Document Sample
ch08 Powered By Docstoc
					                          CHAPTER 8—MANAGING OPERATIONS

The three major operational issues discussed are outsourcing information systems
functions, information security, and planning for business continuity. Case examples
include Microsoft, ANZ Banking Corporation, Eastman Kodak, Honda Motor Company,
Credit Card Fraud, Plymouth Rock Assurance, and Household International.

INTRODUCTION – Due to mergers, the Internet, e-commerce, and the September 11
terrorist attacks, the subject of computer operations has been receiving a lot of attention.
Systems operations are important because, if they are not professionally run (and backed
up properly), a computer or network crash could shut down a company’s business for
some period of time. The main change in operations is a shift in viewpoint. Traditionally,
managing operations has meant managing inward — managing one’s own operations
staff, including those who work in the data center, data administration, network
administration, and systems programming. Today, it is just as likely to mean managing
outward — managing the company’s relationships with IT external service providers
(ESPs) who have taken over day-to-day operational work.


        Why Talk About Operations? – Because it involves so much money, it’s
         complex, and it’s important to business operations.

        Solving Operational Problems – The best solution is to 1) continually document
         and measure what you are doing, 2) uncover the real problems, not just the
         apparent ones, and then 3) set the standards.

        Operational Measures – The measures are internal (what IS needs to know) and
         external (what customers see). Problems reported by the external measures can
         generally be explained by deviations in the internal measures.

        The Importance of Good Management – IS management needs to create a
         corporate culture that recognizes and values good operations. The skills required
         of an operations manager are similar to those needed in a factory.

        What’s New in Operations?

          Companies Have “Cleaned Their Operational House” – Y2K and the
           Internet forced companies to ―clean house‖ in their data and network center
           operations. The resulting changes have led to far better operational structures
           because management took the time to define the rules for operations and put
           better policies and procedures in place. Had they not gone through Y2K, most
           companies would not be operationally prepared for the Internet.

          More Operations Managers are Managing Outward – A growing number of
           companies are turning to a third party to run their data centers. Even for
           companies keeping their own data centers, an increasing number are taking

Information Systems Management in Practice                         Sixth Edition Instructor’s Guide
             advantage of operational services provided by third parties, especially for e-
             business operations.

          Operations are Being Simplified – Operations are frequently simplified by
           centralizing programs – via server-based computing – rather than distributing
           them on PCs.

          Certain Operations are Being Offloaded –Web ―event management‖ means
           hosting a real-time event on the Web. When successful, these ―Webcasts‖ lead
           to huge spikes in website hits. To avoid being swamped and having the
           website crash, companies offload the operational aspects of these events to
           third parties that specialize in hosting such activities.

                 CASE EXAMPLE: Microsoft – When Microsoft officially announced a
                  new version of Windows, it did so not only at a major launch event in San
                  Francisco, California, but also via a public Internet broadcast, and a
                  private Webcast to 6,000 original equipment manufacturer (OEM) system
                  builders in 83 countries. That private Webcast was handled by a company
                  that has ―edge servers‖ in 66 countries, giving users in far-flung locations
                  fast downloads of Web content and streaming media.

turning over a firm’s computer operations, network operations, or other IT function to a
provider for a specified time—generally, at least a few years.

        The Driving Forces Behind Outsourcing – Outsourcing descended on IS
         departments as a follow-on to the merger and acquisition activities in the 1980s.
         Companies faced global competition, so they had to focus on their core
         competencies, and do some restructuring. Outsourcing is part of the drive for
         focus and value, and it is not solely an IT issue.

