Managing Operations Chapter 8 Information Systems Management In Practice 5E McNurlin & Sprague

Copyright 2002 by Prentice Hall, Inc. 8-2 A Typical MIS Department Budget 33% Systems and Programming 70% Maintenance 30% New Development 10% Administration and Training 57% Operations - Involve more $ than any other part of the MIS department

Copyright 2002 by Prentice Hall, Inc. 8-3 What are three solutions to operations problems? Buy more equipment Continuously fight fires and rearrange priorities, getting people to solve the problems at hand Continually document and measure what you are doing, to find out the real problems, not just the apparent ones. Then set standards - the preferred solution

Copyright 2002 by Prentice Hall, Inc. 8-4 Operational Measures External: What the customer sees: system uptime, response time, turnaround time equal customer satisfaction Internal: Of interest to systems people: computer usage as % of capacity, disk storage used Problems reported by external measures can be explained by deviations in internal measures.

Copyright 2002 by Prentice Hall, Inc. 8-5 What’s New in Operations Companies have “cleaned their operational house.” Operations managers are beginning to manage outward. Operations are being simplified. Certain operations are being offloaded.

Copyright 2002 by Prentice Hall, Inc. 8-6 Outsourcing Information Systems Functions Outsourcing means turning over a firm’s computer operations, network operations, or other IT function to a vendor for a specified time.

Copyright 2002 by Prentice Hall, Inc. 8-7 Focus on core businesses: In the 1980s, this led to huge amount of merger and acquisition activity. Shareholder value: Companies were “priced” based on their shareholder value, that is, their discounted cash flow, as a result of high-yield bonds that allowed a few people to buy a company and leverage it with debt. Management must stress value, they must consider outsourcing in all their nonstrategic functions. Outsourcing Information Systems Functions: Driving Forces

Copyright 2002 by Prentice Hall, Inc. 8-8 Buying their professional services: planning, consulting, building, or maintaining application, network and training Buying their products:- with or without training Buying their transactions: e.g., payroll checks, credit rating Systems integrator: to handle planning, development, maintenance, and training for IS project Outsourcing: time-based contract for IS activities Outsourcing Information Systems Functions: Customer-Vendor

Copyright 2002 by Prentice Hall, Inc. 8-9 Figure 8-2 Shows how IT has moved from the more traditional professional services category to outsourcing. Changes: IS Management loses an increasing amount of control Vendors take more risk Vendors’ margins improve Choosing the right vendor becomes more important Outsourcing Information Systems Functions: Customer-Vendor

Copyright 2002 by Prentice Hall, Inc IT outsourcing Transitional outsourcing Best-of-breed outsourcing Shared services Business process outsourcing E-business outsourcing Application service providers (ASPs) Outsourcing’s History

Copyright 2002 by Prentice Hall, Inc Typically, parties establish layers of joint teams. Top-level team: final word in conflict resolution Operational team: oversees day-to-day functioning Joint special purpose teams: created from time to time to solve pressing issues Committees: oversee the use of formal change management procedures Managing Outsourcing: Organizational Structure

Copyright 2002 by Prentice Hall, Inc The foundations of governing an outsourcing relationship are laid in the contract. Service Level Agreement (SLA) Responsibilities, performance requirements, penalties, bonuses Managing Outsourcing: Governance

Copyright 2002 by Prentice Hall, Inc Recommendations to manage day-to-day interactions: Manage expectations, not staff Realize that informal ways of working may disappear Loss of informal ways of working may add rigor Integration of the two staffs requires explicit actions The best way to manage day-to-day is communicate frequently Managing Outsourcing: Day-to-Day Working

Copyright 2002 by Prentice Hall, Inc Buying parts and services that go into one’s own products and services Assisting one’s suppliers to improve their product and services by generally improving their processes Managing Outsourcing: Supplier Development

Copyright 2002 by Prentice Hall, Inc Threats (see 2000 Survey – Figure 8-5) Organizations are under attack from inside and outside their electronic perimeter Attacks are being detected Attacks can result in significant losses Defending from attacks requires more than the use of information security technology Security in the Internet Age

Copyright 2002 by Prentice Hall, Inc Approaches hackers use: Cracking the password Tricking someone Network sniffing Misusing administrative tools Playing middleman Denial of service Trojan horse Viruses Spoofing Security in the Internet Age: Hacking

Copyright 2002 by Prentice Hall, Inc Authentication: verifying the authenticity of users 2.Identification: identifying users to grant them appropriate access 3.Privacy: protecting information from being seen 4.Integrity: keeping information in its original form 5.Nonrepudiation: preventing parties from denying actions they have taken Security in the Internet Age: Security’s Five Pillars

Copyright 2002 by Prentice Hall, Inc Three techniques used by companies to protect themselves Firewalls: Control access between networks Used to create intranets and extranets, which only employees and authorized business partners can access Implementation Packet filtering to block “illegal” traffic, which is defined by the security policy… or By using a proxy server, which acts as an intermediary Security in the Internet Age: Countermeasures

Copyright 2002 by Prentice Hall, Inc Public key encryption: A third party issues two keys for a person and then manages the keys. 1.Private key: is meant to be kept secret and is used by the person to send and receive encrypted messages. 2.Public key: it is made public and can be used by anyone to send an encrypted message to the person with the private key, or to read messages from that person. Security in the Internet Age: Countermeasures

Copyright 2002 by Prentice Hall, Inc Virtual Private Networks (VPN): maintains data security as it is transmitted by using: Tunneling: creates a temporary connection between a remote computer and the CLEC’s or ISP’s local data center. Blocks access to anyone trying to intercept messages sent over that link. Encryption: scrambles the message before it is sent and decodes it at the receiving end. Security in the Internet Age: Countermeasures

Copyright 2002 by Prentice Hall, Inc Three ways to use VPNs: 1.Remote Access VPNs: give remote employees a way to access an enterprise intranet by dialing a specific ISP. 2.Remote Office VPNs: give enterprises a way to create a secure private network with remote offices. The ISP’s VPN equipment encrypts all transactions. 3.Extranet VPNs: give enterprises a way to conduct e-business with trading partners. Security in the Internet Age: Countermeasures

Copyright 2002 by Prentice Hall, Inc Disaster Recovery Alternatives Used By Companies: Multiple data centers Distributed processing Backup telecommunication facilities Local area networks

Copyright 2002 by Prentice Hall, Inc External Disaster Recovery Available for Companies Integrated disaster recovery services Specialized disaster recovery services Online and off-line data storage facilities

Copyright 2002 by Prentice Hall, Inc Lessons Learned in Disaster Recovery Consider the risks of a natural disaster in selecting a data center location. Create a plan to return to the primary site after a disaster. Do not expect damaged equipment, disks, and tapes to always be replaced, monitor equipment. Plan for alternate telecommunications. Test site under full workload conditions. Maintain critical data at the alternate site.