Winning an assignment is an important milestone in a business cycle, but delivering it to expectations of the client makes the business repetitive and adds more scope for diversification in length and breadth. As for any delivery unit in a classical IT organization, the Enterprise Vulnerability Management (EVM) group within TCS-ESRM faces the typical delivery challenges. I would like to state these challenges using a case scenario and aim to bring to light, the additional effort each individual of this unit had to strive (beyond levels) to ensure timely and appreciable result.
Citing a recent requirement of a global financial service major in US Geography that came to TCS having plethora of applications across technologies to be security assessed in a short time frame. Due to market competition and aim to achieve margins, stringent timeline are committed, which not only added to the pressure to deliver on time but also kept a constant pressure to maintain the same level of quality to the deliverables.
The client being prestigious & to be a new logo, TCS-ESRM called for deploying the right skillset to make the impact. The customer kept on changing the start date of the assessment due to delay at their end. This led to a problem of managing & holding onto the right resources (the combination of right security experts and tools at the right time). Aspects of budget inadequacy, to procure tools and lengthy approval and procurement process added to the delay.
Client’s expectation of carrying the assessment from one of their captive unit was another challenge. Mobilizing and setting up a team with scarce skillset within a lead-time of 2 weeks is never a mission possible target these days. It took great effort to convince the client for an alternate delivery location, allowed for an independent security audit of the remote site and provided the requisite assurances of a secure assessment process.
As this was a grey box assessment, business workflow knowledge and inputs from application team was required on a frequent basis. The assessment was carried from offshore location, whereas the application team was available during US time zone. So a technical coordinator was required to stich the communication gap. However lack of VISA ready associate(s) to travel to US didn’t help the cause. All communications had to be setup during late offshore hours towards clarifying any doubts related to the application functionality or issues.
Management of the EVM delivery by account team resulted in additional work for EVM team, like agreeing to client’s demand for ad-hoc status reports without consulting EVM SPOC, scheduling of un-timely calls at shorter notice, multiple status updates to different stake holders etc…
I believe that the challenges will keep repeating itself in one or the other form, so a proper governance model with appropriate communication modality is the call of the hour for a smoother delivery process.
What do you think about the challenges discussed? Tell me about your views of handling situations.
Views by Somen Das
Rate this article: