Offshore outsourcing is a brilliant business strategy for many businesses. Gartner analysts predict that offshore outsourcing will rise by 8.9% in 2008, and the trend will continue on to 2009. However, it is not (yet) a perfect solution to various business issues and requirements. Before engaging the services of vendors, whether by offshore or onshore outsourcing, it is important to know that outsourcing has its own sets of issues.

The bright side of the debate is that if a business understands the issues surrounding outsourcing, these “cons” can easily be turned into “pros” that will add up to profitability and result in better quality of products and services. Below are some of the risks that you must understand about outsourcing:

• You are putting parts of your business in someone else’s hands. Realize that you are inviting a third party into your own operations. Business matters that used to be kept within your company’s walls are being laid open to the scrutiny of the vendor, or as some say, consultant. While trust must be established between the company and the vendor, it is absolutely necessary to form security measures from contracts to security audits. And be hard-headed in the implementation of these contracts. In most security breaches, the weakest points are not the systems put in place to prevent data leaks, but humans, the staff themselves, who fail to understand the enormity of keeping corporate information secure.

• Business experts and visionaries are still a weak spot among outsourcing destination. Offshore outsourcing vendors can provide highly skilled workers who can perform volume tasks. However, management is often a weak spot among vendors. This means the lack of familiarity or knowledge of established processes by your company, lack of enough knowledge about your business or industry. In cases like these, it is important to know the people who will lead your outsourcing team. In many situations, middle- and junior managers receive months-long trainings on-shore before getting their feet wet with actual project delivery.

• Unfavorable business conditions in offshore destinations include economic and political factors. If you think that you are giving away control of parts of your businesses to companies located outside your country, consider how much less control you will have if you factor in the political and economic upheavals in that country.  Any upheavals at all poses risks of operational disruptions. You must make sure that there are business continuity measures put in place in case it is business unusual offshore.

• Businesses only consider outsourcing in terms of cost-savings instead of value to the company. This weakness happens on both ends of the outsourcing spectrum. Both business and vendor only see outsourcing as a way to cut costs instead of adding value to the company’s product, services, customer relationship, among other things. Instead of concentrating on the outsourcing relationship in terms of money savings alone, it is important to add long-term product or service innovation and process improvement in the mix. The money saved today can be reinvested into bigger endeavors tomorrow.

I’ve seen several implementations of ACEGI on enterprise applications. However, I’ve never setup one myself until earlier today… At first, I was quite frustrated with the spring configuration as none seems to work. After looking at several articles online, I get more frustrated as everyone talks about different syntax.

So, I’ve thought of writing down some documentation on how to make ACEGI work seamless with Spring and Hibernate but then I’ll just be adding more confusion to all available articles on the net. So instead of writing step-by-step instructions, I’ll just give out pointers on how to make your learning experience easier.

Rule #1: Follow the Petclinic examples provided from the build - with the exact build number! It seems that there are name changes in ACEGI on different releases. This means that you could be reading an article about ver. 0.8 which is not applicable on ver.1.0, etc. There are differences even on minor releases (1.0.2 to 1.0.4). So stick with the tutorial that comes with build and copy the spring-config from the tutorial as is.

Rule #2: Understand the security framework. Spend a few hours studying the ACEGI configuration. This will save you time later. I tried implementing ACEGI right away and whenever I get lost, I have to dig around and learn the concepts. I believe that its much easier to read and understand first before beating yourself out… I find this article very helpful: http://www.tfo-eservices.eu/wb_tutorials/pages/spring-acegi-tutorial.php But don’t take the configurations from this tutorial as some have changed since 1.0.2 to 1.0.4. Just learn the concepts and again - USE THE PETCLININC EXAMPLE FROM THE BUILD.

Rule #3: Get ACEGI working using InMemoryDaoImpl. Divide your work by focusing on getting the security features working before integrating this with your user DB or AuthenticationService. This way you can isolate your issue to ACEGI settings only. Note: The PETCLINIC example uses MD5PasswordEncoder for password, you need to disable this by removing PasswordEncoder property in your DaoAuthenticationProvider.

Rule #4: Do not wrap settings on ACEGI properties. ACEGI settings are sensitive on newlines, it will not recognize the text if configurations are wrapped. You cannot remove append the lines nor create newlines… if configuration text is long, leave it as is otherwise, ACEGI will not recognize it. While this may seem obvious, I got caught with this problem when I used auto-format in Eclipse.

Well… This is all I have for now…. good luck learning ACEGI!

It’s been quite a personal struggle for me to choose between freedom against security. Freedom pushes me hard to be creative and explore the unknown but the risk is high. If none of the creativity works, failure is immediate. On the other hand, security reduces risk of failure as financial income is consistent. I’ve tried going back to corporate world for the past 3 months with a good paycheck… but cannot find the satisfaction in the things I do.

This experience adds maturity as I begin to understand that satisfaction is not measured by amount of $$$ earned rather by personal achievements and accomplishments. This is the first time that I have to give-up my financial security in exchange to following my passion.

Looking back to where I started, it was passion that pushed me to start an IT career, it was passion that gave me career promotion, and now it is passion that makes me go back to continue what I envisioned - my own IT company.

Let me conclude by saying that ideyatech will be back on track and will continue to build quality software and deliver world-class services.