TL; DR: The era of big outsourcing has come to an end. Companies need a strategic technology function in house.
Everywhere you look in the business press these days you are bombarded with messages about digital transformation, business agility and competitive disruption. It is easy to argue that many companies do not understand technology, but that is a lazy, simplistic and throw away analysis.
The greater underlying issues that we see in many big enterprise operations are a combination of years of technical debt that has been built up from outsourcing too many strategic areas of technology, a chronic skills gap that has evolved during this wave of outsourcing and a legacy of CIOs focused on the wrong business metrics.
While Nicholas Carr’s seminal 2003 article, IT Doesn’t Matter, was synonymous with the start of big outsourcing, there has been a realisation by traditionally non-technology focused, companies over the last five to six years, that you now need to differentiate your business with technology. This realisation has been forced upon companies watching their markets getting displaced by new entrants
It is refreshing, if sadly predictable, to look at large organisations, many of which had been advised by strategic consultancies, frantically rebuilding their strategic technology functions. Many now realise just how bad the advice on what, when and where to outsource they received has been. On the plus side, you know when McKinsey and Boston Consulting Group are writing about digitisation, agile and DevOps a sea change in understanding is occurring in the enterprise.
Here at RedMonk, we spend a large amount of our time with technologists who are right at the front of technological change. Tools and approaches that support Agile, CI/CD, DevOps and so forth are considered table stakes by many of those we talk to. However, what seems obvious to cloud native and web scale companies is something many larger enterprises are only beginning to come to terms with.
But the key to understanding where all of these new approaches will lead, and how best to benefit it, is to understand what is strategic, and what can easily be left to others. To do that, we must first understand the whys of big outsourcing.
The Drivers and Consequences of Big Outsourcing
Cost Reduction and Focusing on Core Competencies
The early wave of technology outsourcing was primarily driven by a focus on cost reduction, and focusing on those areas that businesses felt were their core competencies. Much of the thinking in this space emerged from Michael Porter’s early work on Value Chains.
It is important to note that the framework proposed by Porter in and of itself was not problematic, rather how people interpreted the concept of supporting function. For many companies all IT investment got lumped together into a single amorphous blob, and people viewed outsourcing desktop support in the same manner as the viewed outsourcing the implementation of their core ERP system or critical customer facing systems.
For over 30 years, from the mid 1980s until the late 2000s most organizations felt that software development should not be considered as a core competency and focused on outsourcing or offshoring development. The tide began to turn, slowly, somewhere around 2009 as companies began to realize the changes coming.
The launch of the iPhone in 2007 was a starting point for these changes, but the realization that many things were changing, and technology was becoming a strategic differentiator, began to hit home in 2012.
Risk Aversion and Process Adherence
If we look at the systems and processes that are in use in many large organizations today to manage their IT estate, we still see a major focus on very structured methodologies such as ITIL and ITSM, CoBIT etc. While a DevOps approach is becoming far more common, for many organisations that are in anyway conservative (and despite what we may think this is still the majority of companies), the thought of extensive automation that steps beyond a traditional runbook approach is quite a big move to make.
The primary, and overriding, theme of all of these systems is that of risk aversion. The second being unwavering faith in a defined process. Now both risk aversion and process are good things in their own right, and indeed in for certain types of IT function they are not just necessary, they are essential – a subject I come back to later in this post.
However, this focus on micro level processes and being risk averse to the point of stagnation is an extremely tactical approach. It is not possible for people to develop an understanding of the strategic needs of a business if their main goal is, and their reward system is based around, metrics such as those defined in service level agreements around call handling speed, ticket closures and so on. I refer to this as “keep the lights on” IT.
There in lies the rub. On one level CIO’s and business leaders are always looking for people with, as academic Joe Peppard terms it, “a deep IT understanding combined with broad commercial acumen”. On the other hand, the very systems they are asking large sections of their teams to follow do not allow for the development of either strategic thinking or commercial acumen. The ability to take a strategic view and a calculated risk when change is required is stripped away from many key staff by the very processes that we put in place to ostensibly support the business needs of the organization.
As an industry we then compound this tactical risk adverse approach to technology by having outsourcing agreements that are built around very rigid service level agreements, again based on the same rigid, detail orientated methodologies.
We now create a two-tier system of risk aversion. Those managing the relationship within a business are concerned with ensuring that the SLA is upheld and additional costs are contained. Those working in the company we outsource to are goaled with minimizing change in order to preserve and enhance profit margins.
I am reminded of a WSJ Café talk by Mike Bracken then of gov.uk which I attended in late 2012. Among the topics he touched on was the procurement of technology services in the public sector and gave a strikingly simple example of what is wrong with large parts of the current outsourcing model.
