Case Study

  • Business Process Outsourcing - is it an expense or there is a profit? - Part 2

    In the previous article, we've discussed very typical cases of Business Process Outsourcing. You can check them here: BUSINESS PROCESS OUTSOURCING OF SOFTWARE DEVELOPMENT AND RELATED SERVICES - IS IT AN EXPENSE OR THERE IS A PROFIT?

    We've already checked what are the benefits of Fixed Price, Cost Plus, Subscription, and Dedicated Team models. However, there are some more for the consideration: Hybrid Models.

    • There can be a certain, notable discount
    • A vendor's team is already motivated and aiming at a positive business impact
    • There is no need to check the day-to-day performance of the team
    • The business should negotiate a percentage of revenue or equities to be dedicated to the vendor
    • Risks are mitigated to all parties
    • Business Process Outsourcing can turn into a long-term profitable partnership

     

    Outcome-Based Model

    It can be a sort of a Fixed Price Model, however, normally, it is related to a Dedicated Team Model. In this case, the Business Process Outsourcer takes the whole process from the very top to the bottom. This makes things a little bit less transparent, but lets this team focuses on what's valuable, unleash their innovative potential and all above for a very good discount on their services in exchange of bonuses for a good job done by the team, basing on the real business value created. In some cases, like Digital Marketing, there is a set of standard ways to calculate an Outsourcer efficiency. For other cases, for instance, the product development, it's more complicated, despite a very clear number related to self-cost and profit margin. There is still a wide range of negotiation.

    Concluding this

    • There can be a certain, notable discount
    • A vendor's team is already motivated to achieve a positive business impact
    • There is no need to check the day-to-day performance of the team
    • The business should negotiate a percentage of revenue to be dedicated to the BPO vendor in case of positive business impact

    Shared Risk-n-Reward

    This model is a sort of Outcome-Based Model, just it's normally more specific to startups. In exchange for a discount flat-rate the business for an agreed portion of equities. Indeed, in this case, Business Process Outsourcing turns to Partnership, however, that's a great definition, how Fixed Price risks can be mitigated to both sides with a win-win solution.

    Well, benefits are generally the same as in case of an Outcome-Based Model. Besides this, a startup or business can get a considerably big advantage:

    • The one single reliable technical or operational partner instead of a well-known endless story of many vendors one-after-another.
    • Risks mitigated for both Business and Vendor
    • A possibility to make a long-term partnership of Business-Operate-Transfer
  • Business Process Outsourcing - What if customer barely overdue the payment?

    What if customer barely overdue the payment?

    Well, certainly someone screws something badly. Basing on our experience there are the following strategies with different types of our customers:

    Strategic customers, they work with us for more than a year in a happy synergy.

    Everything can happen. In our case, it was a glitch on the postal service, so the letter with a check was wondering in the wilds for almost 2 months before it returned back to them. We’ve together learned lessons of this case, now they are using ACH - everything works smoothly.

    Conclusions:

    • There is no need to start a mess with a strategic customer, just because one payment got delayed, moreover, it wasn’t their fault.
    • Learn the lessons, make necessary changes and keep moving in synergy further.
    • Long-term relationships are impossible with a nervous background. Business Process Outsourcing (BPO) requires patience, understanding, and synergy.

    All payments since specific date were delayed. The last invoice overdue far away.

    Allegedly, this customer has a sort of financial issues, financial creep and according to our experience, it’s better to have a call with him and together decide to freeze the software project until financial flows on his side will be fixed. For instance, one of our customers got his accounts frozen in the bank, which started the business dissolving process. He had far bigger problems because all his savings were frozen there. Sad, isn’t it? Well, it happens even to best of us.

    We’ve continued his mobile application development project in 2 months. No more delays, he is one of our best strategic customers already.

    Conclusions:

    • Even the best customers can eventually experience problems.
    • Chat with them. Define a mutually beneficial way.
    • It’s never late to start building synergy. Business Process Outsourcing (BPO) should issue as less “alienation” problems as possible

    Customer rejects to pay for a specific delivery.

