Productisation of Service: A Case Study

This paper discusses the issue of Productisation of service, i.e. development of systemic, scalable and replicable service offerings, as implemented by a multinational Consulting organization, engaged in the business of outsourcing and consulting solutions, from their office in India. The literature is quite rich with discussions and debates related to products and services individually, but there seems to be an important deficiency in terms of 'integration' between product design and service elements for supporting new service-product system. In today's flat world the geographic boundaries are getting diminished when firms are expanding seamlessly across the globe. This seamless expansion of the electronic data processing market makes use of the outsourcing as one of its main way to expand into various geographies. Data Sanitization is one of the most sought after service offering made by a consulting firm to protect the sensitive client data from any misuse. The paper attempts to document the process followed by a firm to productize its data sanitization service offering. This documentation will not only help in integration of product and service parameters, but also will be extremely helpful for the organizations worldwide offering service as business. Keywords-Services management; productisation; service product; data sanitisation; data security; productised service.


INTRODUCTION
In 2005, Kuczmarski & Johnston [1] claimed that one emerging trend in service development that continues to grow is that blending of product and services into a -full experiences‖, rather than standing as individual entities.Following this trend, Sheth et al [2] described the productservicisation movement which means a marketable combination of products and services is becoming increasingly important to academics and practitioners.Valminen K. & Toivonen M [3] suggested that the service-Productisation approach which provides the service more or less ‗product like' can stimulate the service company to produce new innovation.However, the reverse trend of productisation of established service business has been adopted by a few of the multinational service organisations.This paper documents the issues of development of systemic, scalable and replicable service offerings, as implemented by a multinational Consulting organisation, engaged in the business of outsourcing and consulting solutions, from their office in India This paper is structured into four sections.The first section surveys the literature to conclude that body of knowledge is rich in discussing about products and services on stand-alone basis, but learning from specific cases of Productisation of service are not well documented.This paper attempts to fill in this void.The second section discusses about the service offering in hand for discussion in this paper, viz.Data sanitization.The third section goes into details of processes followed by a multinational service organization in productizing data sanitization, one of their important service offerings.Lastly the fourth section draws a summary and concludes the discussion.

II. PRODUCTISATION OF SERVICE
The literature is quite rich with discussions and debates related to products and services individually, but there seems to be an important deficiency in terms of ‗integration' between product design and service elements for supporting new service-product system.
A systematic development of services is becoming increasingly important when the improvement of companies' competitiveness is pursued.Earlier research by de Brentani [4] has shown that proficiency and effectiveness in new service development contributes significantly to the success of the offering.However, the traditional product development models created for industrial production do not fit as such in services due to the specificities of this part of the economy.Grönroos [5] and later Sundbo and Gallouj [6] included immateriality, process nature and the co-production with the client in the first place as the specificities of services.Jaakkola et al [7] defined productisation as one possible tool to systematize both the development and the production of services so that continuous innovation, cost efficiency and customer orientation become a part of everyday life.There is not one commonly accepted definition for the Productisation of services.Usually the term refers to making the service offering more or less ‗product like', i.e. defining the core process and its outcome so that they become more ‗stabile' and visible.Individual needs of customers may be taken into account as small variations in the core service, or through modularization.In the latter practice, customization is achieved through different combinations of modules, each component being provided in a systematic manner.Besides the service elements that are visible to the customer, Edvardsson [8] and Vaattovaara [9] opined that Productisation may concern the service company's internal processes.
Productisation can be restricted to the more accurate defining of already existing services, but more commonly the term includes also some renewal of the service.Because of this, Gallouj and Weinstein [10] described Productisation as a factor that stimulates the service company to produce new innovations.In the present paper, we use the broad view of Productisation, which covers both new and existing services.We focus on the systematization of the service, but include in our perspective the even more advanced practicemodularization. www.ijacsa.thesai.orgService companies attempt Productisation of service for improving competitiveness and performance.Defining, systematizing and concretizing a service make its production more profitable and efficient.When the production process is well-defined, the quality of the service becomes more stable.In addition, the possibilities to accumulate knowledge systematically are improved.Productisation often intensifies the transfer of knowledge and enables the division of work.Finally, Productisation makes the pricing of the service easier.Sipilä [11] suggested that companies may even switch from selling experts' time to selling value propositions with a fixed fee.
All these impacts lead not only to better competitiveness, but they also open possibilities for better management.The producer knows better what he is selling and the customer knows better what he is purchasing.
Thus, the customers also benefit from Productisation.It becomes possible for them to compare the outcome of the service with the service promise and to compare the benefit received with the price of the service.In other words, Productisation facilitates the evaluation of the service.The increased tangibility and concreteness -a characteristic which Edvardsson [8] called ‗explicitness' -makes the service more tempting and easier to buy.
The focus of Productisation varies.It can be just a minor change of style or appearance in the service, but it can also mean upgrading of the existing service.Further, the idea may be to extend the company's service portfolio in current markets, or as Jaakkola [7] suggested, to develop a new service to an existing customer need or a totally new service to a new customer need.
Each Productisation process is different depending on the company's aims as well as its strategy.Jaakkola et.al [7] stress that companies should plan and carry out their service development project on their own basis and starting from their own needs.According to Jaakkola et al., the Productisation process consists of seven different stages: 1) assessing the clients' needs and the ways in which they are answered; 2) defining the structure, contents and process of the service; 3) specifying the degree of standardization; 4) concretizing the service (service description, brochures etc.), 5) selecting the principles of pricing; 6) following-up and measuring the success of the service; 7) and anticipating the needs for continuous development.Sipilä [11] has emphasized marketing and piloting as additional stages that should be included in a Productisation process‖.