A government body had signed a multi year outsourcing agreement in 2008 (if I recall correctly) for the delivery of various services, including the maintenance of a consumer facing website. The service level agreement included a clause to maintain the existing website, providing the required business functionality at the time of outsourcing.
In 2010 consumers started to use iPads, mobile phones continued to become more ubiquitous and we all became more accustomed to being able to access services on multiple devices.
As for this particular website? Well updating it would require a change to the contracts, which in turn would incur costs. The end result for consumers is that they see a public service that is slow to change to meet their new usage requirements.
The underlying issue here was the failure to realize that the system being outsourced was strategic and would need to evolve, and to either build that into to the contracts or keep the development and support in house.
While I am not privy to the contract details, my sense here is that the tactical need, outsourcing the maintenance and support of the system, was met. However, no one appears to have been tasked with considering the future direction the system may need to take and understanding what risks, such as effectively locking down the system, the outsourcing agreement was creating. In a risk adverse culture or process such risks are not considered, as the underlying assumption is that of little to no change.
This pattern of outsourcing on the basis of rigid requirements and cost structures then leads us into a death spiral of contract management. I have had many conversations over the years with organizations who genuinely do not know what they have agreed too in their contracts.
People start out with a base set of requirements, then there is a change, the contract is updated with a change request and the circle repeats itself. What people fail to realize as they request these changes is that the company you have outsourced too, sitting on the other side of the negotiation table, generally holds all the cards.
More importantly they know how to negotiate with you. I am reminded of a conversation I had with a senior sales leader several years ago where he pointed out:
the guy in the company, this is probably the biggest deal he will do this year. My team is probably running six of them this week
When it comes to the nitty gritty of maintaining outsourcing contracts we frequently see rings being run around companies, often on the legal side, but also on the administrative and implantation aspects.
Offensive and Defensive IT Strategy
Now this is not to say that the methodologies such as ITIL mentioned above should be abandoned, far from it – in many cases they are absolutely what is needed, particularly from a compliance standpoint. What needs to be reviewed is the rigid adherence to such methodologies in the context of the industry and initiative we are discussing.
The table below summarizes and relates work from two academic papers, Nolan and McFarlan (2005) and Peppard, Edwards and Lambert (2011). Nolan and McFarlan gave a very simple and effective breakdown of IT strategies in an organization, dividing them into defensive and offensive, and sub dividing into four modes. Peppard, Edwards and Lambert provide a very useful explanation of the different types of CIO’s in organizations.
|Nolan & McFarlan||Peppard, Edwards & Lambert||Nolan & McFarlan||Peppard, Edwards & Lambert|
Business needs IT to run; minimal strategic differentiation with IT possible
|Utility IT Director||Strategic Mode
Large strategic benefits seen from IT; Business needs IT to run; minimal strategic differentiation with IT possible
|Agility IT Director|
IT supports business needs; business can run without IT systems if necessary
|Utility IT Director||Turnaround Mode
IT provides opportunities for major improvements
In my own experience I have yet to encounter an IT estate, programme or initiative that cannot be classified in one of the modes defined by Nolan and McFarlan.
Anything that can be classed as defensive is almost guaranteed to be a perfect candidate for rigid processes and frameworks, easy outsourcing and strict service level agreements. These tend to be the areas where strategic thinking and high levels of commercial acumen from technology staff is not required.
As we move into the offensive areas there are obvious opportunities for both strategic thinking and commercial focus. Having key staff work in these areas, rather than in “keep the lights on IT”, allows for a focus on what really matters for the business.
It should be noted that the breakdown into large sweeping areas provided in the table above is a useful starting point, but it is just that. There are other tools and frameworks people can use for deeper analysis, from techniques such as Simon Wardleys mapping approach (which is well worth spending an afternoon of your time reading into) to competency analysis tools from various vendors and so forth.
Outsourcing and The New Resourcing Pattern
As my colleague, James Governor, has already pointed out the tide has turned on big outsourcing
Outsourcing won’t go away of course but it will need to dramatically change. Smart people say we’ve just been doing it wrong, but it is going to be a wrenching transition for an industry that looks increasingly out of step with emerging operating models
What we are now seeing is an emerging understanding in many companies as to which parts of their technology landscape are strategic, and thus need to be both agile and responsive. More importantly these are the areas which need to be kept in house. Companies are starting to fully identify which parts of the IT estate are items such as legacy systems of records that can be managed by another party but are critical to the business, and finally parts are completely defensive aspects and can be outsourced without any significant risk.
In many companies we have seen the emergence of small groups of extremely talented developers, operations and product management folks using all the techniques we noted as table stakes earlier. Where an organization is just starting on this journey these teams invariably appear in a mobile function. This means they can have some immediate impacts. Other teams can begin to see what they are doing and start to adapt their techniques.