    Well, that’s definitely a good lesson to learn. First, check with the customer “what’s wrong?” There were cases when our accounting made a mistake, or a customer had a wrong vision. A couple of times it was a misunderstanding between our development team and customer.

    But a couple of times it was weird. You know these strangely demanded customers, which are inventing new requirements during the call with them.

    Secondly, keep calm, be a bastion of calmness. Emotions will just screw things rather than solve them. Make sure, that your team completed everything according to the executed agreement and inform this customer that if the invoice won’t be paid by the end of the month, the late payment penalty 1.5% a month will be applied to it since 31st day. Discuss with a business owner this issue, perhaps, it’s not a bad idea to freeze the development of this project. Finally, inform the customer, that your company doesn’t like this, but now it owns a certain percent of his software project IP.

    That’s a scourge of all software development Business Process Outsources. More you are in this business, more IP rights left in your pocket by those who won’t pay for a specific (in many cases final) delivery. That’s not bad news, nor good - that’s a fact. In case the idea is good - you can become a new technological startup. Conclusions:

    • Rejected delivery is a scourge of all Software Development Business Process Outsources
    • Check what’s wrong? Sometimes the problem was issued by your colleagues. Fix it!
    • If you did everything according to the executed agreement - make a margin call with a customer, explain him everything, remove any sign of misunderstanding or miscommunication
    • Finally, if you did everything right, but there is no payment, yet. Check with your business owner/escalation point - if you can press on penalty charges/development freeze.
    • Collect the IP. Perhaps, it can be a diamond. Moreover, normally such cases are happening, when your customer loses a fate in his product and just want to limit his financial loses by dodging your invoices and calls.

    To be continued

  • Business Process Outsourcing of Software Development and Related services - is it an expense or there is a profit?

    Well, the truth is - according to bookkeeping and accounting - it can be a capital expense or, in many cases, that’s an operating expense. However, that’s far from the big picture.

    Business Process Outsourcing of Software Development and Related Services can bring the following benefits:

    • Save a fortune on inventing and building an own product, service or infrastructure from the scratch
    • Leverage of ready infrastructure and service “here and now” for a very reasonable pricing
    • Avoid wasting money on high-level expectations
    • "Fixed Price" for an Expected Revenue


    So, let’s check the bigger picture using the most common cases.

    #1 A Subscription Model

    subscription model

    As a business manager or head of a specific department of the corporation, you perhaps using one or more subscriptions or business process outsourcing services. It might be cloud services you are renting, online ads, pay per click, telecommunication services or even delegating Customer Support Level 1, Level 2, Level 3 to your vendors.

    It is a normal, a usual service for the definitely fair pricing. Indeed, it’s cheaper to delegate this to the vendor than to build the whole infrastructure, which will cost you a fortune, moreover your business or corporation is targeting a very another market and IT services are far from the primary focus. So, the subscription model is very cost efficient and saving a small fortune for you and your corporation every month, every quarter, every year.

    It removes from your sight all problems and mechanic of the service making possible to build your own business on top of it. Huge retail corporations are building their online stores, increasing efficiency of their logistics departments, multiplying their annual sales and all this for a very reasonable price, thousand times less comparing it to the investments they have to make doing it as a part of their business, here and almost now - for sure it’s faster to take something existing and already operating in a business as usual mode. By the way, Business As Usual (BAU) is a yet another long story related to established and constantly tuned business processes inside this “black box” of business process outsourcing resulting a very complex and specific Service Level Agreement (SLA) for the customers.

    All above made a possibility of the creation of a couple more types of Subscriptions models:

    • Transaction-Based Model - customer pays per actual transaction
    • Managed Service - customer pays for specific SLA

    For instance, Am-Pro provides Managed Service of cloud support and maintenance (W33 package). Let’s conclude this section.

     

    Subscription model - is a sort of business process outsourcing, based on a reasonable price. It can give your business or corporation a leverage of ready infrastructure and service “here and now” for a very reasonable pricing.

