All Posts By

Care Analytics

Top 10 reasons for BPO - Care Analytics

Top 10 reasons for BPO

By | Software Outsourcing | No Comments

In this blog, I thought we would discuss the business benefits of Business Process Outsourcing (BPO). BPO has been around for a while now and it continues to grow. BPO provides some significant advantages to the businesses who choose to pursue, and sometimes to go through the growing pains of incorporating them. Here are the top 10 reasons for leveraging BPO at your company.

  1. Increase revenue and cycle times

Whether it is by calling clients, processing files, underwriting loans, or handling inbound transactions, you can leverage BPO activities to increase revenue generation activities. Most companies think about BPO in terms of cost reduction or access to talent, but the highest returns in BPO are usually in revenue generation processes. Sales and Marketing, loan processing, customer analytics, and inbound sales support are areas where cycle times can be reduced to improve revenue. These should be areas to consider for BPO.

  1. Improve business focus

In addition to improved cycle time, improved business focus can help drive company revenue by allowing key resources to focus on company growth. Outsourcing redundant tasks that provide little business value will allow your team to focus on higher value, revenue generating activities.

  1. Lower, and create more predictable, costs

Let’s face it, outsourcing your operations are usually about lowering costs. The cost per unit of production can be dramatically lowered, even taking rework into account. These cost savings can then be used to invest in strategic business activities. Another advantage in BPO is that you can create predictable costs through contractual arrangements. This helps the financial team project actual costs going forward. This is a real advantage to the CFO as they manage cash flow.

  1. Improve productivity and throughput

One of the big advantages of BPO is that you can improve the quantity of output you can produce in a set timeframe, without having costs increase dramatically. You can blend an onsite and offsite team to double production. You can have a “night shift” to process files to be ready to execute the next day. You can also set up a 24 hour a day processing center to maximize throughput in a day. All of these scenarios allow you to process more in a given period of time.

  1. Customer Service – Increase the speed of resolution

Clients want responses now. Unfortunately, to staff a full call center to be available now, can be very expensive. BPO can help alleviate this situation. A BPO center can catch overflow when lines are backed up. Or, if you do not want a call center where the BPO rep speaks directly with a client (mortgages come to mind); a BPO center can process files and get them ready and if questions come in, the reps can email responses or forward them to whomever you assign.

  1. Access to world class specialists

In many industries, there is a shortage of qualified resources. Companies need access to trained, professional specialist that understand the industry and the process. Setting BPO centers provides access to many resources that have prior experience processing functional and/or industry focused tasks. Gaining access to trained professionals is one the biggest use cases for leveraging BPO services.

  1. Meet fluctuation demands quickly without hiring additional staff

For many industries there are cyclical fluctuations in demand. This could be due to seasonal demand, or fluctuating supplies. In some cases, there are irregular spikes in demand. In both cases, companies look for solutions to cover excess demand without having to hire additional long term staff. They often outsource a percentage of the business to the BPO firm, then sign contracts that if demand spikes, the outsourcing center will reassign workers to cover the excess demand. This way they keep the same amount of work for their onsite workers.

  1. Improve quality in routine processing

While most people do not associate quality with BPO, it can be an effective strategy due to existing quality control procedures at most BPO operations. This is even more so the case when mundane, routine operations are involved. In the US, workers can get bored, and then quality control falls far behind the standards set in overseas operations. BPO operations are used to, and are prepared for, routine mundane tasks, so it is an effective way to increase quality in these situations.

  1. Ensure compliance and share risk

Many BPO operations are more compliance conscientious than their US operational counterparts. This is because they are heavily audited, internally and by their customers. So you can actually help compliance issues by outsourcing operations to companies that specialize in that specific task. In addition, you can contractually share the risk if compliance is violated. This will help mitigate the risk and lessen the impact if there is ever a violation.

  1. Streamline operations / Accelerate the benefits of Re-engineering (BPE)

One the lesser discussed advantages of BPO is the ability to streamline the companies process by leveraging the BPO firms best practices. Or team the process of outsourcing with a business process engineering (BPE) exercise. Do not just outsource an inefficient process. Instead, go through the process of streamlining the process first, then outsource it with the vendor. In most cases, the BPO vendor can provide advice and guidance in creating best practices. You will then gain efficiencies from improvement of the process, and from outsourcing. Your productivity should dramatically increase.

BPO can be an effective way to increase your productivity, reduce costs, and gain access to needed resources, but the highest return may come from revenue generation activities. Whether that is direct sales and marketing activities, or just providing quicker backend processing so the direct teams can make the sale faster or more cost effective. BPO can also help in creating best practices, compliance, and you can share the risk of non-compliance with the BPO vendor. This is the reason that the BPO industry continues to grow year over year.

So that is all for this week. Please contact me at tommy.simon@careanalytics.com if you have feedback, comments, or ideas. Until next time. I wish you health, happiness and prosperity.

Tommy Simon
President and COO of Care Analytics

Top 10 things to look for when selecting an outsourcing partner - Care Analytics

Top 10 things to look for when selecting an outsourcing partner

By | Software Outsourcing | No Comments

I was visiting several customers this week to discuss various software outsourcing opportunities and a topic that repeatedly came up was what makes a good outsourcing company. So I thought it would make a good subject for this blog. Since I have recently been in the habit of creating top 10 lists on several topics, I thought I would continue the trend and give you my top 10 things to look for in an outsourcing vendor.

  • Consistent delivery

This goes without saying really, but there is nothing more valuable than a partner that can, and does, do what they say they can do. The best way to validate the company’s ability to deliver is by giving them several short four to eight week engagements and see how they handle them. Do they do what they claim? Does it go smoothly? Look for how consistent the delivery is over a few projects. If they are consistent, then they probably have quality and delivery embedded in their cultural DNA.

  • Finding the Right Size Organization

One of the important factors in selecting an outsourcing partner is finding the “right sized” IT vendor. This means finding the right size company for the size of your project. If you are looking for a $100M outsourcing deal, there are only a dozen or so companies that can really handle that. You do not want to select a smaller firm for such a large project.

On the other hand, you do not want to be a small fish in a big pond. If you have a $2M outsourcing deal, you do not want to go with a big firm. Why? You will get the large vendor’s ‘C’ level talent (maybe worse). It is important for you to select a vendor where you are a big fish, but not too big. You do not want the risk of being their biggest client, but you do want to have influence.

Typically, being in the top 3-10 billing clients is a strong position to be in without too much risk. This will help ensure that you will get ‘A’ level talent, attention at the executive level, as well as other favorable perks, and terms and conditions that you will not get as a smaller client. Of course, you should do your due diligence to make sure that the ‘right sized’ IT vendor has the experience and technical capabilities to meet your needs. But getting the right sized vendor is critical to the overall success of the outsourcing engagement.

  • Business Continuity

Look for a company that has been doing offshore for a long period of time. Having worked for a company that was new to offshoring and one now that has been doing offshore for 18 years, I can tell you it takes a while to work out the kinks. It takes at least a few years to really mature. If I was looking for a company, I would want at least 4 to 5 years of experience before I would work with them. The longer the company has been doing offshoring, the more likely they are to have matured delivery processes and perfected working with clients to achieve the overall goals of the project.

  • Communication Plan

This may need to be much higher on the list of priorities, particularly if you are not familiar with offshoring. Communication plans should be based on a complete team approach. Daily meetings with the PMs and developers. Weekly status meetings with the business. A minimum of monthly meetings with the executive team. There should be clearly defined escalation processes, as well as regularly scheduled meetings with the business champions to demonstrate results and get feedback. When evaluating potential offshore partners, thoroughly investigate the communication plan and determine if there is transparency and open, ongoing dialogue. But that is not enough.

Having a plan is step one; executing the plan is even more important. Talk with client references and ask about the communication process. Find out if the vendors are consistent in following their plan. Find out if the business is involved, or is it just at a PM level. Can the developers, analysts, or workers be reached when needed? How long does it take to get feedback? Due diligence around communication will be key. And the only way to get real feedback about communication, is communicating with other clients of the vendor.

