Cost cutting in information technology looms over many corporate IT groups now, in these tough economic times.
We’re here to help by profiling tactical projects you can execute in a few weeks to a few months, reaping rewards almost immediately.
You have to be smart to keep your job. One way to display smarts is to seek and destroy all money-sucking technology waste at your company.
“Don’t tell me, show me,” is an apt saying in this context. IT managers don’t want to be told it’s crucial to business – and their jobs – to save money. They already know that.
They want to be shown how to do it.
In this feature we show you by example – examples of two well known North American firms used IT to save money…big time.
First learn how Lafarge, a $6 billion manufacturer of cement aggregate, concrete and pave, saved seven figures by dealing more deftly with vendors AT&T and Hewlett-Packard.
Then read how Gap, the clothing retailer, automated end-user access permissions, to speed up a tedious administrative process and save up to $1 million worth of the IT department’s time. And by the way, the project also helps Gap better comply with PCI and Sarbanes-Oxley regulations, which streamlines audits and avoids fines.
By reading this, you might just make yourself layoff-proof.
No one wants to overpay vendors, but Lafarge North America was.
Patrick Kys, VP of IT and CIO of Lafarge North America, thought he wasn’t getting the respect-that is, the pricing leverage-he should get from the company’s major suppliers, such as AT&T, HP and Microsoft.
Lafarge North America is a private company, owned by Lafarge Group SA in France, that makes concrete, gypsum and other construction materials. With $6 billion in sales, the Herndon, Va.-based company isn’t small potatoes.
But Kys and other senior managers didn’t know what level of discounting they could get and therefore weren’t sure they were as bold in negotiating as they could have been, Kys says. It’s hard for individual technology managers to get reliable information about what others are paying, he says, even from each other.
Vendor contracts often stipulate that customers can’t discuss pricing. Maneuvering with vendors around the negotiating table takes practice.
To gain perspective, Lafarge North America last year hired NPI Financial, a spend management consulting firm in Atlanta. Within several weeks, NPI had reviewed the company’s contract with AT&T. NPI then reviewed other Lafarge North America IT contracts and concluded that it was overpaying several vendors. Right away, the company set to work to get better deals.
NPI advises many clients and negotiates for some, collecting benchmarks on vendor pricing across industries while keeping individual client data confidential. Kys says he got the inside knowledge he couldn’t get elsewhere.
NPI representatives guided Lafarge negotiators, and sometimes stepped in to negotiate, in contract talks with AT&T, getting the vendor to “do better” on pricing, says Sepehr Kousha, IT controller at Lafarge North America. For a negotiation with Hewlett-Packard, NPI provided benchmarking, she says. “That’s very effective.”
“We took their arguments off the table,” Kys adds.
Lafarge is a big HP shop, using HP desktops, laptops, servers, printers, storage-area networking products and various types of utility software.
When it was time to renew maintenance and service agreements with HP, NPI spent two weeks assessing Lafarge North America’s current contracts against similar terms, conditions and pricing offered by third-party providers and against what HP was offering other customers, Kousha says.
“This helped us to not only improve our current-year prices but to also negotiate a multiyear deal, whereby our prices are not locked for the next 24 months,” she says. Those negotiations took about six months. That’s not unusual, as software pricing is not only costly but complex.
In a new networking and data telecommunications deal with AT&T, Lafarge gained “seven-figure savings,” Kousha says. She declined to provide specifics.
Kys adds that that savings was 20 percent more than he had anticipated. He credits NPI with getting that margin. NPI is paid a retainer, with some incentive-based fees as a bonus.
Telecom negotiations are usually intense, Kousha adds, but better informed, Lafarge staff persevered. “They try and wear you down and won’t come to a final price quickly. They try to make you give up,” she says. “We decided tactically to hang in there.”
Kys advises other IT leaders to add a controller or financial manager to the technology department. Most IT managers negotiate with vendors “sporadically [and] don’t have all the tactics to win.” Kousha reports to Kys, with a dotted-line reporting relationship to the corporate finance chief.
Next up for Kousha and Kys are contracts for storage equipment and Cisco’s Smartnet technical support.
Now we tell you about Gap, the clothing retailer, automates end-user access permissions, to speed up a tedious administrative process and save up to $1 million worth of the IT department’s time.
Closing The Gap
Compliance. You can’t avoid it and you can’t keep failing it. The best you can do is make it cheaper and easier and good enough to pass audits.
Anyone trying to comply with PCI and Sarbanes-Oxley regulations knows that passing an audit hangs on demonstrating that you control employee access to sensitive customer and financial data.
So it was at Gap Inc. Direct, which oversees the e-commerce efforts of Gap, Banana Republic, Old Navy and shoe outlet Piperlime. But controlling access wasn’t simple in a mixed environment of mainly Unix servers, including Linux, and various Microsoft Windows operating systems.
Gap Inc. Direct uses Microsoft’s Active Directory administrative tools. Among other features, Active Directory lets system administrators grant and control end-user permissions more easily than many Unix tools, says Jeff Arcuri, a senior manager of IT at Gap Inc. Direct.
Active Directory by itself doesn’t support Linux or Unix so Gap’s system administrators ended up having to assign employee permissions individually, to access different databases and applications, depending on the work they needed to do.
When it came time for PCI and Sox audits, auditors or system administrators had to collect the server logs manually to show who accessed what files when, for hundreds of servers.
They could automate bits of the process with custom scripts but still, start to finish, the ordeal required up to 10 people working at least part-time on every audit, he says.
To automate more of the process and free up systems administrators for more valuable work, as well as make user access permissions in this mixed operating environment simpler, Arcuri deployed an identity management tool from Likewise Software.
The software installation took about three months early this year and involved two to five system administrators at various points, Arcuri says. Installing identity management systems can help a company enforce policies for who can see what data.
Now the company has set up group profiles for several different kinds of employees, so administrators don’t have to configure profiles individually. Likewise also produces reports by user, by date and by server. The number of people working on a given audit has dropped to about five, Arcuri says.
“At the end of the day, we have to report on this stuff. The question was whether or not we could better our reporting,” he says. “Now we get more data in a faster time and a better return-people-to-work time.”
The implementation cost $400,000 but the company expects to see several hundred thousand dollars to $1 million per year in savings, mainly stemming from more efficient use of system administrators’ time, Arcuri says.