     

    #2 A Fixed Price / Cost Plus Model

    That’s a typical project model when a customer really knows in details what’s required. A “Fixed Price” for a set list of requirements. Indeed, it was good 20 years ago, therefore any uncertainty in requirements leads to the “Cost Plus” model, which anticipates a certain, specific percent of a contingency budget for everything unexpected.  So, by the end of the day, there is a complete product or functional module ready for a “Fixed Price/Cost Plus” capital expense made. Indeed, the “Fixed Price” doesn’t mean “Fixed Risks”. the final product can be of a very different quality: a Proof of Concept, a Minimal Viable Product or a Product/Functionality Ready for the Market or an Internal Client. For sure, basing on our experience the final product requires some back-n-force iterations to make it apt and ready. Nevertheless, that’s normally expected in our quotes.

    So, what’s is a benefit for a business by the end of the day? It depends. For instance, if there is a great visionary, (imagine Steve Jobs) there is a real roadmap from an expense to a revenue and a profit. if the business has no visionary - we can help with our vision and potential benefits. For instance, let’s imagine that a telecom company wants to put their products and services on Blockchain rails. There are several potential futures:

    1. the market will resist. regulations will make a product roadmap very complicated. Finally, the return on this investment will be doubtful.
    2. there are anticipations, like that blockchain, by its nature, will eliminate almost all frauds, which aren’t supported by real algorithms and processes. By the end of the day, pink dreams will dissolve in a hard as a rock reality, that vast majority of frauds is not related to the field which was “Blockchained”.
    3. there are a clear vision and understanding, based on a real experience of implementation. The conservative numbers of how it can positively impact the business. For instance, the same Blockchain and the well-known “Blockchain for a Supply Chain” architecture can be used. All benefits are well-known and can be easily calculated. As result, a business will receive a very apt tool, save some operating costs, and receive a certain competitive advantage on the market.

    Conclusion:

    The Fixed Price / Cost Plus Model requires a clear understanding of the benefits. A Requestor must have a visionary or use an expert visionary. This way it’s easy to place the correct expectations and calculate a final ROI of any project, therefore it will be a "Fixed Price" for an expected Revenue.

    By the way, after the project is done the subscription model, related to technical support, cloud and other related services can be applied.

     

    The next article about BPO is here >>

  • Cyber Security Incident - Scamming

    scamming

    Introduction

    We have a tradition to start the working day with a cup of coffee and call with our lovely customer or associate. Just after this, I've got informed that there is a potential customer requesting us. It's an amazing start of the day, right?

    The message

    I've opened the message, it was brief and inspiring:

    Hello, I'm Jennifer I wanna know if you can handle website design for a new company and also if you do you accept credit cards? Thanks

    But something was not right. I felt discomfort. So, I've examined this message once again. And discovered, that Jennifer Webb has the e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. Well, who knows, maybe that's her nickname, right?. So, I've decided to google for this e-mail address. Fortunately, about a year ago this case already happened to another web development studio: SearchRank Special thanks to Devid Wallace.

    How does it work?

    Sure, as a vendor you are interested in obtaining a new customer. Credit card payments interface accessible for your business via PayPal, Square, Quickbooks. Why not? Moreover, "customer" is paying in advance, leaving tips and transferring more.

    According to our stats, about 20% of people will gladly and happily accept this proposal. Unfortunately, the level of awareness is too low, to prevent others to be fooled by these scammers, but what we really can do - is to spread this information further. So, at least these, who will google, can read and avoid financial loses.

    The scam is really simple.

    • Somehow they aren't able to wire payment to the vendor, but the vendor can charge their credit card. By the way, maybe this is a real, but stolen credit card.
    • The vendor is charging them and they accept the payment.
    • Now the vendor has to transfer $XXXXX to their designer.
    • Next day the transaction will be declined by the bank.

    What to do?

    Just ignore this. If you have a doubt or want to play with these scammers - check with your Cyber Security Expert what you can and what you shouldn't do. But better - save your time and ignore scammers. Actually, that's exactly what they will do if they'll get that you are just playing with them.