  • Company Culture

The company culture matters because it effects both employee longevity (as discussed below) and the culture of quality and customer service. Is quality and customer service engrained across the organization? Is it consistent? How is it taught, encouraged, and reinforced? It is hard to evaluate culture, so make sure to do your due diligence. One way to evaluate culture is to selectively pick a few consultants to talk with. If you can, do a random selection.

When you interview the consultants, it should become evident if the company culture is prevalent, if it is consistent across the teams, and if there is emphasis placed on it. Finding a partner with a quality focused culture can make the difference between success and failure.

  • Average Duration of the Team

Turnover can be a real issue in offshoring. Get stats on how much turnover the company has in a year and find out what the average duration is for their consultant base. Talk to several of the offshore consultants. Ask them about their tenure with the company.

  • Technical Certifications

Companies with employees with long tenure can experience another problem, complacency. The longer they stay with the company, the more comfortable they get. The more comfortable they get, the less they strive to stay on the cutting edge. That is not to say that all employees do this, but it happens enough that you should check. It is very important that when talking with the consultants you investigate what certificates they have, how old the certificates are, and what the company does to keep the consultants current with the latest tools and techniques, etc.

  • Innovation and Thought Leadership

Very closely associated with technical certificates is how involved and current the consultants are within the technical community. Do they publish articles, complete research projects, speak at events, train or mentors others, and/or participate in critical discussions. The more they participate with these type of activities, the more likely the consultants are to speak up, offer suggestions, provide insight, and provide critical thinking.

  • Sales Process

I know this sounds like it has nothing to do with delivery, but the truth is that the sales process will foretell a lot about a company’s delivery process. If the sales executive asks tough questions, if they manage the details, if they interview you during the process; it is generally a good sign that the company has mature processes and that they will manage the details of delivery too. If on the other hand, the sales process is loose and is being “winged”; you can bet that the delivery process will probably be handled the same way. Often times the sales process will predict what is to come with delivery, so pay attention to how they pay attention.

  • Point Solutions

If all of the other things mentioned above are present, than the more specific the expertise of the partner the better. My experience has been that the quality of the vast offshore companies that do everything are not as good as the niche companies that focus on what they do. A Microsoft based company, with experience in SharePoint for hospitals or healthcare will tend to deliver better results in this area, than a larger broader based company with lots of practices. But be careful, because these types of companies may not have all of the things mentioned above. When they do, the niche player is usually better at delivering the highest value.

Thank you for reading. I hope it helps. As always if you have questions, please do not hesitate to reach out to me at tommy.simon@careanalytics.com. I would also love to hear any feedback or suggestions on topics or ways to improve the blog. Until next time, I wish health, happiness, and prosperity.

Tommy Simon

President and COO of Care Analytics

What Is The Blockchain - Care Analytics

What Is The Blockchain?

By | Blockchain | No Comments

The crazy world of Blockchain and Bitcoin is heating up technology and with it the economy.

I am guessing that by now, unless you have been enjoying a long vacation in the Grand Canyon without reception, you have heard of Blockchain technology. If you haven’t, then you almost certainly will have heard of Bitcoin. Bitcoin is the first real-world use of Blockchain technology and has surprisingly been around for almost 10 years.

Bitcoin was originally invented because of a mistrust in the financial systems that was popularized in during and after the financial market crash of 2008. It was designed to be a direct to seller currency that avoided financial institutions or regulators and was, and still is considered, a safe financial trust transaction mechanism.

In the last few years, Bitcoin’s use has accelerated as more people are jumping in to embrace Bitcoin. Few people have a real understanding of either the fundamentals of the pseudo currency, or its much more interesting underlying technology – The Blockchain.

In order to understand some of the future uses and excitement around the Blockchain, it is helpful to understand in layman’s terms what Blockchain is, and how it works. You can think of Blockchain as a digital ledger, like a huge Excel spreadsheet. Anyone with a registered Blockchain ID is authorized to post digital transactions into the Blockchain.

When a transaction (or block) gets posted to the Blockchain, each additional block that is entered has a cryptographic hash of the previous block, along with the Blockchain ID of the originator, a timestamp, and the transactional data, which can be any format of digital data, including text or images.

Because each added new block also contains a valid digital fingerprint from the previous block (the hash), this inherently validates the information within the chain.

The term “immutable” is appropriate to the Blockchain, as information on the chain in a strong theory cannot be modified, it is written permanently and will live within the Blockchain forever.

Because the information within the chain is stored in a distributed fashion among many thousands of computers, any attempt to modify the Blockchain would be overwritten by the mechanism that is inherent to the Block, which is a consensus mechanism, where multiple computers would reject the modified block within any single rogue system.

For this reason, Blockchain is considered unbreakable and immutable, once a transaction has been written, it cannot be modified, not even by the owner. Only time will tell if this theory holds true.

So what do we have so far?

Well, we know that we can place a digital transaction onto an unchangeable ledger and that we can, as part of that digital transaction, send a digital record to another known Blockchain ID, someone that we owe money to or want to buy goods from – that is essentially what Bitcoin is.

I am sure that some of us have seen those long ID’s that people have started posting on their blogs and streaming sites, these are typically between 26 to 35 characters, with only numbers and characters being allowed.

These are Bitcoin ID’s. If you wanted to donate bitcoin to one of these sites, you would create a transaction within the blockchain that sends a coin or a fraction of a coin to the person you are donating to. Sometimes there is a more friendly QR code that we are also used to, that represents the underlying Bitcoin or Blockchain ID.

One of the interesting things I feel that I should explain, is that the current size of the Blockchain is around 10Gb. This data is stored on many thousands of computers. One of the problems associated with storing that amount of data, is that processing that much data, along with the complex mathematical algorithms used to compute the ciphers, requires an enormous amount of computer processing power.

It has been stated that the amount of electricity currently being used to maintain the Block is more than the entire country of Norway’s electricity consumption.

We are also seeing new companies setting up huge computer server farms in obscure areas like Iceland and Quebec, Canada. Iceland has a huge, almost unlimited supply, of geothermal energy which enables them to provide electricity at a fraction of the cost of what we are used to in North America, and Quebec achieves its advantageous position for Bitcoin. For Hydro, in Quebec, the bitcoin boom may be too much of a good thing.

Canada’s largest electric utility has been inundated with requests to supply electricity to cryptocurrency miners eager to set up shop in Quebec — more than it can deliver. Chief Executive Officer Eric Martel has “received hundreds of applications” from such ventures in the past few weeks, which would need more than 9,000 megawatts of energy– about one-quarter of the utility’s total generating capacity of 37,000 megawatts.

As with every fledgling technology, it has attracted many different types of companies, all evolving around the crypto currency use case, where at least 40 competitors to Bitcoin have sprung up. Many of these currencies are launching what is a new term for an initial public offering – termed an “ICO” or initial coin offering.

Most of these 40 currencies have market caps exceeding a billion dollars, so there is a lot of speculative interest in crypto currency trading and additional derivative uses have also grown because of the massive demand for privacy and secure transactions, (unfortunately, not all legal).

Cryptocurrencies are just scratching the surface of what Blockchain technology is capable of advancing.

It was recently reported that the Cosmetics and Apparel company Chanel took in several handbags as exchange items toward the purchase of a new handbag, some were for prices as much as three or four thousand dollars. The bags were evaluated by Chanel’s own experts, and found to be authentic Chanel products, only to be later revealed as very high quality forgeries.

A Blockchain tag, sewn into the lining of the bag would offer complete protection against duplication, as the digital fingerprint embedded on an RFID chip could not be replicated.

Blockchain technology could replace traditional money transfers like Western Union and PayPal, with direct party to party transactions that remove the middle man, (and therefore their fees), from the transaction – all at the speed of light. Blockchain technology has the ability to provide an un-hackable electronic vote-counting system. This system can secure an election during voter registration, and can account for the voter’s identification and insure votes cannot be tampered with at a later date.

