|
Measuring Progress in Application Security: Six key conditions for metrics-driven programs
By Leonel Navarro, Project Management Professional
February 2010  full version
The most important goal of an application security (appsec) program is to secure the organization’s information assets, and maintain the security infrastructure breach-free. A successful program is hardly a one-time project, but rather an on-going effort that constantly provides education, guidance and tools. This document shares six conditions we have identified as essential for establishing a solid path that enables a metrics-driven application security program: 1) Understand the different types of threats; 2) Identify KPIs and define SMART metrics; 3) Establish a well-defined and measurable process; 4) Rate vulnerabilities within the appropriate context; 5) Create a vulnerability tracking system; 6) Make metrics visible to management.
Creating and Managing a Large Enterprise Software Security Program
By Darren Challey
November 2009 full version
Author Darren Challey, GE’s Application Security Leader, states that the key success factor for an application security program at an enterprise like GE is to find, fix and prevent security defects earlier in the software development process through effective communication and implementation of consistent Guidance, Education and Tools.
Running a Software Security Program for a large enterprise is largely a thankless task. Building security into products (rather than painting or bolting it on at the end) is not a core competency. These problems are amplified at a company the size of GE by the large numbers of developers who are globally dispersed and developing software in just about every technology under the sun.
Since the inception of the GE Software Security Program in early 2007, the overall vulnerabilities and critical/high vulnerabilities in new application development and change releases have seen a significant decrease.
Preparing a Strategy for Application Vulnerability Detection: Setting the basis to secure critical information assets
By Juan Calderon
October 2009 full version
Having the overall picture of the company’s information assets exposure is vital for Information Security Officers, since it allows them to make the right decisions regarding where the fixing efforts should be spent. This white paper will share some key tactics that can help answer questions like: Where should application security testing start?, Which applications are most critical to the company?, What kind of testing method should be used?, What tool is best for the job? And, what verification requirements should be considered for the application security policy?
Conservative-progressive approach to outsourcing delivery models: Four levers to adjust and maximize value
Part 2 of 3 of the white paper series “Proven Strategies for Cost Containment and Risk-balancing in Turbulent Times”
By Alejandro Camino with Federico Ferreres
October 2009 full version
As risk mitigation and cost containment take a new dimension in today’s environment, organizations are rapidly assessing the status of their global outsourcing portfolio, finding creative ways to be as conservative as possible with regards to risk management, and as progressive as they can be in terms of cost containment.
As the second part of the series, this paper’s focus is on identifying the value of the existing delivery model, and to highlight the benefits that different approaches may bring.
We’ll explore how organizations that carefully assess the existing and alternative pricing models, that balance the amount of work that is done on-site vs. offshore, and actively monitor how much of the project portfolio is concentrated in a single vendor or country, have been able to maximize the value of their service outsourcing projects.
The Rise of the Conservative-Progressive Approach to Outsourcing: Establishing Solid Foundations for a Global Sourcing Program
Part 1 of 3 of the white paper series “Proven Strategies for Cost Containment and Risk-balancing in Turbulent Times”
By Alejandro Camino with Federico Ferreres
May 2009 full version
As risk mitigation and cost containment take a new dimension in today’s turbulent environment, organizations are pressured to rapidly assess the status of their global outsourcing portfolio, and to find creative ways to balance risk mitigation and cost containment. One way to speed up the learning process, and reach destination safely, is to look at those that have already traveled the road. And as this learning process matures, it marks the definitive rise to the era of the conservative-progressive approach to global outsourcing.
Achieving Operational Rhythm in Source-to-Pay Outsourcing
Best practices for ‘measuring up’ to business needs
By Federico Ferreres and Pedro Parra
May 2009 full version
Many companies are considering outsourcing parts of their source-to-pay (S2P) operations as a way to curtail costs, gain operational efficiencies and to enable focus on strategic restructuring of the sourcing function. Although market penetration is still relatively small, the services are poised to grow at a fast pace during the next five years. In this white paper, we highlight several best practices that have helped our clients achieve highly efficient procurement operations within relatively short time periods. Building upon these practices helps in achieving operational rhythm, a seamless and metric-driven integration between the outsourcing organization and its customer.
