Background of the organization:
In 1947, an important year for India, 32-year -old M.H. Premji, owner of the fledgling western India Vegetable Products Ltd, laid the foundations of a vegetable oil mill at Amalner in Maharashtra. The company went on to manufacture vegetable ghee and laundry shop.
M.H. Premji died in 1966. His son, Azim Hasham Premji, was then a student at Stanford University; He was called on to immediately return home to run the company. Though he missed out on graduation from Stanford, he later managed to complete his degree by correspondence.
Azim Premji was more ambitious than his father and soon set about expanding the company. Within five years, its turnover shot up from Rs 40.82 million in 1965-65 to Rs 104.09 million in 1970-71. The first diversification came about in 1975,in fluid power, at suggestion of an Indian institute of management(Ahmadabad) graduate, M.Seethapathy Rao. Rao, who stills heads Wipro Fluid power, chose Bangalore as the ideal base for Wipro's new Venture.
The Consumer care business was expanded in 1979, after the arrival of P.S. Pai, now vice chairman of Wipro Ltd. The Business diversified into soaps, toiletres and baby care products, and distribution was considerably expanded. The Finnancial strength of the consumer care division powered further diversifications, particularly into InfoTech and Healthcare.
InfoTech took off in the late seventies and wipro climbed aboard the wave of information technology opportunity. Wipro set up its IT Business in Bangalore in 1980 under Ashok Narasimhan, Who had under hin a dynamic team of professional R&D and Marketing Managers.
The growing reputation of Wipro ensured that GE Medical Systems chose the company for its healthcare joint venture in India. In start-up team headed by D.A. Prasanna, now Manageing director & CEO of Wipro GE, Vivek Paul, Who is today Vice Chairman responsible for Wipro Technologies.
Wipro Technologies deals in following businesses
- IT Services:
- Product Engineering Solutions:
- Technology Infrastructure Service:
- Business Process Outsourcing:
- Consulting Services:
Wipro provides complete range of IT Services to the organization. Wipro's enterprise solutions serve a host of industries such as Energy and Utilities, Finance, Telecom, and Media and Entertainment.
Wipro is the largest independent provider of R&D services in the world. Using "Extended Engineering" model for leveraging R&D investment new knowledge and experience across the globe, people and technical infrastructure, Wipro enables firms to introduce new products rapidly.
Wipro's Technology Infrastructure Services (TIS) is the largest Indian IT infrastructure service provider in terms of revenue, people and customers with more than 200 customers in US, Europe, Japan and over 650 customers in India.
Wipro provides business process outsourcing services in areas Finance & Accounting, Procurement, HR Services, Loyalty Services and Knowledge Services. In 2002, Wipro acquiring Spectramind and became one of the largest BPO service players.
Wipro offers services in Business Consulting, Process Consulting, Quality Consulting, and Technology Consulting.
Major Clients or Projects:
Wipro's public client list includes Morgan Stanley, Sun Microsystems, General Motors, Honeywell, Cisco, and Lucent
Strategic role of IT in offshore outsourcing:
A Prominent change in the outsourcing arena is the growth in the offshore outsourcing. Driven by the pressures of globalization anf the ensuing need to address opprtuniteies and threats from global competition, companies are increasingly looking at less expensive resources available in offshore locations. And these less expensive resources are readily available in countries like India, china and the Philipines.
An Outsourcing arrangement is considered 'offshore outsourcing' when the responsibility for the management and delivery of Informaiton Technology services s delegated ti a vendor who is licated in differsnt countries in the offshore outsourcing arena are India, Israel, and Ireland, near shore providers in cananda and mexico are also popular among U.S clients just as eastern Europe has beacome a prime near- shore option for central Euroupean countries, because of geographic and cultural proximity. Some clients find the near shore scenario more attractive because these locations facilitate continuous monitoring. China is also quickly gaining popularity because of its low labor costs.
As in domestic outsourcing,a primary driver of offshore outsourcing is the continued pressure organizations face to cut costs associated with IT while maintating and improving processes . The time differences between the client and the offshore vendor locations create extended work days which can contribute to increased IT productivity. With efficient distribution of work between the client and vendor locations, Projects can theoretically be finished faster.
Organizations also turn to offshore outsourcing because of the lack of IT resources to perform required tasks. Faced with the lack of trained professionals, Organizations look to foreign shores to gain accese to knowledgeable IT personell and valuable IT assets. Offshore vendors typically have well trained IT personell with the requisitie technical knowledgeable and skills. These vendors have also recognized the need to train their staff not only in the latest technologies, but also in the management and communication skills and have establized numerous world class facilitaties to do so. Such technical expertise and qualifications of the staff make these vendor firm very attractive to clients, since clients look to outsource activities that involve high level of technical skills.