In the same way Blockchain acts as a public ledger for cryptocurrencies, it can also create a permanent and public ledger for votes as tallied—promising a future of truly democratic elections around world.

The archaic technology in hospitals creates unnecessary issues for medical patients and their records. MedRec is a perfect example of what blockchain is looking to improve within healthcare. According to MIT Media Lab, MedRec is, “a novel, decentralized record management system for EMRs that uses blockchain technology to manage authentication, confidentiality, accountability, and data sharing.”

I foresee the day when a Public Health Records System could be stored for every man woman and child in the world in one incorruptible database using the Blockchain technology – and when you want to share your medical records, you would simple send a trusted one-time use public key to the doctor, lab, or pharmacy that you wanted to provide access to your records.

For now, some of us will be checking our Bitcoin values daily (not me), but there seems to be a true consensus forming that Blockchain technology is not just here to stay, but will be responsible for a digital transformation that, when combined with Cloud computing, – can only be imagined – until the day it becomes a reality.

During the course of my research for this article, I came across a very easy to understand description of how The Blockchain technology works, for non-technically minded people.

Mark Richards
Solutions Architect
Care Analytics

Top Internal Usage Scenarios for Outsourcing - Care Analytics

Top Internal Usage Scenarios for Outsourcing

By | Business Solutions | No Comments

In previous blogs, we have discussed why companies outsource, and when they might want to nearshore. In this blog, let’s talk about the six use cases for outsourcing/consulting. These are:

  • Deploy New Technology
  • Support Planned Initiatives
  • Support Unplanned Demand
  • Prototyping and Proof-of-Concepts
  • Multi-Level Operational Support
  • Major Projects and Legacy Modernization

We will briefly discuss each of the scenarios and the dynamics that are involved.

  • Deploying new technology – This usage scenario happens to all companies, but there are two specific situations that are of interest. First, large companies who are making a change in direction in a business technology. They need to reload with new skills to support the new technology, but it is hard to turn the technology ship quickly. So companies need to bring on expertise from the outside to augment, work with, and mentor the current technical teams.

The second type of company is one that is growing fast. They are implementing new technologies rapidly. In this situation they will probably leverage the outsource firm to be the technology expertise and let their internal teams be the business domain experts.

In both situations, the advantage is that they can acquire the technical expertise rapidly. It is similar to a leasing model. You need something quickly, but you do not want to buy until you know it will meet your needs. Or in this case, know if the need for technology expertise will continue. It allows you to move more quickly than trying to get an internal team ready to implement.

  • Supporting Planned Initiatives – This usage scenario usually occurs when there is planned stopping and starting, burst, or seasonality. For consulting companies this is harder to manage because they will be starting up and ramping up several times over the course of a project. Therefore, it can be a more costly option unless there is an appropriate level of forecasting and planning.

There are two types of engagements where this scenario is usually used. The first is when there is a large project development and/or deployment. Rather than hire additional resources for a year or two, companies will engage to add resources to fulfill the project. The other type of project is when companies have planned fluctuations in demand (and example might be a call center for Christmas Cookies). In this case, they will use outsourcing to level out the supply and demand curve during this flex time(s).

The advantages to using an outsourcing model for this scenario is that you can reuse workers from season to season, keeping the knowledge and reducing the amount of training needed. Rather than hiring and training a temporary workforce every season, you can leverage the outsourcing company to shift experienced resources to meet your demands. It also allows you to keep the amount of internal resources to a minimum.

  • Support Unplanned Demand – In this scenario the company needs the partner to help with daily fluctuations and peak intervals in demand. These are usually break fix and backlog type issues. They tend to be small in nature, have multiple occurrences, and require immediate attention. Most companies will handle this scenario by purchasing blocks of hours and minimum monthly service contracts which can be used as needed.

The main advantages of using this type of engagement is that you have faster response times, lower risk due to capacity issues, and your key resources can focus on critical, value added tasks rather than support and maintenance.

  • Prototyping and Proof-of-Concepts – POCs and prototypes can be costly, have multiple failures, and require new skill sets. Companies will use outsourcing to build POCs to protect themselves from the cost of building an infrastructure prior to deciding to proceed with the idea or product. Companies also want to reap the benefits of outsourcing companies who have specific expertise in building rapid prototypes.

These companies have processes for shortening the R&D cycle and developing the product, system, or component. Large companies may want to use outsourcing prototypes as a way to speed up getting a product to market. Smaller companies may look at this model as a way to get new expertise while lowering the cost to prototype.

The advantages of this approach is that you get expertise now, you do not have to make long term infrastructure investments before you decide to proceed, and you gain the knowledge of firms who are experienced with creating prototypes. This way, the company gets the expertise it needs, without the long term commitment.

  • Multi-Level Operational Support – In this model a customer will engage with an outsourcer to monitor and manage a department, function, or system. These types of agreements are managed by SLAs and are typically more complex and multi-year arrangements. Companies will engage in them to lower costs and to free up their internal resources to work on more strategic activities.

These types of support agreements are most often made with large corporations with very large IT organizations, or they are made with very small companies with little or no IT help. Mid-sized companies should take more advantage of the benefits of this type of arrangement.

Advantages for the operation support model are the lower cost and the ability of the internal teams to work on more strategic projects.

  • Legacy Modernization – Legacy modernization is a unique type of engagement. While it is most similar to planned usage, modernization projects typically have their own lifecycle. The lifecycle will typically start with support, then move to operational maintenance, then move to planned usage as a project launches to replace the system. These projects are typically part of an overall modernization plan where multiple applications are systematically modernized and the old systems are retired. Legacy modernization projects are usually for companies who are mature and have been established for at least 15 to 20 years.

The advantages of having offshore companies work on legacy modernization is that it allows you to train the internal staff on newer technologies, while the outsourced staff works with the older technology. Additionally, these are typically long and costly projects, so working with outsourcing companies should lower the overall cost of the engagement. Finally, there are many outsourcing companies that have experience and expertise in modernization type projects.

In summary, there are six scenarios most often used to justify using outsourcing. When determining if you would like to outsource, you must determine if any of these scenarios meet your current business needs and you have projects that meet these criteria. Here is a diagram that shows the six:Six ussage scenarios for offshore - diagram - Care Analytics So that is all for this blog. I hope it was helpful and informative. If you have any questions, comments, or input, please contact us at info@careanalytics.com. We welcome all feedback. Until next time, I wish you health, happiness, and prosperity.

Top Internal Usage Scenarios for Outsourcing - Care Analytics

A Flexible Delivery Model

By | Cloud Solutions | No Comments

Recently, I was participating in a conversation with a CEO group regarding consulting and how few companies can deliver what they commit to. Somewhere in the conversation, I mentioned the importance of delivery flexibility, and had one CEO challenge me to explain what a flexible delivery model really was. I answered it and we moved on and had a very productive conversation.

But later I started to think through my answer and I began to ask myself what a flexible delivery model really means, and what does it really matter to successful delivery. So in this blog, I am going to explore what I think a flexible delivery model is, what types of delivery types make up a flexible model, and if/how the model can help. I hope it is informative and helpful. I also hope you will provide your feedback and thoughts. So with that, let’s get to it.

What is a Flexible Delivery Model?

The simplest explanation of a flexible delivery model is that you change the way you deliver a project depending on what the client needs are and the project dynamics. You will use different methods to deliver a project based on the business requirements and technical demands of the project. While this is true, and it makes complete sense, it really does not go far enough.

Flexible delivery goes beyond just changing the method of delivery. A flexible delivery model also refers to what type of project you will use. Or more accurately, it refers to how you build the team and assign resources. Having flexibility in how you build and engage with the team is a key component for delivery flexibility. Delivery flexibility also encompasses how you bill or charge back a project.

Depending on the needs of the customer or internal departments, you may decide to bill, or charge back, using various different methods. By providing this flexibility, you align cost with actual behavior and you may enable the client to begin a project that would otherwise be rejected or put on hold. So financial flexibility is part of the overall delivery flexibility. In fact, all of these individual things are components that make up a flexible delivery model.

In short, a flexible deliver model refers to how you attack solving the problem, how you build your team to deliver the solution, and how to best charge those costs to the client (whether internal or external).

What types of basic delivery options are there?

There are five types of delivery options that can be used in a flexible delivery model. The delivery options are based on how the delivery team is structures. They are:

  • Assigned Resource(s) – On or more resources are assigned to a client or project for an extended period of time. An example would be if you assign three Workday resources to a two year implementation. There can be various billing options like hourly, daily, weekly, monthly or quarterly rates.
  • Pooled Resources – An allocation amount of effort (usually in terms of man hours) are agreed to for an extend amount of time. An example would be when you hire a company to provide one thousand hours of Java development per quarter for the next three years. The vendor will allocate those hours to you and ensure that the resources are available as planned.
  • On-Demand Resources – Resources are provided as needed. This is usually to provide temporary support for peak times. For example, you may buy a support contract for 100 hours a month to cover any network outages. Or you may pay for 100 hours of call center support to cover those times where there are more than 10 calls in a queue. This is usually paid on a per usage basis or as a managed contract with a minimum amount per period (weekly, monthly, or quarterly). Companies who have seasonal fluctuations tend to need elastic resources to manage changing demand levels.

They will forecast their needs in advance and schedule resources to cover those forecasts. Once they know if they need more or less than the forecasting models predicted, they will rapidly increase or decrease resource loads.

  • Elastic Resources – Elastic resource allow you to spin resources up or tear them down within short period. Think of a resource cloud. You add more resources as you need them and if you ever have too much bandwidth, you reduce the team size. Staffing is one way of doing this, but it is not an efficient way. Staffing takes a while to get someone started and you do not want to get a reputation for treating the contractors badly by eliminating them quickly. There are better ways to provide the elasticity.

Companies who have seasonal fluctuations tend to need elastic resources to manage changing demand levels. Most of the companies who are effective at this model have someone at least part time at the client so they understand the culture and requirements.

They, in effect, are the engagement manager and the HR manager. When a client needs to add a new person, all they need to do is to contact the onsite manager with an authorization. The onsite lead will coordinate identifying the right person and starting the project quickly. They will transfer all the relevant customer culture and procedural information to the new resource.

  • Usage Based Resources – Think resource as a service. Rather than paying or requesting resources, you pay by the resource task and the vendor charges you a price for the service. The vendor then becomes responsible for managing to the service cost and SLA. In a since, fixed price projects would fit this model.

This can be a good model for companies that are mature and have a handle on their cost accounting. The vendor likes this model because it allows them to try to manage to better efficiency. It is a shared risk model.

What types of project delivery are there?

There are also at least six types of project delivery methods as well. They are:

  • Augmentation – The vendor provides their resources to augment your team
  • Outsourcing – The vendor assumes responsibility and they become your team
  • Project Delivery – The vendor uses their resources to deliver the outcome you need
  • Product Development – The vendor team manages either the development of, the QA for, or both development and QA for a reoccurring release schedule. This is must delivery scenario. The vendor is basically charging a set price for a set of agreed to functionality on a reoccurring basis.

This becomes a shared risk model, but there must be reliability as the company is marketing the functionality in a release well before it is set to release.

  • Managed Services – The vendor provide a certain amount of resource units per a specified time period. (ex. 30 hours a month for network support). This is typically used to manage ongoing systems and applications. Help desk services are the most common of the managed services categories. Managed services are also moving into the …as a service model. For example, mobility as a service, IT as a service, or procurement as a service.
  • Block of Hours – Much like a managed service, the client buys a certain amount of units for a specified period. However, there is no regular interval for the hours. The hours are used when needed. For example, if a client buys 5000 hours of development time for a six-month period, they may use all of the hours in the first month, the last month, or anywhere in between.

Does a Flexible Delivery Model even matter?

For years I have been touting a flexible delivery model as being key to delivery success. Was I right? Well, to give a consulting answer; it depends. It will help in some cases and in others it will not. When you get right down to it, a partner delivery model doesn’t matter one iota if they do not have quality resources.

It always comes down to the people. If you got good ones, you will be a good delivery company. If you don’t, you will never be good at delivery no matter what model or methodology you use. So, if you do not have good consultants, a flexible delivery model is irrelevant.

But what about those companies that do have good consultants. Will a flexible delivery model help them and if so, how? I believe it will for several reasons.

  • First, it allows you to match the project demands and the client’s capabilities with the best way to meet those demands. If the project requires periods where there is no work, and then there is rapid deployments, then an elastic delivery model is perfect for that. If the vendor is familiar with this model, they will have the appropriate tools to help predict the demand, and they will have processes for starting up a team quickly.
  • Second, a flexible delivery model will match balance cost and risk. For example, if the company has high risk because they do not have experience in application development project in a new technology, they can use a fixed price, assigned resource approach to eliminate the risk. They may even be able to use a product development approach. This will cost a little more money that the other methods, but it will reduce, if not eliminate some of the risk they face.
  • Third, a flexible delivery model can help clients get projects out to market faster and they may allow them to do more projects overall. I just had a client who wanted to outsource a project, but there were severe accounting constraints on capital expenditures. But this was an important support contract and the CIO was in bind looking for a solution. We set down together and look at various delivery options.
  • We finally found one that met his budget, his goals, and his accounting requirements. One of my partners signed a three-year support contract with him and everyone is happy. But without having a lot of options available to me, I probably would have never found the right one for the client.

So in summary, I do think that a flexible delivery model can be helpful, assuming the delivery company has good people, processes, and methodologies. It allows the delivery team to customize an approach to meet all the needs of the client organization.

Thanks for reading this. I hope it was entertaining and helpful. Please let me know if you have anything you would like to add, or you just have feedback or comments. Until next time, I wish you health, happiness, and prosperity.

Tommy Simmon
President & COO
Care Analytics

The Top 10 Reasons to Nearshore - Care Analytics

The Top 10 Reasons to Nearshore

By | Business Solutions | No Comments

In this week’s blog, I will discuss the advantages of nearshore vs. offshore and when it makes sense to use nearshore.

Before I begin, I want to emphasize the positive role that offshore can play in reducing costs and increasing output. There will be times when offshore is the right option. Offshore operations offer access to large numbers of qualified workers that can efficiently handle straightforward business processes and software development tasks.

Businesses small and large have repeatedly realized sustained cost reductions by outsourcing various mundane and repeatable tasks. By outsourcing these tasks they can save money and they can focus time on critical business activities. It allows key people the opportunity to work on the highest value activities.

Here are some of the top reasons why companies should outsource:

  • Allows companies to focus on Core Business Functions once non-core activities like administration and back-office are outsourced.
  • Overhead and cost reduction.
  • Assists in controlling functions that become operationally uncontrollable and/or unsustainable.
  • Provides resource flexibility and capacity management, which allows companies to adjust quickly to market dynamics.
  • Frees up capital by reducing investments in technology, infrastructure, and people that make up the bulk of a back-end process’ capital expenditure.
  • Allows an organization to invest in more market opportunities, which can enhance returns on investment

Offshore is a fit when used for systems and tasks with relatively low levels of business impact and customer interactions.  After all, if your company is building an application in a fixed cost, penalty protected manner, do you care where it is developed? You just want the product, built with a standard of quality, and delivered in a certain time frame. It is up to the vendor to determine how to best do this. Typically, offshore is also best utilized when cost reduction is the major decision criteria.

But many outsourcing arrangements do not fit this model. In these projects there is a need for a high degree of collaboration, product management, joint development, and constant communication. This is where a nearshore model can have some very distinct advantages over offshoring.