III. DATA SANITIZATION, THE SERVICE OFFERING
Data Sanitization is the process of camouflaging sensitive information by overwriting it with realistic looking but false data of a similar type.This process is done deliberately, permanently and irreversibly removing the sensitivity of the data stored in organization, to avoid the data theft.It is also called as data masking.
Data sanitization is usually performed on the certain business critical set of attributes by applying various ‗Sanitization Techniques' on those attributes and modifying the values of that attribute from the original value but still maintaining the meaning of the attribute and modified value to be in realistic and valid range of data values.Previous research by Zhong et al [12] found that data sanitization is usually needed for personal and identifiable attributes of the business which has more exposure and needs to be protected in this world of highly globalization.
Data sanitization is typically done in the development and test systems where production data is used as a sample for developing or testing product life cycle including  Development of a new product  Enhancements to the existing product or suit of products to make them more suitable for the target customers  Adding new features to the product lines or testing compatibility of the new features with the existing features of the product.
 Launching promotional offers or knowing the effect of promotional offers onto the business lines  Development of a system to bid for the product build or buy strategy for a company  Compliance to regulations in case of the pharmaceutical and health insurance industry The scope of data sanitization within the organization is not only limited to above mentioned operations, but it is also needed for any information technology projects within the company where non-authorized person (within the company or outside the company) may need to use the production data for any internal development or testing related operations.The data sanitization can be achieved in multiple ways.Depending upon the need of an organization and objective of data sanitization, Carr et al [13] suggested that one should define the most appropriate way of achieving data sanitization and thus obtaining the level of data security that organization needs.Sensitive data: Depending upon the nature of the Organization, business users from the organization needs to define the most business critical business elements within the organization.These elements are identified because they are too sensitive for others to see and interpret for any gains.The data may include personal information, financial information such as account numbers, medication information etc.While selecting the sensitive data of an organization business users also needs to take care of the regulatory mandates of various countries where organization does business.Sanitization Rules: Sanitization rules are defined as set of keys (generic or customized) for each identified sensitive data elements as shown in the figure 1.These rules are usually stored in a form of rule name and numeric rule value parameters.These parameters are fed to the encryption algorithm for rule application.The database of sanitation rules is maintained by an organization so any rule can be applied to any specific or generic field of an organization.This is used to add the strength of the data sanitization.
Encryption Algorithm: The encryption algorithms use the sanitization rules parameters and accordingly select the encryption function to be used.The encryption algorithm with parameters passed by sanitization rules are then applied over the sensitive data for data sanitization.
Sanitized data: The sanitized data is an end product of the sanitization function with completely masked data and helps protect the confidentiality of the data while maintaining the referential integrity and data dependence among attributes.The sanitized data can be used for sharing with other parts of the organization.
The primary need of the data sanitization is to  Protect the valuable business information to avoid the impact of the data theft on to the business.
 Compliance to regulatory requirement: In almost all countries in the world the regulatory body has defined set of rules regarding the data security.All organizations are subject to comply with the data security.Shringarpure [14] identified some of the regulations as are  GLB Act: The Gramm-Leach-Bliley Act requires institutions to protect the confidentiality and integrity of personal consumer information.
 Financial Privacy Act of 1978 creates statutory Fourth Amendment protection for financial records and there are a host of individual state laws.
 HIPAA Act 1996: There are also a number of security and privacy requirements for personal information included in the Health Insurance Portability and Accountability Act of 1996  Sarbanes Oxley Act section 404 requires mandatory security and encryption of the data.
 Enhance the data privacy of an organizational data.As suggested by Zohang [12] data sanitization will help the organization to ensure that the organizational data can be kept safe from any internal breaches.This will ensure that the data does not fall into the wrong hands or data is not exposed to any un-authorized person.
The Gartner Analyst study 2008 shows that  Approximately 95% of the internal security breaches are avoidable if the necessary proactive steps are taken by the organization.
 More than 50% of all data thefts come from inside the organization from disgruntle employees, employee mistakes, oversights and vendors having improper access.
Prevention cost if the data security is significantly less than the potential losses or the legal mitigation costs