    Be careful!

    Be aware!

    Be safe!

  • Cyber Security Incident - What to do?

    Security Breach

    What to do if you've got breached?

    As every good thriller, this one started from the call. Our local partner called me about his associate insistingly dialing him and texting about a security incident. He mentioned, that he will really appreciate if our security team can handle this request. As the typical unaware victim of the thriller I've said: "Of course!" and answered the call. Indeed, I never mind about helping our local partner and his associate. So, a bright, shiny, and sunny day of business as usual stops right now and the action begins!

    Hacker steals pocket

    The Threat.

    Through more than 10 years we passed through a few hundreds of security incidents. But it was only a second one when the cybersecurity intrusion has been followed by breaking in a customer's premises.
    Yeah, you can see there is nothing fun with this. Imagine that credit card information of several employees has been stolen, website was showing weird images, other people got contacted from accounts, related to this company in Linkedin, Facebook, Twitter, regarding financial help, accounting department laptops got compromised and out of control and finally, someone broke into the security room and perhaps to other premises, switched off surveillance and stolen all records related to this day.

    Even having a good experience with such incidents, that's too much.

    By the moment we've arrived at the customer's office, they've already called the police, called the bank and blocked their credit cards, shut down the office internet. The action involved me and all our cybersecurity team in this action thriller.

    So what was right on this stage and what was missed:

    • Call cybersecurity consultants. CORRECT. Indeed, you need to have experts to get the situation under control without any delay.
    • Call the police. CORRECT only if somebody broke into your premises. The police can potentially react on cybersecurity threat and perhaps, in future, they will do this as a part of their day-to-day duties, but now - they can start an investigation only if your privacy has been violated, life or health is in danger, something has been stolen.
    • Call the bank and block the cards. CORRECT. In fact, even if no-one made an attempt to use your credit cards after the security incident - it's a very good idea to mitigate the future risks and change your credit cards information. For sure, the future will be less insulting to you.
    • Shut down the office internet. Not quite correct. From one point of view, it's overreacting. From another, if the malicious software is already in your office - it still can spread through your computers and other devices connected to the intranet. Nevertheless, compromised computers should be turned off for sure. Their hard-drives should be removed for further investigation. They may have evidence regarding this intrusion.
    • Gather all your employees. Inform them about the threat. According to statistics about 25% of confirmed cybersecurity incidents happened with the assistance from inside. In our case, if there was an intruder, who'd hit the surveillance room (which was in the basement, there were no people inside, an intruder had a key) - the probability of the "mole" assistance is ~99%.
    • Record any and all evidence of the intrusion.Hackers will wipe out all signs of their presence as soon as they can. They only thing they are afraid of is exposure. Make a photo, screenshot, video, save the log file in another place. Anything with timestamps will help the investigation and will be included in forensics.
    • Mirror log files, surveillance data, and key business information in another place. You already know that Hackers don't like exposure. If they will note that they can't hide their presence and/or it's very complicated - perhaps they even won't try to breach your infrastructure. Well, sure, if they are smart enough.
    • Inform all and everyone that your social networks and/or e-mail accounts got compromised. Block these accounts or Change passwords to automatically generated strong passwords ASAP. As soon your associates and relatives will be informed - they won't do mistakes and less impact to your environment will be.
    • Inform your customers/business associates about such a force-major incident ASAP. For sure, the business will be paralyzed for a while. Some deliveries will miss the date. Some important calls and meetings will be missed. It's better to let businesses linked to you know about this than wonder about your reliability. They also can eventually know about this, so your silence can be associated as an attempt to hide the impact to their business.
    • Point the address to the website out from the compromised one. This is not only the bad PR for the company if the website got compromised - it potentially can be used by intruders for their own objectives. So, just cut this threat out until the further investigation.

    To be continued

  • Massive Cyber Attack: First things to do

    massive cybersecurity attack

    DO

    DON'T

    • Keep calm. You've got them!
    • Start panicking
    • Shut your PC/Laptop/Phone network off OR switch off the hacked device. 