The conversation between business executives and outsourcers has also begun to change from discussing how to achieve cost savings to discussions centered on revenue growth and opportunity recognition. It is not enough to just save money, but how is the vendor impacting the services, products, and solutions a company provides and how they are helping engage new and existing customers. Is the outsourcing company helping the client learn more, improve the process, and positively impact the end customer? Basically, the conversation is how do you help me grow my market share?

With these dynamics in mind, let’s jump into some of the advantages of nearshore.

Top 10 reasons for nearshoring:

Both nearshoring and offshoring tasks can provide significant savings, but there are advantages to nearshoring that can work better for many companies. These advantages principally revolve around the similar time zones, low turnover, ease of management, better collaboration, and cultural affinity.

But before we discuss the top reasons for nearshoring, let’s briefly discuss some that are NOT advantages. Many reasons given for nearshoring are just regurgitation of reasons for outsourcing. Some examples include:

  • access to universities and great resources,
  • technology friendly (or hub of technology geeks)
  • a modern infrastructure,
  • a great place to work
  • world class methodologies, or
  • focus on quality assurance

But is a good QA process really better in Columbia than it would be in India? The truth is that most cities that outsource IT functions have all of the things mentioned above. What big city doesn’t have a great university? None of the reasons above are differentiators in deciding whether to use nearshore over offshore. After all, who has more qualified IT people than India or China? So just having access to resources, infrastructure, universities, and a great location is not enough to justify nearshore over offshore. They are good to have, or must haves actually, but they are not differentiators.

But there are legitimate reasons for nearshore, otherwise, all IT would just be done in China and India. So why is Google, AT&T, Apple, Oracle, IBM, ect., investing heavily in nearshore?

Here are my top 10 advantages that I believe nearshoring offers.

  • Similar Time Zone
  • Agile Oriented Development Centers
  • Lower Turnover
  • Cultural Affinity = Higher Value Consulting
  • Innovation and Intuition
  • English Language Skills
  • More Collaboration, Better Relationships
  • Ease of Management
  • Fraud Prevention, Patent and Copyright Protection
  • Reduced TCO (Faster Time to Market)
  • Similar Time Zone

Is time zone similarity really an advantage? The answer for most clients is yes. Here are some common reasons why being in a similar time zone makes a big difference:

  • It allows companies to leverage an Agile methodology without fear you will lose key resources
  • More opportunity for travel and face-to-face interaction
  • Prevents turnover in project/staff leadership caused by unusual working hours
  • Better response times
  • Overall communication improves

A common issue with traditional outsourcing engagements is that transparency into the team’s ongoing project efforts devolves into a “black box” partnership where clients have little insight into the quality, cost and delivery of their projects. As a result, companies are trying to move their development methodology to a more iterative, agile approach.

While we are not going to cover the advantages of Agile in this blog, (but if you are interested in that topic, please send us an email and we will send you a document that compares methodologies and lists the benefits of an Agile approach), for the purposes of this blog it will suffice to say that Agile development requires that the team of developers are in constant communication.

The problem with using Agile in a traditional offshore model is that you are now asking the development team to work night shifts. While during the infancy of outsourcing, this wasn’t a problem. But it now leads to extraordinary high turnover rates (over 50%). Any consultant in India who is good, does not want to work the night shift and they don’t have to.

Consultants we would consider to be an A, or even B, player are just not available for night shifts any longer. There are too many options available to them and they will jump to another company quickly if asked to work nights. Most companies have just stopped putting their good consultants on the night shift so they don’t lose them. What is left to work the night shift are inexperienced graduates, or C players.

So the biggest advantage to nearshoring is the ability to leverage an Agile methodology. Developers in the US, as well as offshore, can participate in the daily sessions and work during normal business hours. They foster tighter relationships and learn from each other. And rather than getting a C player working the night shift, you are able to get the best and the brightest.

Now I have been asked about South America being a couple hours ahead. But the truth is that in LATAM working a shift that starts at 10:00 or even noon is often preferable. Dinner is traditionally much later in the day than in the US.

Another benefit of being in a similar time zone is that travel is usually easier and cheaper than in a traditional offshore model. Nearshoring can allow a company’s internal staff and external developers to meet in person more frequently. In the traditional offshore model clients rarely visit the vendor. Usually when they do visit, it is at an executive level.

There is usually very little face-time between project managers and offshored staff, which often results in misunderstandings about the direction a project is taking. Nearshore offers the opportunity for project managers to visit their team regularly, and it allows companies to rotate staff easily. In addition, temporary work visas take weeks rather than months or years. All of these make face to face interactions more readily available. That in turn, makes project success more likely.

An additional benefit of a similar time zone is that your onshore project leads, architects and project managers no longer have to have meetings early in the morning or late at night. I am friends with one project manager who had a standing 2:00 A.M daily call. The individual was a very good PM, so I was not surprised when two months later he accepted a job with another company.

It is hard to retain top talent while asking them to keep awkward hours. If you can retain them, you will have to pay them well to do so. Having a nearshore option allows these key resources to work standard hours and enjoy their lives. This will certainly lead to higher retention rates.

One of the problems often mentioned with traditional offshore is the lag in response times. Whether a simple fix, update or status, onshore resources have to wait until the next day to get updated. In contrast to offshoring, nearshore development teams have the ability to communicate with internal staff in real time. This means that easy fixes do not have to wait for an isolated team to take a half day to get an answer or find a solution. By eliminating the time difference problem, nearshoring providers can offer optimum response time SLAs.

But it is not just the project team that benefits from real time communication. Being in the same time zone allows more frequent communication with the executive teams, HR and administrative teams. This promotes an environment of communication and collaboration that is much different from the traditional “Black Box” approach of offshoring.

So being in the same time zone allows organizations the ability to use the latest Agile methodologies and techniques, provides access to the best resources, and fosters more seamless collaboration between the two organizations.

  • Agile Oriented

What lead to the start of the nearshore market in the first place?  Much of it was driven by companies who were early adopters of Agile. They were faced with a decision of implementing Agile using C players in India or using A players in South America. Because of this the entire nearshore ecosystem adopted Agile from its inception.

Today the leading nearshore vendors are also the leaders in Agile methodologies and techniques. So not only does being in the same time zone lend itself to conducting Agile processes, but many of the leading Agile thought leaders work for nearshore vendors. It has been my experience that many of the nearshore vendors can teach/train most US companies on the tools, techniques, and processes needed to implement Agile.

This indoctrination of Agile throughout their teams and organizational culture is a clear advantage for these companies.

  • Lower Turnover

One of the issues that has occurred within the traditional outsourcing model has been the extremely high rates of attrition. We mentioned the fact that consultants in India would not work night shifts or they would leave, but that is just one small contributor to the overall problem. I was reading a white paper that claimed that the turnover in India was as high as 50% in 2013.

Whether the rate is over 50% or not, one thing is for sure, competition is high in India and it continues to grow. At a minimum average turnover is well over 25%. Companies are using every recruiting advantage, tool, or trick they can.

Contrast that with nearshore options with attrition rates are less than 12%. So why are turnover rates so much lower? Don’t underestimate the importance of family in the LATAM markets. Family is very important there and organizations that support these family values tend to retain talent for long periods.

Whatever the reason, having lower turnover allows nearshore organizations to retain the knowledge, maximize their training investments in nearshore consultants (it is frustrating to invest time and money in training a new resource, then they leave), and fosters communication as onshore teams develop long term relationships with offshore consultants. This allows more stability and consistency in delivery. This is a substantial advantage that nearshore has over traditional offshore models.

  • Cultural Affinity

The benefits of having a stronger cultural affinity can be realized in several ways. Nearshore is becoming increasingly popular for companies that need outsourcing for services/applications that have a greater effect on the business and its customers. Business processes with a strong customer focus are intrinsically tied to overall business success. This is where the companies need suppliers with a more cultural affinity. They require a much higher degree of affinity than processes involving repeatable, mundane tasks.

So what are the other advantages of cultural affinity? Higher affinity allows for the nearshore consultant to engage in much higher level consulting activities. The ability to understand the cultural nuisances improves one on one communication tremendously. It helps to create personal bonds more quickly. Because of this affinity, a consultant in a nearshore model often has the capability to talk fluently with internal and external customers.

A high degree of cultural affinity allows companies to now outsource processes with a customer focus and even customer interaction. Things like workflow automation, where client engagement is high, become possible. Building mission critical apps in nearshore has much less risk than doing so in Asia. Why? Because the amount of communication needed with the business is much higher with mission critical apps. Having the cultural affinity helps in these conversations. So, in short, having the cultural affinity allows you to work on higher value projects.

Another interesting dynamic of cultural affinity is that customers tend to have more patience with someone from a nearshore facility vs. outsourced facility. Haven’t we have all done it? We have been transferred into an offshore customer service facility and immediately have a negative reaction as the rep, who is obviously from an offshore location, starts reading their script. But call into the same center and have someone from a LATAM facility answer. We have much more patience and a more natural connection to that person.

Another advantage of having a higher degree of cultural affinity is in understanding regulations and business norms used in standard operating procedures. The regulations that often drive business processes and regulation-driven reporting. The higher degree of regulation, the higher degree of affinity needed. If you take this beyond one process, you can understand why most offshore companies do not provide vertical expertise.

Typically nearshore players tend to provide more vertical expertise than the traditional technology based offshore firms do. This is due to nearshore sharing a culturally affinity that allows for a more natural understanding of the vertical regulations and business norms in the US.

  • Innovation and Intuition

From the inception of the nearshore industry, innovation was a key factor in why companies were selecting nearshore companies over options in Europe and Asia. Newer technologies, newer methodologies, and R&D labs were the norm. Many companies would rather conduct R&D in LATAM than in Eastern Europe and Asia for the obvious security concerns.

Because LATAM was research focused from the beginning, it has fostered an air of creativity and thought leadership that is engrained into the technology culture. I cannot verify this claim, but I read a stat that said 30% of the design work in Silicon Valley is coming from Argentina.

Whether the stat is actually true or not is irrelevant, what is relevant is that right now some of the most creative design professionals are coming from LATAM. Their artistic and creative culture is being seen in their designs. Design, creativity, and research all lead to innovation. These are three things that LATAM have in volume.

But innovation without intuition is useless. One of the biggest complaints about offshore is the lack of intuition in their work. I believe this is due to the offshore industry protecting itself by compelling clients to have exact requirements. After all, who needs intuition if you have an exact instruction set that must be followed to the tee. So the programmers just code to the specification guide and do not ask questions.

I know a company that turned over specifications with known flaws in them. It was a trial run, an beta project, to select a long term partner. They went to several offshore companies in Europe, LATAM, and India. They wanted to see which vendor would raise their hand and question the mistakes. Sure enough, most of the companies in Ukraine and LATAM questioned the design flaws.

The companies in India, of which there were three selected to participate, all failed to question the design. They all just coded the bugs into the application. This is a great example of having intuition and the cultural proclivity to question. It is also an example of the differentiation between LATAM and Asia.

The leads in LATAM seem to come forward with ideas for frameworks, tools, and other ideas that can be implemented to add value. They are innovative, vibrant, and intelligent. They want to find creative solutions. They have come to us and tell us when they think clients are making mistakes. They suggest new ideas or approaches. There is an environment of innovation and intuition that inspires a can-do attitude. This is a real advantage of the nearshore model.

  • English Language Skills

As with most offshore facilities, the language skills with some consultants are better than with others. This will be the case no matter where you decide to outsource work to. In the past, it really did not matter as much because your onshore PM would work with the PM offshore. Your onshore architect probably worked solely with the offshore architect. But as more companies are going with Agile, the communication skills of all of the developers is becoming more important. You want team communication at all levels and with all resources.

Clearly, in aggregate, nearshore offers a much broader pool of resources with higher English capabilities than in Asia. There are many published reports available that verify this. If you are interested in learning more about these reports and having a world map with English proficiency ratings, please just email us and we will send a copy to you. Most nearshore vendors have accent reduction tutors that work not just on language skills, but the accent, pronunciation, and colloquialisms common in the English language.

Most LATAM schools now teach English as a second language as early as 1st grade. The result is that most consultants working in a center will have a high degree of English language skills before their first job, and they will continue to get training throughout their career with the vendor. So the overall language skills of the team of developers in a LATAM operations are much higher.

  • More Collaboration, Stronger Relationships

Nearshore provides for more meaningful collaboration between organizations. Benefits include:

  • Consultants work same shift and can interact real-time
  • It is easier to travel to the offshore center
  • Easier to get work visas to bring vendor consultants onsite

Developers and project managers can talk to whom they need to, when they need to. Cross functional teams can collaborate in real time, consultants can participate in internal meetings, and interact with business users as necessary. This allows individuals across the organization to forge strong relationships with the nearshore team.

The stronger the relationship, the higher probability of success for projects. In the past, interaction between the onshore and offshore teams was limited to team leads and architects. Interaction with the offshore development team was almost non-existent.

With nearshore, not only is it possible to have communications with any team member at any time, but having face-to-face interactions is also much easier. Studies show that face-to-face meetings with staff help mitigate risks and reduce costs related to project overruns and unhappy users.

Face time will help to deliver better results and prevent setbacks such as fixing or rewriting code, revamping business processes, or project failure. More channels of communication are possible and that should lead to higher project success rates.

One of the biggest advantages for nearshore is the ability to get work visas quickly and rotate staff onsite. Many of you are probably aware of the issues with H1bs. Trying to get resource onsite is difficult. Even temporary visas take months. But with NAFTA and other trade agreements with LATAM countries, work visas takes a couple of weeks. So if you need a resource to be onsite, you can typically get the resource onsite in a week or two. This provides a real advantage.

We have seen clients be very successful when they rotate consultants. So let’s say there is a two year contract and a client needs a lead and 5 developers. They bring the team lead over and several of the developers. They leave one person to be onsite for the first 4 to 5 months, then they rotate the next person. This allows every developer to get time at the client, to develop relationships, and to understand the culture of the organization.

This approach always has a higher success rate than pure offshore engagements. There is an added advantage as well. Because the team knows the client, they can jump to other client projects and deliver the next project. So the investment in time is rewarded with multiple successful engagements.

  • Ease of Management

With traditional outsourcing engagements the onshore project manager is usually coordinating with a project manager in the offshore center. The offshore project manager will then direct the team. The onshore project manager has much less visibility into an offshore project than they have with onshore projects.

Not only is project visibility an issue, but newer project management techniques cannot be leveraged because traditional offshoring requires defined, detailed requirements that lend to a waterfall methodology.

With nearshoring, the project manager can talk to every team member to get clarifications in real time. They can schedule as many team reviews as necessary to manage the project and they do not need to wait until the following day to get status updates. Most importantly they can leverage scrum and other project methodologies that assist in an iterative approach. In short, nearshore provides the PM an opportunity to manage the project, not just get updates about the project.

  • Fraud Prevention, Patent and Copyright Protection

Stories of patent and copyright theft in Asia are prevalent. While our government tries to enforce international laws and treaties, not much can be done when intellectual property is stolen. To make matters worse, I saw an article in the US News that China is now creating a “CIA” like organization meant to fight terrorism. It further went on to say that China was in the process of enacting a law that made it mandatory for technology companies to give access to their servers to this new organization.

I had to reread the article. Talk about a license to steal. I would never do business with a technology company in China. Not if that law passes. Anything that is on the server of a company in China, is now free game for them to access. I am not sure why there isn’t more of an outrage. But, irrespective of whether the law goes into effect, the threat of theft is real when you decide to outsource to Asia. Not only do you have to worry about the company you work with, but each team member could be planning on taking your IP.

Most nearshore countries (especially NAFTA countries) have stricter laws protecting intellectual property rights. They are more likely to work with the US government to enforce trade regulations. Every country is different and has varying levels of cooperation (I probably would not outsource in Venezuela for example), so strict attention should be paid when selecting a country to nearshore with.

