Interview with Sridhar Balaji, CEO of SourceSentry

SourceSentry is a company that provides solutions that ensure IT and business process outsourcing success. Outsourcing is a new paradigm in the IT world and people are just beginning to see the issues and problems associated with it. We provide a solution that reduces the risks and costs associated with IT and business process outsourcing.

Well, we started off as a services company offering risk management services. More and more of our customers kept coming back to us asking if we had a software solution that would enable them to track and manage their outsourcing concerns. Obviously, we saw the need for taking some of the technologies that we had developed and turning them into a product suite that would address this emerging problem. The new software solution will be launched in June ’05.

There are a number of issues that companies face from delivery to transition to different aspect of outsourcing itself. We focus primarily on the area of security and risk management. Companies are moving their non-core functions (accounting, financial processes) to outside providers that are able to offer these services at lower costs. With this also comes enormous risks. They now have customer and employee data that is being processed by an outside provider. They no longer have the same level of controls and the providers can put controls in place that are at times the least common denominator for all their clients.

Yes, we help determine the mismatch between companies? expectations and the level of service that is being provided. Sometimes it can be more and sometimes it can be less. This creates a risk for the company, which is the driver for our solution. There are a number of regulations that control how data needs to be protected, especially when you are dealing with financial processes.

Companies need ways to manage and mitigate the risk associated with outside individuals having direct access to sensitive data that needs to be tightly controlled. Otherwise, the company is liable if there is a breach or a problem with payments to a vendor. Any issues in this area will directly affect their financial information.

Regulatory compliance is a corporate necessity that drives the need for our service in the market place. After the collapse of WorldCom and Enron, companies are no longer able to say that “This was the best we could do” and “This is what we did. Today they have to show what due diligence they performed and due care they have done in respect to these processes. They may not be core to the running of the business but they affect the financials nonetheless, and are therefore critical for reporting.

There are a lot of standards that are available. The most important thing is for a company to understand their risk appetite or tolerance. These are areas where the enterprise is willing to take some risks and areas where it cannot or will not take any risks. Our first step was to set up a baseline for where they are internally, and then do assessments after the transfer of the services. The data points can range from access controls for actual buildings, to where data is being stored, to how secure their voicemail systems are. We realized that companies want to know where the providers are on an ongoing basis and needed a solution to facilitate that.

Our software simplifies risk management into four easy steps. The first step is to identify the outsourced activities and transactions. Once they are identified then you collect, quantify and analyze the data that the provider has for these activities. It is also crucial to understand the companies thresholds for each of the areas or functions that they are outsourcing so you can understand when their is a concern or issue that needs to be addressed. The last step is presenting the data in a dashboard, which we provide as a way for companies to continually track different providers performance. This helps them determine if the providers are also meeting the requirements within the Service Level Agreements.

We provide three key risk indicators. One is financial fraud, data and ID theft and service availability. If a company has outsourced their accounts payable to a company in China, our software collects data on the ERP systems. We monitor the system all the way from the application to the networks. There are also other pieces of information that we collect, which include the issues that happen between the two parties. Companies are also able to initiate risk surveys to the providers that is then analyzed and combined with the issues tracking and automated data collection, we get the data that provides an overview for how these partnerships are performing.

There is definitely a market for this service to meet those needs. However, we remain focused on the common utility outsourcing. 90% of the opportunity is related to business process outsourcing, which is also where the risk is very high.

Most of the data that we will be analyzing is extremely sensitive and many companies may be reluctant to go with an ASP solution. Nothing prevents us from providing an ASP solution as our technology is definitely able to handle this approach, we just feel that companies would want to maintain this capability internally.

Our goal is for direct sales to the end companies, but the better strategy is to sell to the providers as a differentiator and value add for their services. One of the largest outsourcing providers in the world validated our model by coming to us to see if we could provide a level of reporting for these issues, which their customers had been inquiring to them about. Providers then would be able to package our software with their solutions, in essence “here are the tools you need to manage us. Outsourcing is all about lowering costs while managing risks. If a company can find a provider anywhere on the planet that can give them the cost arbitrage and the risk position that is secure, it is a sweet spot for all parties.