Posts Tagged ‘IT Cost’

Compliance, Identity and the SME

February 1, 2008

Matt Flynn brought this article to my attention. At the surface it covers an important topic. Typically software vendors get stars in their eyes over Fortune 1000 size clients while the vast majority of enterprises are not able to consume solutions designed for the “biggies”. So, interesting topic. But I found the premise a bit disingenuous. Particularly the line of logic expressed here by one vendor (condensed with names excised)….

“Most small to midsized enterprises have far fewer IT professionals on staff to manage the overall IT infrastructure, making the user access management issue more critical than their large counterparts,” says (XYZ), senior vice president of (Vendor).

Source: Processor Editorial Article – Automate Role Management & Identity Compliance

So far, so good. Can’t argue with that. Continue please…..

(Senor XYZ) recommends that companies seek out vendors that [also]……..have a strong consulting services capability with an implementation and management methodology that has been used successfully in the field at several different types of organizations.

Now, we’re off the reservation a bit. Having been an IT guy in a small organization (~700 users) in my very distant past I will say that if a vendor ever said, “you should buy my solution because I have good consulting services” all kinds of alarms would start going off.

My immediate response would have been, “if this solution requires vendor expertise to get it to work for me then it’s not designed for an SME like me.”

I actually think Europe is generally more forward thinking than the US enterprise in this regard. Generally, in EMEA, a key test of a product for a prospective buyer is if they can run their own Proof of Concept; No vendor Sales Engineers or consultants allowed. If the vendor insists that only one of their sale engineers or consultants can get the product working right – well, Failure Condition #1.

Admittedly most SME’s would love to get that kind of attention from any ISV. But most also know that the attention is fleeting. And when the next version of the product is released or when the use environment changes and the vendor’s solution needs to be reconfigured – good luck getting that level of attention again.

That’s not to say that an SME wouldn’t be well advised to pay a local integrator or reseller to deploy a solution for them. That’s a judicious use of resources. But any time you have to rely on the vendor to get it to work right…..that’s just an extended bout of heart-burn waiting to happen. Maybe Big Money Center Bank can invest that kind of cash resources and mindshare in a solution on an ongoing basis. But Regional Community Bank With Ten Branches probably can’t.  Or shouldn’t.

Advertisements

Cost of Compliance

January 29, 2008

Deloitte’s Center for Banking Solutions published an interesting study on compliance based on a survey of 20 of the top 50 financial institutions in the U.S. As my friend Mark Macauley (his identity blog) has said to me many times, “compliance is a cost center”. Here are a few excerpts from the study that I doubt are unique to financial institutions….

  1. “As costs have risen, financial institutions appear to have responded more by applying people resources to monitor compliance versus technology resources to manage it. “
  2. “Only 10% of financial institutions reported that compliance information was always effective and 15% that it was always timely.”
  3. Compliance related spending has jumped from 2.83% of net income in 2002 to 3.69% in 2006.
  4. Of compliance spending, 18% was for computing infrastructure (hardware, software, etc) while 60% was for compensation (people presumably).
  5. Overall 95% of the respondents reported that their management and administrative employees were spending more time on compliance than before and fully 40% saying that the time they devote to compliance has increased by 22% to 25%.

Ouch. Talk about an area of opportunity for improvement.