SmartAdvice: Tracking IT's Value - InformationWeek
Software // Enterprise Applications
11:10 PM

SmartAdvice: Tracking IT's Value

The Advisory Council suggests you consider new approaches to managing these initiatives: Measuring IT investments, Windows rights management, and selecting vendors.

Topic B: What are the pros and cons of Microsoft Windows Rights Management as a solution to the leakage of confidential information?

Our advice: Windows Rights Management Services (RMS) is a viable, near-term solution for the leakage of confidential information, provided that:

  1. You're a 100% Microsoft shop--PCs, servers, and applications.

  2. You're comfortable being an early adopter of new technology, since not only will you have to patch the inevitable bugs, you'll also have to integrate RMS into your server-based applications.

Related Links

Windows Rights Management Services

Who Needs To Know?

XrML (eXtensible Rights Markup Language) Digital Rights Language for Trusted Content and Services

OpenIPMP Open Source Rights Management

For businesses not meeting the first criterion, there are other alternatives. Business-content-oriented (in contrast to entertainment-oriented) rights management vendors such as Authentica, Liquid Machines, and SealedMedia offer support for various non-Microsoft platforms and applications. Businesses committed to IBM servers and applications should consider IBM's Electronic Media Management System. And OpenIPMP provides an open-source alternative for rights management--not an oxymoron!--for businesses preferring open-source technologies.

Businesses not meeting the second criterion face a more delicate decision. Rights management isn't yet a mature technology. Although standards such as XrML (eXtensible Rights Markup Language) do exist, support for them is spotty among available products. Interoperability between different vendors' rights management products is almost nonexistent. And while RMS protocols are included in Microsoft's Intellectual Property Licensing program, it's unclear if and when other vendors will support them, or if an open-source product can ever support them under Microsoft's licensing terms. Only you can make the trade-off between the risks of confidential information leakage versus the risks of implementing leading-edge technology.

-- Peter Schay

Topic C: What should we include in the vendor assessment and selection process?

Our advice: The key to any successful vendor selection is doing enough advance research and planning so that you're clear about the products and services you expect to procure. Remember also, unless you're purchasing a commodity, buying based on price alone isn't in your best interest. When reviewing a vendor, look at their match to your requirements and the best value to your business. The more advance planning and research you do, the better you'll be able to articulate your needs to the bidders so that they can respond appropriately.

Related Links

Project Management Institute

And no matter what you're purchasing, make a determination early on whether your relationship with the vendor will be as a partner or as a supplier. Although there are similarities between the two selection processes, their fundamental approaches are different. If you're purchasing supplies, systems, and software, then the vendor is a supplier, with a focus more on cost and on their ability to deliver. At the other extreme, if you're planning on outsourcing your entire IT department, you obviously need to develop a partnership, because the vendor will need to understand your business processes intimately. Creating a vendor partnership is much harder because you'll need to ensure cultural fit, equitable terms, and enforceable Service Level Agreements.

Remember: Without a repeatable and consistent selection process, however simple, it's nearly impossible to compare vendors and quotes in any meaningful way. (Obviously, you'll spend more time selecting a vendor for a $1 million IT department outsourcing partnership than you would if you were purchasing a couple of servers, but the same basic principles apply.) While you can modify the process to suit your business and the nature of the task, use the following list of process steps as a guide:

  • Gather user requirements and determine project scope;

  • Research the available products and vendors to verify general fit to requirements;

  • Create a list of important criteria and solicit vendor information;

  • Prepare a request for proposal that specifies the products and services you need so that the vendors can make informed and comparable bids;

  • Review proposals, paying attention to criteria fit;

  • Narrow the field to two finalists and negotiate with each; and

  • Award the contract based on best perceived value.

As long as your company has developed a workable process, the key to successful vendor selection is good advance planning and research. And the more informed you are about the product or service, the more satisfied you'll be with your chosen vendor.

-- Beth Cohen

About the authors:
Humayun Beg, TAC Thought Leader, has more than 18 years of extensive experience in business IT management, technology deployment, and risk management. He has significant experience in all aspects of systems management, software development, and project management, and has held key positions in directing major IT initiatives and projects.

Peter Schay, TAC executive VP and chief operating officer, has 30 years of experience as a senior IT executive in both IT vendor and research industries. He was most recently VP and chief technology officer of SiteShell Corp. Previously at Gartner, he was group VP of global research infrastructure and support and launched coverage of client/server computing in the early 1990s.

Beth Cohen, TAC Thought Leader, has more than 20 years of experience building strong IT delivery organizations from both the user and vendor perspectives. Having worked as a technologist for BBN, the company that literally invented the Internet, she not only knows where technology is today but where it's headed in the future.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll