Worldwide CampusWorldwide Campus

“Whether you are five, 50 or 5,000 people, access rules remain the same,” says Varshney. “And that’s where it is easy if you have a thin client environment.”

Companies follow one of two means to give access rights: One involves restricting access of everyone by default, and then selectively giving access to some users; the other involves making the system accessible to all by default, and then configuring it to deny access to some users. The first approach is a more secure one.

How is the network secured? Remote security and monitoring is paramount, and companies usually follow some typical measures such as permissions-based access, passwords, firewalls, intrusion-detections systems, virtual-private networks, thin clients, encryption, digital certificates and, increasingly, biometric technology.

Some companies, and often governments, dealing with sensitive data do not give external users the right to access their data centers. Instead they get the service provider to position some of its people within their premises and give them access to their network from there. Some customer companies may even “download” the relevant data to the service providers.

How is risk mitigated? The more or less centralized approach to managing data brings the issues of business continuity and disaster recovery to the fore. Companies are working towards leveraging their global presence by locating disaster-recovery centers in dispersed regions and by making not just one, but many, facilities across the world function as backup sites. For example, rather than keeping their India operations as a backup for their U.S. data centers, companies are working on models where their other operations — in Europe, China or Latin America — may step in and take over in the situation of any other country going down.

How important are standards? An understanding of compliance issues and how they may be linked to technology is critical. Equally important is adherence to standards such as Information Technology Infrastructure Library (ITIL). This determine s that all parties — geographically dispersed teams of both the customer company and the service providers — can integrate into one global network.

“Compliance to laws — Sarbanes Oxley, COSO framework and the privacy act, for example — is increasingly becoming a challenge, and CIOs have a long way to go in adhering to these,” says Sarvesh Goorha, CEO, Six Sigma Outsourcing Practices. Goorha is the former CTO of EXL Services, an Indian BPO service provider, where he managed a global network of over 5,000 nodes.

Who manages these complex functions? As in the classic multinational company scenario, all the strategizing and high-level decision-making still remain firmly rooted in the head office. However, the decisions that affect the local offices are far more distributed. “In a global campus, even a line manager is more empowered,” says CSC’s Krishnan.

Krishnan also talks about a matrix-like team structure that CSC follows. “We have a matrix-like [not hierarchical] team structure. The global manager may be sitting in India, but his teams may be spread in different countries. Those teams will have their own management structures within those countries — so there will be line reporting and functional reporting,” she explains. “This requires a lot of collaboration between managers — decisions are taken jointly, appraisals are done jointly. They have to be prepared for virtual management.”

Companies set up separate teams to manage all these IT issues. And these are no mean teams. Of Fidelity’s 40,000 employees worldwide, for example, more than 10,000 manage technology. These numbers will, of course, be far lower for a smaller company.