        Changing Customer-Vendor Relationships – Relationships have expanded
         from buying professional services, to buying products and transactions, to
         integrating systems, to outsourcing – the most bundled approach to contracting. In
         this evolution, CIOs have increasingly lost control, vendors take on more risks,
         margins increase, and importance of choosing the right provider becomes more

        Outsourcing’s History – IT outsourcing essentially began in 1989. Today, the
         field also includes transitional outsourcing (helping a company move to a new IT
         platform), best of breed outsourcing (outsourcing each IT function to a best-of-
         breed provider), offshore outsourcing (to providers in India and elsewhere around
         the world), shared services (consolidating back-office function into one center in-
         house), business process outsourcing (outsourcing a process with a large IT
         underpinning), and e-business outsourcing (outsourcing the infrastructure
         supporting e-business),

Information Systems Management in Practice                           Sixth Edition Instructor’s Guide
            CASE EXAMPLE: ANZ Banking Group Ltd. – Australia’s largest bank
             has outsourced its procurement function, not to reduce costs, but to gain
             greater quality purchases and lower ANZ’s annual purchasing spend. The bank
             has learned numerous lessons in this world-leading outsourcing deal: be
             prepared to change the contract as your environment changes, make step
             changes in technology and processes to save time and money, focus on having
             an effective transition, do your best to make the outsourced group appear
             seamless to your employees, focus early on what you want and don’t get
             sidetracked, keep incentive mechanism simple and transparent, be able to
             benchmark performance, and understand, to a fair degree of detail, the value
             chain you plan to embrace.

        Managing Outsourcing – Numerous aspects to managing outsourcing needs to
         be handled well to create a successful working relationship, including the
         organizational structure, governance, day-to-day working, and supplier

            CASE EXAMPLE: Eastman Kodak Company – Kodak was the first major
             company to outsource its well-run IS department. It put in place a robust
             organizational structure: a management board (including senior management
             from both companies and focuses on strategic issues), advisory council
             (handling technical and operational issues by focusing on what Kodak wants,
             not how the services are delivered), supplier and alliance management group
             (managing all longer-term outsourcing relationships and other contracts with
             large IT suppliers), relationship (the focal point of Kodak’s relationship with
             one provider), working groups (to facilitate changes in processes, promulgate
             standards, achieve business recovery in case of disruption, and promote
             effective use of IS services), and client surveys (conducted twice a year).

            CASE EXAMPLE: Honda Motor Company – This automobile
             manufacturer conducted pioneering work in improving suppliers’ capabilities
             by pairing Honda engineers with a supplier’s engineers to drastically lower the
             cost of one part supplied to Honda. The results are like ―waling around
             picking money up off the floor.‖

INFORMATION SECURITY – Even CEOs are now knowledgeable about this subject

        The Threats – Threats are numerous. Websites are particularly vulnerable.
         Political activism is one motivation for website defacement. Theft of proprietary
         information has held steady, but losses have significantly increased. Likewise,
         losses from financial fraud are rising. Losses are increasing dramatically because
         companies have rushed into e-commerce, often with applications that do not have
         security built into the architecture or procedures. It is easier to guard a bank vault
         than to guard every house in town. That’s why many companies are outsourcing
         their data center operations to data center specialists with vault-like security.

Information Systems Management in Practice                           Sixth Edition Instructor’s Guide
            CASE EXAMPLE: Credit Card Fraud – In one case, MSNBC reported that
             a bug in one shopping cart software product used by 4,000 e-commerce sites
             exposed customer records at those sites. One small e-commerce site did not
             receive the warning. Within days, cybercriminals charged thousands of dollars
             on the credit cards of users of this small site. In another case, two foreigners
             stole 56,000 credit card numbers, bank account information, and other
             personal financial information from U.S. banks, then tried to exhort money
             from the cardholders and the banks, threatening to publicize the sensitive
             information they had unearthed.

          Hackers use nine approaches to cause harm: cracking the password, tricking
           someone, network sniffing, misusing administrative tools, paying middlemen,
           denial of service attacks, Trojan horse programs, viruses, and spoofing.
           Because airtight security is not possible, companies need to prioritize their
           risks and work on safeguarding against the greatest threats.

