Outsourcing Application Development? What You Should Know to Avoid Its Bite!
Depending on the size of the company, outsourcing of IT (information technology) includes such functions as payroll, HR benefits administration, Internet access services, e-mail, Web sites, application hosting services, network services, and content delivery. A new trend in outsourcing, the development of software applications, brings with it new risks that need to be factored into management’s plans. This Perspective uncovers the risks and mitigation approaches.
Aberdeen Perspective
Software applications once held the keys to the kingdom by encapsulating business processes in logic and making it possible for firms to extract latencies that otherwise led to errors, customer service problems, billing errors, product delivery glitches, and sales forecast blindness. The commonly cited benefit about technology is that corporate performance is ratcheted up with automated systems and software applications. Supposedly, business process logic embedded in application systems enables senior managers to establish consistent procedures, objectives, and measurement systems that then translate into increased productivity. At least, this is the theory.
*******************
Synopsis
New risks posed by software development outsourcing and contracting include
(1) an increase in untested technology vulnerabilities;
(2) additional costs for break/fix and patching;
(3) increased risk due to unauthorized access to critical business data; and
(4) operational instabilities that could increase tangible and intangible business risk.
******************
Along the way to software process application rightsizing, many firms found that the benefits from technology investment were difficult to measure, too costly to measure, or became distractions to the business. Along the way, business executives also learned that data - in the context of the business situation - is what delivered real value, not simply software applications. Despite good intentions, the time frames needed to achieve the benefits for some of the big-ticket software platforms of the late 1990s far exceeded original projections. The result today: very few companies are buying big-ticket business software business-theory platforms, many of which were last purchased during the go-go days of the Y2K rollover.
A new pragmatism involving incremental application development improvement has taken root among many line-of-business and information technology executives. This new pragmatism includes the outsourcing of software application development because it is seen as a faster alternative than retraining and retooling everything in-house.
However, there are some new hidden risks to contracting and outsourcing of software application projects that need to be planned for and mitigated as a part of management’s plan.
Software's New Risk
Software development projects are goaledand measured by three performance metrics: (1) functionality, (2) schedule, and (3) quality.
The history of software development projects consistently shows that functionality and schedule always dominate quality. This fact explains why few - if any - firms will deploy the first release of any software product. “Let the other guy test the software first, and we’ll reap wait for a stable release” is a very common and pragmatic practice. Unfortunately, there are no other guys to test software development that is outsourced: you are alone! Most outsourced application development is first release and often the only release.
In addition, few software contract and outsourcing firms have the necessary experience, background, and processes to conduct rigorous quality tests. A general lack of cross component, data integrity, and security testing means that buyers often find themselves managing post-deployment cleanup programs. And in unusual circumstances, backdoor systems maintenance accounts tend to leave the enterprise further exposed to unseen and unaudited risk.
Mitigating the Risks
One approach to mitigating the risks associated with external software development is to force the contractor to do all the heavy lifting. This approach might work when dealing with the largest of software development contractors, but it will not work with the boutiques and smaller firms.
*******************
Unfortunately, there are no other guys
to test software development that
is outsourced: you are alone!
*******************
Contracts with the largest firms should establish measurements for quality, data integrity, and security testing. Obviously, such outsourcing contracts will cost more and take longer to complete. However, a general lack of expertise in the area of security and vulnerability testing indicates that contracts alone will not be sufficient. Rather, security flaws and vulnerabilities will likely continue to plague the deployment of software applications, outsourced or not.
As a result, firms outsourcing software development should consider increasing their budgets for internal test, quality assurance, and security testing, before applications are deployed. Furthermore, the interconnected manner in which many contemporary Internet information-based applications are being employed indicates that 24 by 7 security and vulnerability monitoring programs may be appropriate.
Outsourced application development presents opportunities that need to be weighed against new risks. Planning for these risks beforehand will help firms to avoid the inevitable bite that is sure to follow from the deployment of the new applications.
|