  • Lower TCO

All of the points above lead to this final advantage. TCO is actually lower. Rates in a traditional outsourcing engagement in Asia are typically 15 to 20% lower than nearshore. So how is there a lower TCO? The answer is simple. Faster to market cycles. By increasing output by 20% to 25% nearshore will actually reduce the cost of outsourcing. How can you increase output by 25%? By capitalizing on all the advantages above. An Agile approach teamed with better communication lead to higher quality work and less rework.

This leads to getting a final product out quicker. The intuition we mentioned can lead to better quality product that can increase sales or lead to higher client satisfaction. Less turnover will lead to a shared knowledgebase that gets better over time. This will allow the team to produce more output faster. And the ability to provide offshore consulting for high value processes, mission critical applications, and customer facing applications at an affordable cost will lower the overall consulting spend.

These processes have traditionally been performed by onshore consultants with high rates. By transferring these processes nearshore the overall total cost of consulting should decrease. So while the rates for nearshore are a little higher, the value and output can be higher and the TCO should be lower.

So that is my top 10 list for nearshoring. I hope it helps you as you make a decision on what and when to outsource or nearshore. As always, we would like your thoughts, opinions and comments. Please email us at info@careanalytics.com if you would like information about anything we covered in this blog. Until next time, I wish you health, happiness, and prosperity.

A Salute To The HealthCare Innovators - Care Analytics

A Salute To The HealthCare Innovators

By | Healthcare Solutions | No Comments

Innovation. What is it? Why is it important? How do you encourage, develop, and leverage it?

It seems every company we visit tells us about the importance of innovation. There is a need to innovative their business and industry. They even have a program, division, or group designed to “find” new innovation.

But when we ask what innovation is no one seems to really know. And when we ask how to find it, there are a myriad of answers, with very few demonstrable results.

When we talk about how they are going to “find” it, they usually refer to the same techniques everyone else uses. In fact, they talk to the organization down the street about it. The same organization who is asking the organization on the other side of town. Of course the organization across town is asking the organization we are talking to about it. So it’s a big circle that fosters a myopic mindset and produces very little innovation.

In my experience, innovation is one of those things that you just know when you see it. Unfortunately, if you don’t see it, you will never know it’s there. So finding true sources of innovation is as much about having an innovative approach for searching for it as it is for developing it.

The good news for those who are first to innovate is that you can help others find these innovations. The difficulty is that it takes significant money to create marketing campaigns and targeted messaging to educate the masses. It can be difficult for an organization to spread the word about their innovation.

I believe that is part of our mission at Care Analytics. We have the opportunity to work with some unique and innovative organizations across the country and across the entire healthcare and life science industry. We believe it is our mission to spread the message about these new and exciting innovators. Furthermore, we can help connect innovators and create new solutions and models.

To be an innovator is something you are at your core, either as an individual or an organization. It is a hard road to be an innovator. But these are the people who bring change to our world. They better it for you and me. So we at Care Analytics would like to salute the innovators around the world. May you have continued success.

If you are a healthcare innovator and would like us to help spread the word about your product, process, procedure, or tool, please contact me and we will gladly put your innovation in a webinar, white paper, and on our social media platforms.

All the best. And keep innovating.

Tommy Simon
President and COO
Care Analytics

Meltdown & Spectre - Care Analytics

Meltdown & Spectre – What you need to know

By | Data Services | No Comments

Today I woke to the familiar ping sound of my phone alerting me to an incoming email –  I relaxed a little when I could see it wasn’t a failure alert. We have plenty of alerting monitoring tools and there is usually something going on that begs some tender loving care, sometimes I even have to open two eyes.

It was a news article from my CFO. Of course, I would never tell him that this was usually a “one-eyer”, this one was something about the latest security alerts in a NY Times article regarding “Meltdown” and “Spectre”.

When I finally woke up enough, I engaged the other eye. I quickly figured out that Meltdown and Spectre, were nothing to do with “James Bond” and were also not the two latest scary characters from the WWE, they were just two more security alerts that seem to arrive all too frequently these days.

Usually, if it is just announcements that my credit cards or personal identity has potentially been stolen for the tenth time, I casually read it and move on, in the complete safety of knowing just how much money they could steal from my accounts. If they knocked on my door I would probably just hand it over to them anyway for being so “creative”.

Anyway, like it or not, as self-proclaimed “Security expert” it sometimes falls upon me to know enough to put a client or a friend, or this case, one of my bosses, minds at rest. Occasionally I have to act on these scare mongering news articles, and protect infrastructure that we are responsible for and respectfully owe our customers both eyes, sometimes more.

I decided to do some early morning research to see what “Meltdown” and “Spectre” were really all about, and just what, if any, action we, as a company, may have to take. I also thought it was a great idea to provide enough information to my friends and colleagues that they were reasonably safe from a Gremlin, or the Credit Card Reaper from visiting their digital wallets in the middle of the night. Which of course, then brought me to write this blog that you are now reading. So, with much (more) ado, here’s everything you need to know about the latest two digital drop outs to invade our Cloud and Mobile “happiness meters”.

Firstly, I think it Is important to point out that most of us are sadly used to the myriad of virus warnings that we see from time to time in the news, a lot of which is innocuous stuff, just drummed up to sell you the latest version of someone’s anti-virus protection.

Of course, lately, if you are running Windows, especially the latest version Windows 10, you are “pretty much” covered by Windows Defender, which is the built-in product that Microsoft now has in their Operating Systems to combat viruses. It does a good job, so these days it has become unnecessary to run additional tools, although some people feel safer running the latest McAfee or Norton or the one of the many tools still available.

Most of which do a really good job of not just picking up viruses, but also slowing your computer down to an intolerable crawl. But I digress….. So we all know about viruses, right?

Occasionally, the news is of a scare that is potentially more harming than a virus, and while these are few and far between, they do pop up from time to time. Meltdown and Spectre are two of these “threats” as we can collectively categorize them. In the case of a virus, it is a security risk posed by someone – a “Bad Actor” (Black Hat) has deliberately written a piece of code that can perform actions on your computer without you being aware of what they are doing.

Actions that may include sending passwords or bank account numbers from your computer to other bad actors who will then attempt to buy all the things on your account that you could never possibly afford! The thing about viruses, as most people have come to know, is that they really don’t just “happen” on their own, they are usually “activated” by the Computer owner clicking on a malicious piece of code, usually in a web page.

You clicking on that link (the one offering to make you rich) – was the “Activation Mechanism” – a HTML link has two elements, the “Text” associated with the subject that you SEE, and then the second element is the target web page of where you will be sent to when you click that link.

In most cases “Buy This” will indeed take you to the item, but as many of us have come to know – the text can say “Click this, it will make you rich” can sometimes contain the target that will actually make you poor, i.e, it will do something very bad on your computer, the delivered code or “Payload” could look through all those cookies that you never delete, or the passwords that you always save. So the “Activation Mechanism” is you clicking a link, which is actually executing the malicious code.

Technically, it’s really only a virus if can be spread to other computers. Its not a virus if it simply runs code on your computer, but it’s a thin line that we won’t argue here, but you could click on a link that searched on your network for other computers to infect, so it then would become a virus. As the code has a given “Signature” i.e. – it contains some form of text that can be detected by a virus checker.

This is the reason why you run a virus “update” once in a while (should be weekly) as your computer downloads new “checks” – it keeps a library of all the known virus threats, and what their signatures look like to try and find a match when it runs a weekly scan of your computer.

Meltdown and Spectre, are not viruses, they are a different kind of threat, and therefore have to be detected and treated in a different way. Meltdown are essentially “bugs” or “flaws” within an operating system that allow a bad actor to access certain parts of your computer. Both could theoretically be used to read information from a computer’s memory, including private information like passwords, photos, messages, and more.

I will tackle Meltdown first. Meltdown is a flaw that only affects the Intel processors, so this flaw does not affect most Apple devices, iPhone and Tablets are safe, as they do not use the intel processors. So as far as Meltdown is concerned, we are talking about Windows and Linux machines and Apple Mac or Mac Books, Linux being mostly a Server Operating System but Windows of course being both a desktop and Server OS.