IV. PRODUCTISATION OF DATA SANITISATION SERVICE
To identify a data sanitization productized service offering requirement for a customer, a consulting firm needs to know the data management plans of an organization.This data management plan of an organization needs to be mapped to regulations, recent security breaches, and best data security practices as followed in the industry where the customer's organization belongs to and last but not the least is an Information Technology vision of an organization [Carr,13].
V. MARKET ANALYSIS AND FEASIBILITY STUDY In today's flat world the geographic boundaries are getting diminished when firms are expanding seamlessly across the globe.This seamless expansion of the electronic data processing market makes use of the outsourcing as one of its main way to expand into various geographies.According to the analyst reports, there are main 5 markets they are USA, Central Europe, Be-Ne-Lux (Belgium, Netherlands and Luxemburg), Norway-Sweden and APAC market.The market for the electronic data processing is growing with many organizations from west (USA and Europe) considering utilizing APAC region to be their main back-office.
As per the Gartner study, it is expected that 6% of the outsourcing market would be a market for Information security spending by an organization.The data security is expected to be around 35% of the total information security market  The Global Analyst Relations team was formed consist of representation from management, Sales, Development and regional marketing.This team focused on: Market Analyst and build relations: Drive sales into the identified geographies by influencing perception of market analyst of our capabilities.
Market Knowledge Management: inform internal people about the analysts' opinions of the firm and with in each region as well as globally.
For doing business and making sales of the data sanitization product offering, local knowledge is very important.The localized knowledge was important to define the geography specific business sensitive elements and the regulations specific to the same.
 The broad market segments were defined based on following parameters  A big geographic presence.
 A market segment has more than $100 Million for data security.
 A segment represents large outsourcing presence i.e. more than USD $10 billion.
 Analyst recommendations for potential data sanitization offer requirements  Availability of dedicated sales team to take this offer into the market.
Based on the criterion mentioned above, the broad market segments for the Data Sanitization were identified to be  North America: The Productized offering methodology is depicted in Figure 2. The data sanitization solution was to be implemented across various organizations and hence the architecture of the data sanitization solution needed to be very scalable.The underlying architecture of the Data Sanitization solution was organized into the four major components.It is important to note here that the methodology of putting in scalable service solution architecture is the most important step towards Productisation of service.

VII. SELLING THE PRODUCT
The product was launched in US market, since the organisation already had experience with more than 350 of the fortune 1000 companies and gathered deep domain knowledge in some of the important business areas.A team consisting of onsite and offshore individuals created the product offer and another sales team was made for USA in specific.
The sales team was involved into the productized service development to provide the market input from USA market.Series of trainings were conducted to articulate the features of this product and how it is designed to help customer address data security issues.

VIII. SUMMARY AND CONCLUSION
Repeatability is one of the keys to achieving scalable financial performance in the professional services firm because it improves service delivery consistency and thereby improves: www.ijacsa.thesai.org Client satisfaction  Project economics (better estimating, reduced learning curves among service delivery professionals, and so on)  Practice economics (better predictability across the portfolio of projects) By productizing and associating tangible features to an offering, the professional services firm can help ensure more consistent service delivery to realize these benefits.Predetermined templates for work products and deliverables, standardized methodologies, and fixed pricing and staffing models are all examples of standardized product attributes that can be assigned to service offerings.[Radford,15] Value addition made by professional services firms are solving client problems and no client problem is ever exactly the same.As a result, the actual service delivered for every client is customized to some extent.However, significant benefits are gained by the professional services firm by associating product features with its services offerings-performance improvement can span sales, marketing, service delivery, and economics.These benefits are beneficial to professional services firms that find themselves positioned toward the latter half of the professional services lifecycle.
Productisation of services is accomplished largely by associating tangible features with intangible service offerings.These tangible features may take the form of personnel, collateral, methodologies, pricing, facilities, or other attributes.By associating tangible features with intangible services, the professional services firm can build client confidence during the sales cycle as well as during the service delivery phase.
The findings of this study shows that the company rolled out data sanitization as a productized service offering, packaged around the sanitization repository and their knowledge of customization for the local USA market need.This has gained a ground in the USA market especially in their current customers.The rollout of data sanitization in the USA geography in financial services industry has been successful so far and the company plans to replicate the same in the other geographies as well.In addition to the concrete changes in the services, the Productisation project provided results that have a more general meaning and probably long-lasting effects on the orientation of the companies.First of all, the attitudes towards Productisation changed, and secondly, the organization developed the skills of product development and also The building block of the data sanitization process contains four main components  Sensitive data from the organization  Set of sanitization rules Encryption Algorithms Sanitized data as outputThe basic data sanitization conceptual diagram is as shown in figure1.It contains components like Sensitive data as defined by the organization or organizational business users, sanitization rules engine that consist of various sanitization rules, encryption algorithms as build by organization.www.ijacsa.thesai.org
Figure 2. The data sanitization offering consist of four parts, viz.(i) Data security consulting; (ii) Sanitization solution customization and implementation; (iii) Maintenance and support and (iv) Governance.