Centers or Server Rooms,
- Infrastructure security layers
- Network management
- Help Desk management
- Application Hosting
- Content Management
- Hardware infrastructure,
- Their own patch management standards
- Same kind of software and hardware licenses
- IT Staff
- Energy consumption
- Under utilized hardware and storage resources
About 15-20% of the costs of any SMB organization goes towards IT. For Tier-1 Organizations, this number is even higher. Many of these organizations do not go with the managed services from large players like IBM etc. because of cost and more importantly because they want their own teams doing this work to do proper justice to the business and the turn-around times. Having a team of employees v/s an outside company doing it for you has differences in terms of turnaround time on projects, accountability and protecting your IP for any of the critical business applications.
If many of these companies start using an IT-SSO model, each of them would stand to gain from it. Here are some of the benefits:
- Single Service Organization with better manpower utilization
- Cost benefits in terms of resources, hardware and software licenses
- Common Patch management and standards
- Companies can focus on their core business rather than IT infrastructure
- Shared Storage
- Cost savings in terms of energy consumption
- Cost savings in terms of contracts with external vendors & partners
- Uniform practices and standards – for different companies, these might be at varying degrees of maturity depending upon their adoption.
- Better scalability because of common pool of resources.
- Better insight into & adoption of new technologies so strategic advise and guidance can be obtained.
- Organizations can save huge costs on their Production and DR sites as they have their DR at their partner’s primary site and vice versa.
- Leveraged resources. With private cloud, the entire infrastructure can be considered as one pool and can be used by other organization during their spike traffic if the other organization doesn’t have much traffic during the same time.
- Leveraged knowledge – Both organizations can share their expertise on managing their infrastructure.
- Energy cost savings and better scalability due to consolidation – one can make use of VMWare’s VI3 infrastructure and blade servers
So, having said that, what kind of infrastructure and applications are we really talking about over here and do some companies fit this model better than others? Ideally speaking, every company can fit this model – one main concern could be around security access to the data, their IP and compliance. Before we delve into that, here are some of the applications and IT infrastructure needs that I think stand to gain from IT-SSO:
- Internal Desktop and Server IT infrastructure and support
- Internal Applications like:
- Accounting packages (Great Plains, SAP Business One etc.),
- HR software applications,
- MS Office (either through virtual desktop infrastructure or Online),
- Content management systems like MS Sharepoint
- Development and QA environments and software like VS2008, QC, Load Runner etc.
- Source code control systems like Sourcesafe, Subversion, TFS etc.
- Database Servers – Oracle, SQL Server, DB2 UDB etc.
- Phone Systems
- Major software systems like PeopleSoft, SAP, Oracle where a lot of differences between 2 organizations is merely in configuration. The hardware and software requirements are nearly similar.
- Operating Systems & their patch management
- IM tools like internal facebook/twitter/yammer or MS Communicator
- Networking Systems
And what are the hurdles to this approach? Before jumping on the bandwagon, it is important for the companies to understand how a shared services model fits successfully into the overall business strategy of the firm. We think that the major changes involved when transitioning to shared services are process and communication related. Aligning the team members and gaining their commitment are necessary for success. In addition, one clearly needs to understand their security and compliance needs and proper SLAs need to be in place.
So, here are some of the cons or rather hurdles to this approach:
- Requires proper buy in from the CxO levels as well as the IT & Development teams. Easier said than done. Even after the buy in, proper governance needs to be defined (more on this below).
- Defining SLAs would be a bit complex – the more the number of companies involved, the more complex it becomes.
- Needs a very strong project management regime/discipline to drive the collaboration activities. This collaboration must generate business value and each and every step needs to be measurable. Parties need to agree on the common goals and maintain a clear mode of communication involving the IT-SSO.
- Compliance issues – Both organizations need to make sure their information is secure and managed according to compliance regulations – depending upon the different business verticals, this can be a major point so it might make more sense for corporations in the same business domain to do this. Example: A heathcare software company co-sharing the data center with say an online accounting software company would have totally different compliance requirements.
- Companies would have concern about their IP rights which can become a serious issue if the companies are in the same business space.
So, why now? Because the advancements in technology (VMWare, Blade Servers, Geo Clusters) makes it easier to implement such solutions. Not only that, the companies are realizing that benefits in terms of cost and time are to be gained if they consolidate and have a shared IT services organization with other companies.
The first movers that we have seen or read about who are adopting this are either educational institutes, universities, small practices/hospitals and Federal Agencies. As far as private companies go, we think that those that are either funded by the same venture group or those who have some of the same folks on their board, will be the next to move towards this. Here is an article on computerworld that you would find interesting: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9029160
We think that if proper governance is there, then moving towards IT-SSO is an achievable goal which has several benefits. What do we mean by that? By governance, in this case I mean that three questions need to be answered properly – these three questions were cited by Accenture in their study (Driving High Performance in Government: Maximizing the value of Public-Sector Shared Services, Accenture, Feb. 2005.) and also by Nancy Desormeau:
- Who decides what? ==> The decision-making roles and authorities for strategic direction and for ongoing operations.
- Who does what? ==> The roles and responsibilities for achieving results, the form and composition of the decision-making bodies.
- Who answers for results? ==> Accountability and recourse.
One needs to define the governance accountabilities at three tiers: Executive, Strategic Partnerships and Operational. So, this can be done and is being done by different organizations in order to save on costs and also provide a more efficient and scalable solution to their organizations. Whether it is a right solution for your organization, only you can tell.
- ComputerWorld article referenced above.
- Accenture Study referenced above.
- Presentation by Nancy Desormeau – here.