    You should store as much evidence as possible. The best way for this is to shut it down and let the professional specialist to the job. 

    • Actively struggle with hackers over your mouse and keyboard.

    Every second of struggle-out is giving hackers a chance to wipe all the evidence out.

    IMPORTANT: Before the reporting make sure that you really (I mean REALLY) sure that you are under attack.

    Agency is getting hundreds of thousands of requests a year. The major portion of them is actually not related to cybercrime.

    • Call the police (despite our high respect for them)

    Police are working over the specific location, also called Jurisdiction.
    The local police are responsible for the city.
    Sheriff's office is responsible for the county.
    Highway Patrol is doing their job through the state.
    Cyberworld in the majority of cases is world-wide. That's definitely fallen out of the Police responsibilities. At least for now.

    • Backup everything to the external device 

    You should store as much evidence as possible.
    The crucial part of the evidence is stored on a hacking device. Ask the related specialists to store the image of your hard-drive or backup of your phone to external storage.

    For All Apple Devices - Contact and Visit the nearby Apple's Genius Bar

    For All Windows and Android Devices - Check the closest computer store with Customer Support. For instance, Best Buy has Geeks team available for that.

    • Wipe it all out

    This is exactly what hackers need.
    They will really appreciate if you destroy with your own hands.

    • Stop using the hacked device. Switch it off completely. Take the new one.

    Ideally, the hacked device is evidence of someone's illegal activity. It should be stored and given at a certain moment to a law enforcement agency. However, you need a mobile phone and computer to communicate with your friends, family colleagues.

    If you can - you should buy something new.

    If you can't buy a new one - you should re-install all the compromised devices from scratch. However, first things first - backup all evidence to the external hard-drive.

    If you need to do something immediately - use the nearest library, there must be computer stations available for everybody.

    • Keep using your hacked device

    More time you are using your hacked device - more chances you are giving to hackers to get your personal information: ids, social security, credit cards, photos, videos, documents, and all your friends and family contact information. This way, the attack can go on, spreading through the people you trust and value more than others.

    • Inform everyone about accident ASAP

     

    Inform everyone that hackers are operating your devices. It will save a lot of time, nerves and money for everyone.

    Moreover, there can be people who can volunteer and help you with this problem. Nobody knows the real power of their network unless they try it, right?

    • Tell anyone about the attack

    Don't tell anyone about the attack, so they'll be surprised when hackers will start sending them messages from you asking for financial support. 

    They will be even more surprised when they'll open a link sent from your device and will get compromised or Identity theft.

    •  Get control over your online accounts

    ATTENTION! Make sure that you are accessing your online accounts from the safe environment. Don't use hacked devices to change your passwords - this action will have no sense, moreover, it will grant intruders with your new passwords, so you will just waste a time.

    Using new devices - change all the passwords starting from the most critical iCloud, Gmail, Dropbox, etc.

    • Leave your online accounts for hackers

    That's definitely what has a special value for hackers. Online accounts, especially iCloud, Google, Gmail, Outlook, Yahoo tall of them and any of them is a gold mine of personal information, confidential information, identity, passwords, keys. Through it, they can dig down to get access to other accounts, for instance to the bank account.
    In many cases, black-hats are ransoming people with their private pictures. It happens not only for celebrities.

    •   Keep everything safely stored

    It's just common sense. No-one will store their money on the open space, right? There are banks for this, right?

    Keep keys and passwords in a specific system like iCloud Keychain (we recommend it for iOS, MacOS Users) or one of these solutions reviewed by CNET.

    Gmail, Yahoo - great services for e-mail storing. By the way, they are providing the history of IP addresses, which accessed every specific account. [HINT: we've got a good portion of blackhats screwed there]

    However, unfortunately, there is no such thing as an encrypted mailbox, yet.

    So, let's switch to safe storages. Actually, we are normally recommending the local SAN storage. Simply speaking if you heard about Apple TimeCapsule - that's SAN. There is an overview of SAN solutions from PCMag.