It is important to note, however, that these teams are rarely shackled with all of the burden of what has gone before. Such teams have permission to put solutions in place, such as callbacks into systems of record, and yes that can mean hybrid cloud, to allow for rapid product iteration.
Digital Literacy and The Importance of Design
As I alluded to above in the gov.uk example the importance of design and end user needs has often been completely overlooked in outsourcing deals.
In every large organization and associated with every large project there is invariably a change management function. Firstly, lets clarify that that change management is a hugely important discipline, and any large scale technology initiative that involves end users is going to fall flat on its face without appropriate communications, expectations management, record keeping, education and so forth.
However, change management can be made an awful lot easier with the appropriate use of technology – and that starts with design and the overall user experience. The advent of the smart phone has given end users a, justifiably, very heightened expectations in terms of how an application should function, how an application should flow, and how its usage should feel.
Much of the resistance to change we see coming from end users is not due to a lack of understanding of the business need or how technology will enable it, rather it is due to the technology not meeting these heightened expectations. Design, and that end user experience, is of significant strategic importance to any business.
To truly enable the design experience an organization needs to have staff in house that can deliver on a design experience, and the underlying technical requirements to facilitate this work, allied with a significant level of digital literacy at executive, and preferably board level.
Academics such as Nolan & McFarlan noted as far back as 2006 that the level of technological understanding at board level is key to deciding how to approach the implementation of technology in an organization. These days this can be described as the digital literacy level of the overall organization, but more specifically the understanding of both the possibilities and limitations of technology which senior and c level executives have.
For many larger organisations the cultural change that is needed to move from the era of big outsourcing to bringing strategic technology functions back in house will not occur without this digital literacy.
A number of years ago I summarized several approaches and frameworks to measuring organizational IT maturity, which is a useful proxy measure for digital literacy. As well as Nolan & McFarlan (2006), noted above, research from Ragowsky, Licker and Gefen (2012) who refer to an Organizational IT Maturity Level (OITM) and Ross and Weill (2009) all help us frame where an organization is along its digital literacy journey.
Ross & Weill
Nolan & McFarlan Modes of IT
|Ignorant: Information not considered critical; IT taken for granted||
|Aware: Information is considered important; limited understanding of the costs associated with IT||
|Willing: Information is known to be important; willing to invest in IT but limited trust levels||
|Trusting: Business trusts IT to understand needs but not as partners and equals|
|Accepting: IT accepted as an equal partner, but ownership of deliverables not taken by the business||
|Responsible: IT provides a service and platform to innovate on, business responsible for initiating and owning IT projects||
For those of us working at the forefront of technology we expect almost every organization we talk with to be at an OITM level of 5 or 6. The reality for many companies is far, far lower.
But let us be blunt here, if your board and senior management don’t have a reasonably high level of digital literacy your company is unlikely to understand why they should invest in having world class engineering, operations and product management functions. The first part of the journey is going to be an education drive.
From Outsourcing to Re-shoring
What does this mean for your company? If you want to be competitive in this new era you need to understand where technologists can add significant value, but more importantly you need to understand where they won’t. To identify these areas, you will need to work with your own, in-house, strategically focused, technologists and advisers.
The business savvy technologists are out there; you may already have hired them. As Adrian Cockcroft likes to state when people ask where did Netflix find their engineering talent “we hired them from you”.
Notes & References
Several sections of this post have been reworked from an article I wrote in April 2014, and some earlier academic work. The academic texts I referenced here are:
- Carr, N. (2003) ‘IT Doesn’t Matter’, Harvard Business Review, May.
- Nolan, R. and McFarlan, F.W. (2005) ‘Information Technology and the Board of Directors’, Harvard Business Review, October.
- Peppard, J. (2010) ‘Unlocking the Performance of the Chief Information Officer (CIO)’, California Management Review, vol. 52, no. 4, pp. 73-94.
- Peppard, J., Edwards, C. and Lambert, R. (2011) ‘Clarifying the Ambiguous Role of the CIO’, MIS Quarterly Executive, vol. 10, no. 1.
- Porter, Michael E. (1985), “Competitive Advantage”, Ch. 1, pp 11-15. The Free Press. New York.
- Ragowsky, A., Licker, P.S. and Gefen, D. (2012) ‘Organization IT Maturity (OITM): A Measure of Organization Readiness and Effectiveness to Optain Value from Its Information Technology’, Information Systems Management, vol. 29, pp. 148-160.
- Ross, J. and Weill, P. (2009) IT Savvy: What Top Executives Must Know To Go From Pain To Gain, 1st edition, Boston: Harvard Business School.