In addition, offshore vendors have obtained certifications to prove their ability to execute and delivery quality work. These certifications assure the client organizations that the vendor is following quality pratices in the management of project and are important in gaining the clients trust and developing the client-vendor relationship. Vendors aim to align their practices with standards in different areas including software development processes workforce management and security. Qu and Brockelhurst find that client organizatons pay particular attention to these certifications in the vendor evaluation and selection process. However, Coward comments that while large organizations look towards certification for wuality assurance and success in offshore projects, small and medium enterprises focus on personal connections in the selection of vendors.
Finally, as in domestic outsourcing, the badwagon effect comes into the play offshore outsourcing aswell. The sheer fact that these offshore choices are available and that other organizatons are taking advantage of these options prompt other organizations to consider offshore outsourcing. With such drivers, offshore outsourcing is growing at a rate higher than 20%. A MetaGroup report predicts that by 2009, an organization will be sending 60% its application work offshore.
Offshore arrangements come in a variety of flavours to match the clients desire for ownerships and control: convenient offshore outsourcing arrangements, joint ventures, build-operate-transfer arrangements, and captive centres. These arrangements span the continuum from complete hand-over of the project to an offshore vendor in conventional offshore outsourcing arrangements to establishing a captive centre in the foreign country. While the client usually has a low to medium level of control on the operation and delivery services in conventional offshore outsourcing, the client retains full ownership and control of the assets, personnel, management and operations of captive centre. Such captive centre arrangements are not strictly outsourcing arrangements, since in outsourcing the responsibility for the management of IT services is handled off to an external vendor. These captive centre arrangements fit under the umbrella of "offshoring". In Joint ventures and build-operate -transfer arrangements, the client is able to take advantage of the vendors knowledge of local market, while retaining a certain amount of control. Such shared ownership can reduce the risk of offshore outsourcing. A built-operate-transfer is an arrangement where a domestic client contracts with an offshore vendor to set up an offshore centre, with the goal of taking over the ownership and management of the center, with the goal of taking over the ownership and management of the centre once it is established.
A related development has been the offshore outsourcing of IT enabled services and business process. Many offshore IT vendors have produced offshoots to manage business process outsourcing deals. Examples Wipro's Spectra mind and Infosys Progeon. The BPO market is making giant strides; it is estimated that the offshore BPO market will grow at a rate of 79% annually to reach a size of $24.2 billion, while the offshore IT outsourcing market is expected to grow at a rate of 43% to $56 billion by the end of 2008. Currently IT outsourcing dominates offshore outsourcing and BPO, but this is likely to change in the future.
Potential areas of IT security failures in offshore outsourcing:
Through outsourcing in general, a company transfers and/or shares part of the risk with the third parties. This argument makes the transition between opportunities and threats, since the transfer of risk widely depends on legislation in the countries involved. This is the point where an SLA proves its force or the lack of it: under different judicial systems, the conditions on the contract may not be enough to make the service provider liable for any damage or loss of information that may have occurred. In other words, if the service provider fails to fulfil the contractual duties, the outsourcing company may be able to get something from a law suit in the vendor's country, but is still held accountable (J. Leigh) in its own country for breaches that took place, if they break the Law in the respective country (the outsourcer's).
One of the main threats is the loss of control over the outsourced operations. This brings with it the necessity of allocating managers to the outsourced relationship. One step further would be to set a rather rigid frame for the outsourcing agreement, with clear-cut checks and balances, and also organize training sessions for the employees of the service provider. Indeed, this practice would help towards establishing a higher security level, but on the other hand it would significantly contribute to the overall costs.
In some cases, the vendor is either not willing to or can not change and easily adapt processes to better fit the company that is outsourcing. This lack of flexibility is a notable disadvantage of the outsourcing process, and can be partially addressed through the initial SLA, or even before that: when making the decision as to where to outsource, by eliminating from the beginning the destination where the information available points toward inflexibility in the work practices.
There is also an impact on human resources and assessment of security issues given the status of the vendor's employees, as the outsourcer experiences a loss of direct control over who is hired to work on its IT functions. Depending to the vendor's cultural context, this may lead to differences in categorizing information into private and public and thus creating a real threshold over what needs to be protected from breaches.
IT outsourcing can determine a relocation of IT equipment from a safe and known environment to an unknown one (D. Twing), thus further creating risks for the company.
In addition, possible security risks come with the opening of the company towards a third party providing services that often involve sensitive information (exposure of critical data, intellectual property such as patented processes or source codes).
The complexity of the security process determines an increased vulnerability to data breaches, especially under outsourcing agreements (A. Coro). The reason is that most outsourcers do not take the time to understand all the details involved and thus are more likely to make mistakes in either choosing the vendor or in determining the SLA.
From the same reasons mentioned above, the compliance with internal regulations may be harder to meet through outsourcing, especially if the service provider is not sufficiently aware of the legislation regarding IT in the country of origin of the outsourcer. As far as liability goes, even if the service takes place in the vendor's country, the outsourcer is still the one that has to comply with the law (J. Leigh). More of a general threat, not IT outsourcing specific but nevertheless important in the decision process for outsourcing is represented by the currency risk. Financially, the changing exchange rates can make an initial cheap contract become quite expensive - especially, in the case of the United States for instance, in the light of the diminishing purchasing power of the dollar during 2007.
