How digital transformation is disrupting IT outsourcing
Digital transformation is the business goal du jour. And while the increased adoption of social, mobile, analytics, cloud, autonomics, robotics and Internet of Things technologies is creating tremendous opportunities for the enterprise, it’s also introducing new risk.
Most notably, these emerging technologies are impacting on how IT organizations interact with their IT service providers. These newer solutions tend to be less customizable, more scalable, less expensive and more automated than traditional outsourced services. They often require less deal-specific investment and the services may be shared among many customers. Thus, the outsourcing contracts that govern them must evolve in order to continue to create value and mitigate risk for the IT outsourcing customer.
We talked to Brad L. Peterson, partner and co-leader of the business and technology sourcing practice of law firm Mayer Brown, about how new digital services are disrupting the IT outsourcing industry and the way in which businesses investigate, buy, negotiate with, select and manage providers of these technologies.
What goes wrong for customers who use traditional sourcing approaches for digital age services?
Traditional sourcing also focuses on the cost of meeting requirements. Digital age services often cost more but provide new benefits such as new big data insights, connections to mobile customers and flexibility on volumes.
Yesterday’s contract will not meet your needs for digital age services. You can’t rely on traditional assurances on good and workmanlike performance by qualified people when the services are performed primarily by machines.
What sorts of new issues and risks do these digital age services present to IT outsourcing customers?
Peterson: The customer tends to bear the risk of gaps between what the customer needs and what the product does.
Little has been done to integrate digital age products with corporate ecosystems. Someday—perhaps—middleware will catch up. But today that means new needs for the customer to integrate disparate systems or to hire an integrator to do so. Digital age providers often make little commitment to provide reliable services for long periods of time. Many are new companies or experiments by established companies. Thus, customers are at risk of business disruption as the digital age providers change their business models or simply fail to deliver.
Are there new sources of critical legal risk?
Peterson: Cybersecurity and data privacy are critical concerns. Many digital age products are weak in those areas, and many digital age providers make few promises that their systems are secure. The Internet of Things is full of insecure end-point devices. Your cybersecurity is only as strong as its weakest link, and its weakest link quite likely is a digital age supplier.
You can lose substantial value to your digital age providers by allowing them to analyze your data and resell your business insights. Watch out for clauses allowing digital age providers to use your data in aggregated form to improve their services (such as selling insights from your data).
Spreading your data around, particularly to providers without effective data management, risks violations of laws such as those governing export control, responding to discovery requests in litigation, and compliance with privacy laws.
How should businesses prepare their sourcing strategy and policies when contracting for these newer technologies?
Peterson: Businesses should start with a digital age sourcing team with roles for IT, information governance, procurement, finance, legal and the business units. Letting any one group lead [this effort] is risky. IT alone will tend to buy the hottest products, which will be risky, overpriced and not meet the business need. Finance alone will tend to buy cheap products that cost a fortune to integrate and eventually fail to deliver. The business units alone will tend buy risky, overpriced products that don’t work well for the enterprise. Information governance and legal, left alone, will reject too many digital age services because of their focus on risk not possible benefit.
Then, the business should develop a digital age sourcing model that focuses on risk andbenefit. Risks should be identified, assessed, mitigated operationally and contractually, and then weighed against benefits. The digital age products might not meet requirements, but the risk may be manageable and the benefits worth pursuing.
To move at a digital age pace, [businesses can] create contracting templates that work for digital age services. Those should be in plain English, easy to use, and recognize the standardized and automated nature of digital age services.
[Customers should never] agree to “cloud terms” even if they are “market” in consumer contracts or your company has accepted them in low-risk applications and no-leverage negotiations in the past.
To prepare for integrated digital age services, [it’s also important to] amend existing contracts with current outsourcing service providers to include cloud provisions and integration responsibilities.
What can companies do about existing digital services deals that weren’t set up with this level of rigor and risk management?
Peterson: Large companies tend to have hundreds of digital age contracts. A small fraction of those were negotiated; the vast bulk were entered into by individuals or business units with little review. Many are being used for sensitive data—perhaps in violation of laws, contracts, or company policies. Consolidating those to a limited number of providers of each service under negotiated master agreements can dramatically reduce risk and increase value.
What about the ongoing governance of these digital age deals?
Peterson: Most companies are not ready to govern digital age services contracts. The traditional model for governing services contracts relies on having designated people to talk with regularly. Often, that’s not part of the digital age model. The robots will not attend the change control meetings to explain that they will break if a change is made. You’ll need to negotiate new [governance] models.