    Finally, there is a wide variety of Cloud storages. You can read about the best for this year reviewed by PCMag here.

    Finally, to keep all this safe you have to change all these passwords. HINT: start with a keychain or other analogues. It will save your time to save all these new passwords.

    •  Think that hackers need only money from you

    If no one is asking for money, then the objective wasn't about ransoming attacked person.
    Perhaps, someone already paid for it, because there are no hackers willing to risk spending 30 next years in prison just due to curiosity "what's stored in pictures on this laptop?"

    In some cases, they are aiming documents, contractual relationships or just get your systems down, so you won't be able to do something.

    Be cyber-careful!

    Be info-aware!

    Be safe!

  • Social Engineering: Exploiting Fears

    Social Engineering

    Social Engineering

    According to Wiki #SocialEngineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

    How it works?

    Imagine that something weird is happening to someone's website. What will you do? In fact, the real answer does not matter, because now you know that it happens.

    Now imagine that your associate or friend has got his website hacked. How do you feel now? With an 80% probability, you'll be sorry. But what's matter - since this very moment you'll be sure that it can happen to you too.

    Finally, something weird is going on with your website or computer.

    THAT'S THE STARTING POINT

    If you know something about it and definitely confident with it - good for you, so you can calmly investigate, understand and fix it.

    If not - you'll decide to google for security protection tools, actually, like you did last time with antivirus software [which in fact is really useless without other cybersecurity tools] last year. For some time you'll feel quite confident and protected until things will turn to even weirder. So, what's up?

    THE CON

    In many cases the spyware, rootkits and trojan horses are quite hard to market, right? Like my marketing friend said once "Do you know what is the difference between a rat and a squirrel? No? Squirrel has better marketing". It works definitely the same way with spyware, rootkits, and trojan horses. They are never marketed as "a rat". They are always aggressively promoted as "a squirrel". Moreover, the FREE squirrel. These people think "Why have I pay for the subscription or the product from a well-known source if there is one FREE?!"

    The con is inside. Nobody will agree that he is not smart. Everybody thinks that he is smarter than others. You should know this feeling, right? So, what "smart" people do? Exactly, they are doing smart things and downloading free. Because Free is Cheaper.

    THIS POINT IS THE LAST ONE TO TURN AWAY FROM IMMINENT PROBLEMS

  • UI/UX experience, August 2018


    UI/UX experience, August 2018

    UI/UX is a very enjoyable job. Indeed, it takes time to put all the components in their places. But finally, when it looks amazing, there is tremendous satisfaction with what has been done.

    So, why UI and UX are so important?

    , First of all, it gives the website its unique spirit. Ok, except these cases, when the pure and simple template is used. But even in this way, a skilled web designer can make a miracle. But the UX expert can make the magic of far highest level - put everything in such way and order, so a random visitor will have no chance to dodge site goals.

    That's the way we are doing.

    So, if you are our customer, what can you expect?

    As the initial step, we'll listen to your idea and your vision. For instance, if you are going to make a luxury-looking website - there is no way to propose a cheap-n-fast design. Likewise, there is no need for luxuriously and beauty, if you have a limited budget and looking for something fast-n-cheap. Additionally, you apparently have a vision of which fonts and colors you want to see.

    As the second step, in a day or two, we'll provide you with sketches, so there will be rough visibility of how the website will look like at the end of the day. For sure, your inputs are very welcome.

    At this certain moment of time, our UX/BA specialist will be curious about landing pages and the process you around your site. That's, the UX specialist's job is focused on routing site-visitors to this goal.

    Through a couple of iterations, the first version of the design will be ready and approved. So, it can be finally implemented and put to live.

    For some cases, the whole process of website creation takes 2 weeks. More complicated cases will take up to 3 months. In average, the first version can be put to live in 1 month since the very beginning of the process.

    Contact us with your inquiry.

     

    Enjoy!

    The link on a video

    Request our Quote.

×
×