Factors that influence the outsourcing decision and location
The linguistic skills and education of the country towards which a company is outsourcing its IT functions should be a factor to take into account. If the vendor's employees are fluent in the outsourcer's language, then there are fewer problems likely to arise from misunderstandings about what is desired from the service provider. These factors are softened though by the cultural affinity between the supplier and the outsourcing customer, which has a less quantifiable effect but still adds to overall productivity
A high level of skilled work force (S. Pruitt) tends to provide a better performance, since the vendor's employees are more knowledgeable and prepared for addressing possible issues in the outsourced project.
Differences in time zones between the two countries show an influence in the availability of the service provider; in fact, this is one of the arguments towards choosing Central and Eastern European countries instead of the further away Asian service providers and vendors.
The economic and politic environment could strongly influence the stability of the relationship between the two parties involved in the contract. In general, any possible disruptions in the normal work flow (caused by national movements or merely local strikes) increase costs (down time, loss of productivity, even relocation eventually if the situation does not resolve timely).
Another element to research is the quality of infrastructure in the provider country, since frequent power outages, for instance, can lead to data loss to only mention the most obvious effect.
One of the main elements most companies look for, though, is the price of labor in the area where the vendor is situated (R. King); the lower this is, the more attractive the respective country is for outsourcing destinations, all else equal. It is in the balancing of all these factors above that the decision becomes difficult. Related to this conclusion, most companies consider outsourcing part of their IT processes mainly because this would provide a reduction in costs. Experts (CIO's ABC) consider though that lower costs constitute only the initial reason for considering outsourcing. After researching offshoring and nearshoring options, companies typically realize the low price sought should be balanced by other considerations, some of them mentioned above - thus, the cost of outsourcing in general and of labor in particular should not be, and typically is not, the top decision criteria.
Several security risks arising from proposed, for everybody's reference.
Network systems, management of confusion in the right account
The existing network operating system, security management all have a common feature, that is, must be entitled to a user's authorization in order to achieve the network login and maintenance. Especially the super-user, it has all the rights of the operating system, so one who has mastered it, grasps the lifeblood of the whole system. The process of routine maintenance, network management personnel to facilitate memory or simplify the operation, usually will have the right to set a very simple account password, or stored in a public place a very prominent position; In addition, the system often created out of several temporary have the right account, and failure to clean-up; plus pay no attention to change the password, and even multiple management account password is set to 1. So that "hackers" With a number of specialized password verification procedure is very easy to steal passwords, intrusion network system. Therefore, efforts to strengthen the management of the right account is to ensure that the first step in network security.
System, the lack of management at different levels
Because UNIX is a very good network operating system, we now have a lot of information network systems using it as the basic platform. UNIX support network document management system (NFS), and in Group (Group) the concept of classification of network users. UNIX systems by default, allowing users within the same group to read and write with each other or at least read each other's files or system data, so once the system of the Group divided improperly, could result in normal users have the same rights with the super-user, it not only to understand the system configuration, increase or modify the system parameter file, and can replace the system of information content, and even destroy the whole system. To avoid this from happening, on the one hand, to ordinary user accounts set up groups of users is zero, is strictly prohibited to ordinary user accounts with high-level management accounts belong to the same group; the other hand, strict inspection system, an important configuration files (passwd, shadow, logon log files, etc.) read and write permissions, so that the sole ownership.
FTP brings a hidden danger
As we all know, FTP software in order to share resources, user-friendly file download and file transfer protocol developed. Since it is in order to share, then there must be the right to read and write on the system, so it is also a weak link in the whole network system. At present, a number of online "hacker" is often used by FTP invasion and destruction of the system as a breakthrough. Sometimes they use FTP some of the monitoring program into the system in order to steal passwords management; sometimes use FTP access to the system passwd file, to understand the system user information; sometimes use FTP features of puts and gets, increasing the burden on the system, leading to the hard disk plug Man and even system crashes.
However, in order to meet the needs of users, many systems had to open the FTP functions, then how to handle them? First, it should be properly configured FTP, to prevent the system files have been stolen, or the directory program process start-up; Secondly, there is the conditions where the FTP server and other applications on the network isolated, so that even if attacked, it will not affect the entire system; again, pay attention to regularly observe the FTP server's operation to check the size of the hard disk and make dealt with accordingly.
The running and monitoring of a large-scale outsourcing project is not easy. Any failure in IT governance can have a substantial impact on business. While enjoying the cost savings or other benefits brought about by IT outsourcing, management should bear in mind that an organisation can only outsource its operations, but not its responsibilities. Security impact analyses and risk assessments should be started as early as drafting of the contract and cover the vendor's IT environment as well as the organisation's. On-going monitoring and regular reviews must also be conducted to ensure proper management of the IT outsourcing project and/or service.