Meltdown is a flaw that could be exploited by a piece of rogue code running on your PC. Now, this is where my earlier text comes in, the rogue code can ONLY be executed if you perform the “Activation Mechanism” and deliver its payload – it isn’t magic, it can’t just appear or run unless you run it. It should go without saying these days, but resist, resist, resist, clicking on any link that you are suspicious of.

While the Meltdown flaw technically could allow a rogue program to access certain parts of your computer’s memory, it is a really obscure bug and has to be used in a very specific way to actually get anything useful to a Black Hat. To try and explain it in clear and understandable terms, it can only access certain pieces of information that the processor has marked as “no longer useful”.

Even then, it would be a memory dump and it has a very low chance of being useful and an even less chance of actually containing your deepest secret or even your shallowest bank account.

The Meltdown flaw has actually been known to chip manufacturers and device makers for at least a month, but there was a concerted effort to bring all parties together to deliver a congruent “fix” to most devices, that was scheduled for next week. Unfortunately, Linux guys being what they are (sorry Linux guys) – they noticed the fix was scheduled in an upcoming Linux OS patches and promptly it went out to a few media channels and all hell broke loose from there.

This had the effect of rushing out the fix code quicker, and as I write this there is a Windows bug fix that addresses the flaw in Windows 10. It will be automatically loaded and installed along with your usual updates that are typically scheduled on your desktop computer. If you have disabled the Windows Update (because it is pretty annoying) you can perform a manual update that will also bring down the fix. As a reference – the bug is fix in Windows that will get downloaded and installed is described here:

 Windows 10 Meltdown fix

Older versions of Windows will have to wait until Tuesday 9th January to receive the fix in their regular fix release. Linux users are also vulnerable to the Meltdown flaw, but kernel fixes are available in the latest yum update (or apt-get) and fixes all three CVE listings (CVE-2017-5754, CVE-2017-5753, CVE-2017-5715)

Common Vulnerabilities and Exposures (CVE) is a catalog of known security threats. The catalog is sponsored by the United States Department of Homeland Security (DHS), and threats are divided into two categories: vulnerabilities and exposures.

Meltdown does not affect mobile phones or some Apple devices, as these do not typically run on Intel processors, but Apple Mac and Macbook devices are affected.

Spectre – is a whole different issue. Spectre affects a much wider range of devices, including those running on Intel, AMD and ARM processors, which is pretty much everything, including nearly all cell phones.

According to a statement by AMD, vulnerability to the second Spectre variant hadn’t been demonstrated on AMD processors and posed “near zero risk of exploitation” due to differences in AMD architecture. Because of the use of the word “near” there is some skepticism around whether there is indeed a risk on AMD, but we will see further updates from AMD no doubt in coming days.

As there are many versions of mobile phone software running on many different devices, we will not see all mobile phones patched quickly, more likely you will see a mobile update appear on your phone as a matter of routine updates. Or both Android and Apple iPhones you can go into the phone system settings and check to see if there are any updates and download and apply them.

In summary, there certainly is a lot of buzz right now regarding both Meltdown and Spectre, but after careful analysis, the likelihood of this flaw being exploited on a phone near you is very minimal. For the paranoid and purists among us – go run the updates now.

Mark Richards is a Cloud Security Expert, Solutions Architect and most importantly a “White Hat” for Care Analytics.   

Care Analytics Moves Into New Offices In Medellin, Colombia

By | Cloud Solutions, In the News | No Comments

We are happy to announce that we have moved our operations to a brand new office in one of the most exclusive areas of Medellin, Colombia, the so-called Golden Mile. This is an excellent location that will allow us to welcome our customers, fulfill our company’s goals, and further develop our corporate culture.

Julio Aconcha – Solutions Architect – Colombia
The fact that we have a such a splendid environment will empower our team to reach higher levels of quality in the services we provide to our customer, by ensuring that we have an optimal space that enhances our resources’ effectiveness”.


Care Analytics
 is a subsidiary of TEAM International and was launched in recognition of the current technology trends and the need for expertise in cloud computing, applications, migration, and more. It is a US owned healthcare cloud solutions and analytics solutions partner, specializing in migrating, building, integrating, and managing applications in the cloud, specifically in the healthcare industry.

Our brand new office that we share with TEAM International, was unveiled on August 23rd. With an outstanding view of the city, our offices offer a modern design, a comfortable style, and are in the epicenter of the business district, with easy access to transport and commercial centers.

Our office has space for more than one hundred employees, kitchen amenities, amusement areas, conference rooms, TVs, Bean Bags, electronic entertainment, and much more.

Andres Gómez – Operational Manager – Colombia
We have created a place where our passion for technology, our keen interest to create new relationships, and our tenacity to meet our current business partners needs are reflected”.

 

We had the pleasure to have as guests other innovative institutions and companies in the IT sector, as well as the president of TEAM International, Chris Walton, and our Board Chairman, Matt Moore. The opening was a complete success, where we gave a warm welcome to all those who are part of our Care Analytics family.

Care Analytics New Location - Medellin ColombiaToday, our operations are running smoothly. Our president, Tommy Simon, visited on October16th, and reviewed the last details for Care Analytics’ operation in the new location and with his final approval we could mark this chapter as completed.

Tommy Simon – President of Care Analytics
Our history is one of people, whether it is the employees that work for us, you as our customer that we serve, the care givers that we support, the community as a whole, or the most important person, the patient that we can help to change their life and give them better outcomes. Our new location will allow us to better fulfill the needs of the people who have shaped our history”

 

Our Care Analytics family has become better and will keep on growing to continue to support all of our clients’ needs.

How Can A Traditional Hospital Benefit From AWS?

By | Amazon Services, AWS, Healthcare Solutions | No Comments

We all come across multiple challenges in our day-to-day activities. The key to success is to learn how to solve them by benefiting from continually improving technological achievements.

If you are managing a hospital, you might have several outstanding issues that can be solved with the help of the cloud.

For instance, what do you do if you have old computers that can’t perform with expected productivity to store your growing database, integrate with HER, etc.? Replacing old computers with new ones will lead to significant capital expenses. There are also the issues of upgrading and maintaining them. It is obvious that this is a temporary solution; eventually any new equipment becomes outdated again. This is exactly the situation where moving to the cloud has absolutely no disadvantages.

AWS (Amazon Web Services) offers multiple services and offerings that will mitigate the described problem. By using Amazon Elastic Cloud – EC2 you receive on-demand compute capacity in the cloud. As a result, you will receive reliable and scalable infrastructure that will be easy to manage. In addition to that, due to the massive scale of Amazon services (external), this solution will be cost effective. All these obvious benefits will ease your life as a manager.

There are other instances when using the cloud can benefit a hospital. As we all know, most hospitals have a significant number of seasonal staff. Although it might be cost efficient and beneficial from a management perspective, it creates challenges with an uneven load on the IT infrastructure. If all your resources are on premises, you have to pay as if you are in high season all year round. With the help of services provided by AWS, you will be able to balance your load and pay only for the resources you consume. Amazon EC2 with its Auto Scaling function enables control of the number of EC2 instances. AWS VPC controls access to EC2 instances, which will allow all the necessary staff to log into your system. AWS Elastic Load Balance will balance the workload between EC2 instances and increase the overall fault tolerance. With AWS Management Console or AWS Command Line, you’d be able to define custom Amazon Machine Images (AMIs) and speed up the application deployment process with AWS CloudFormation templates. And let’s not forget to mention the Amazon Rational Database Service (RDS) that could be used as a persistent storage.

Care Analytics is an AWS Partner.

These two examples show that keeping up with technology can be incredibly easy and beneficial for your business. Moving to the cloud can solve multiple issues and open up great opportunities. Do not hesitate to explore them! If you need a guide to the cloud, feel free to Contact Us.