A Guide to Outsourcing the Source-to-Pay Function
By: Mary Ellen Mitchell
with Alejandro Camino and Pedro Parra
November 2008 full version
Challenging economic times will push companies and their management to find new ways to streamline operations and curtail costs. Initiatives to outsource non-core functions and streamline the supply-chain have been on the rise in recent times. Among these measures is offshore outsourcing of the purchase order (PO) processing function. Although its popularity has been lagging behind other BPO offerings, we foresee companies increasingly embracing source-to-pay (s2p) offshoring. As pressures to rapidly implement these engagements grow, so does the possibility of failure due to unsuccessfully transitioning in-house managed processes to outsourced engagements.
Mind the Offshore Gap
Finding a Balance for Outsourcing Strategies
May 2008 - full version
Leading companies are embracing a new generation of global outsourcing, one that involves a multisourced approach with different providers from various locations, as well as a combination of models including offshore, onshore and nearshore. This white paper addresses the emerging shift and outlines why it’s necessary to close the gap left by single-country outsourcing strategies. The gap is characterized by the need to diversify risk, increase interaction among the stakeholders, access multilingual professionals, and lower the total cost of engagement.
Results driven application services outsourcing - Part one
Making the case to evolve from timesheets to deliverables
March 2008 - full version
While the option of choice of most hiring managers is still that of time and materials, there is a trend to opt for a more strategic and disciplined approach for application services outsourcing, one that involves paying for deliverables or outcomes rather than man-hours. This document describes and compares different application maintenance and support engagement models, identifies what each model has to offer in terms of value to the organization, and highlights the barriers organizations face to evolve beyond staff augmentation. A companion White Paper provides a blueprint for overcoming the obstacles and enable change.
Results driven application services outsourcing - Part two
A blueprint to evolve beyond staff augmentation
March 2008 - full version
While the option of choice of most hiring managers is still that of time and materials, there is a trend for a more strategic and disciplined approach for application services outsourcing, one that involves paying for deliverables or outcomes rather than man-hours. This White Paper highlights different actions that hiring organizations and vendors alike can take to evolve their application outsourcing models beyond staff augmentation. We identify the critical success factors and a viable scenario and a transition roadmap for buyers interested in results driven application services outsourcing.
Nearshore goes Global
March 2007 - full version
Over the last two decades we have seen the offshore outsourcing market evolving from offering cost savings to serving as an enabler for business competitiveness, transformation and growth. We have also witnessed how sophisticated buyers are looking for a new generation of global outsourcing services that aim for operational effectiveness, high collaboration, risk mitigation and innovation. Our role at Softtek has been to proactively participate with our clients in this progression and transform the Nearshore model accordingly. This document delineates our vision for the next wave, which we have codenamed Nearshore 2.0.
Total Cost of Engagement
The unique value of Nearshore as an enabler for lower cost of offshore outsourcing
March 2005 - full version
The whole concept of Offshore Outsourcing is created around the idea that cost efficiencies can be attained by shifting work from a high cost to lower cost locations.
Although it is a fact that man/hour rates are a fundamental driver to reduce costs, offshore savings should not be determined only by the man/hour rate differentials. A holistic view of expenditure measurement should be considered.
TCE or Total Cost of Engagement is an approach that evaluates the total expenditures of offshore engagements.
Despite the maturity level reached by the offshore outsourcing programs in many Fortune 500 corporations, the model cannot be leveraged at its full potential. There is still an important amount of work that is done at the client's site, thus increasing the TCE. The reason is the fact that time-zone differences and distance with India, and other Asian outsourcing destinations is a barrier.
Although Nearshore rates tend to be higher, the overall cost of Nearshore engagements is equivalent or less than offshore, because of the efficiency gains that working in close proximity to the US and in the same time zones can bring. The Nearshore model is much more efficient in achieving higher percentages of work performed at a lower cost location than offshore.
Mexico as a Nearshore Destination
Advantages for the IT Global Outsourcing Market for North America
March 2005 - full version
As part of its March 2003 report "Mexican Nearshore Outsourcing: A Promising Global Sourcing Alternative", Forrester Research published "Companies interested in the cost and quality benefits of offshore labor, but which require a closer, less risky solution should strongly consider Mexico as an important nearshore option".
Two years since that report was published, Mexico presents itself with a unique value proposition for US corporations that is based on convenience, lower risk and an unbeatable Total Cost per Engagement. Outsourcing companies based in Mexico, like Softtek, comply with the highest standards in terms of security, quality and dependability.
When talking about Global Outsourcing, Mexico, with its Near Shore® approach, is positioned in a completely different playing field for global outsourcing. Mexico based companies set aside from the plethora of India based vendors, followed by newcomers from China and Russia.
Mexico's Near Shore® value proposition is based on world-class services, low risk outsourcing, convenience and cost effectiveness.
|