            CASE EXAMPLE: An Internet Services Company – This firm’s starting
             point in protecting its systems is to deny all access to and from the Internet.
             From there, it opens portals only where required, and each opening has a
             firewall and only permits specific functions. The security team constantly
             ―checks the locks‖ by keeping track of the latest bugs found, staying up-to-
             date on the latest security attacks, subscribing to hacker e-mail lists and
             bulletin boards, personally exploring some risks, logging and monitoring all
             incoming and outgoing traffic, and testing the system monthly from a remote
             site. Most importantly, it educates employees and clients as the greatest
             security precaution.

        Security’s Five Pillars – Authentication verifies the authenticity of users,
         identification identifies users to grant them appropriate access, privacy protects
         information from being seen, integrity keeps information in its original form, and
         nonrepudiation prevents parties from denying actions they have taken.

        Countermeasures – The trend in computer security is toward defining security
         policies and then centrally managing and enforcing those policies via security
         products and services or policy-based management. Three techniques used by
         companies to protect themselves are firewalls (to filter messages and block illegal
         traffic), encryption (to decode messages into gibberish that only the intended
         recipient can decode), and virtual private networks (a secure Internet-based

            CASE EXAMPLE: Plymouth Rock Assurance Corporation – This
             automobile insurance company created an extranet that independent agents
             could use to transact business with the company. The most cost-effective
             approach was to create a DSL-based virtual private network between each
             agent and PRAC, an offering of a local company.

Information Systems Management in Practice                          Sixth Edition Instructor’s Guide
PLANNING FOR BUSINESS CONTINUITY – Business continuity is broader than
disaster recovery because it includes safeguarding people during a disaster, documenting
business procedures (instead of relying on certain employees who may become
unavailable), and giving employees the tools and space to handle personal issues first so
that they can then concentrate on work. In short, it is a business issue, because IT disaster
recovery is just one component.

        Using Internal Resources – Organizations that rely on internal resources for IT
         disaster recovery generally see this planning as a normal part of systems planning
         and development. They use multiple data centers, distributed processing, backup
         telecom facilities, and local area networks to provide the backup and recovery
         they need.

        Using External Resources – In many cases, a cost-versus-risk analysis may not
         justify committing permanent resources to contingencies; therefore, companies
         use the services of a disaster recovery firm. These firms provide integrated
         disaster recovery services, specialized disaster recovery services, and online and
         off-line data storage facilities.

            CASE EXAMPLE: Household International – More than 9 inches of rain fell
             on the Chicago area in 12 hours causing widespread flooding. By 10:30 a.m.
             the water had risen to 31 inches in the data center—9 inches above the 22-inch
             false floor. Computer operations were transferred to a disaster recovery site.
             From this disaster recovery, Household learned: to consider the risks of a
             natural disaster in selecting a data center location, to create a plan to return to
             the primary site after the disaster, not to expect damaged equipment to always
             be replaced or restored to original condition, to test hot-site resources under
             full workload conditions, to plan for alternate telecom routing for multiple-site
             operations during a disaster, and to maintain critical data at the alternate site.

CONCLUSION – The subject of managing computer operations is, perhaps surprisingly,
at an all-time high because of the emergence of e-commerce, the increasing use of
outsourcing, news-grabbing viruses, attacks on major websites, and the terrorists acts on
September 11th. As enterprises increasingly rely on computing and telecom to work
closely with others, they open themselves up to more threats by electronic means.
Companies must be increasingly vigilant to outside threats. In short, the view of
operations is shifting from managing inward to managing outward.

 PART II DISCUSSION CASE: Managing Information Security on a Shoestring
  Budget – This case illustrates the Indian Institute of Management, Lucknow’s (IIML)
  implementation of a robust security management infrastructure with a limited budget
  on hand. The case discusses the importance of developing security policies, and
  selecting a proper combination of freeware and proprietary software components. The
  case illustrates the trade-offs involved and presents experiences of IIML in
  outsourcing the post-implementation phase to a Security Service Provider. Case is
  from Idea Group. Students are asked to assess the current situation and propose routes
  they feel management should take.

Information Systems Management in Practice                            Sixth Edition Instructor’s Guide
Information Systems Management in Practice   Sixth Edition Instructor’s Guide

Shared By: