Managed Services - How To Get By
November 6th 2017
With an IT skills shortage in full effect and the job of managing IT becoming ever more complex, is it time to reach out to a third party to help? Alex Meehan from the Sunday Business discusses the options available from the world of managed services with John Bergin of IT Force. This article featured on the 5th of November in the Sunday Business Post.
At its heart, the basic premise behind engaging a managed service provider is simple — why spend time and money investing in managing information technology if it’s not core to what you do?
After all, IT is becoming more and more complicated all the time, and staying on top of developments is virtually a full-time occupation. Isn’t it better to leave managing your IT and keeping it protected to people who are specialists?
The answer depends on the type of business you’re in and your specific needs but often it can be yes.
“Managed services is a very broad description of an industry that offers a very wide range of services. It covers everything from outsourcing the management of a couple of printers, to doing some basic patch management of servers, both physical and virtual, through to companies offloading all IT functions to a third party,” said Michele Neylon, managing director of Blacknight Solutions.
“And there is a huge range of options between these two extremes. For some companies it involves building out private cloud infrastructure, for others it’s about highly available solutions or it can even just be as simple as firewall and patch management.”
For companies in the market for a managed IT service, a major question is how to know if a potential service provider is good at what they do.
“The first question to ask is what kind of track record do they have? Are they a known entity or are they a one-man band? Do they have certifications from Microsoft or Red Hat to prove their competency or are they basically operating out of a bedroom somewhere, with no real infrastructure or staff?”
“The person selling the services might be the only person working for that company, with their fulfilment done by outsourcing the business to a third party. I’ve seen that kind of thing happen, so it’s important to ask questions,” said Neylon.
According to Vincent Liffey, technical sales consultant for Ergo, regardless of the genre of service required, the one constant surrounding the drive to engage a managed service provider is the urge to relieve ‘pain points.’
“That’s a big factor — they’re looking for pain points to be relieved within their own organisations, but they also want that done at a price that’s acceptable to them,” he said. “A major trend we’re also seeing is that customers are becoming more demanding in terms of looking for value from their managed service provider.
“Many organisations are at that point now where they’re wondering whether they should build out an IT team internally or not, whether to fully outsource or perhaps create a mix of half and half, keeping some things in house and get a third party to take care of other parts.”
The motivation for going to a third party is often the lack of a skillset within the business. It takes time, resources and energy to build out an IT function, and that’s taking as a given that it will be possible to recruit staff with the appropriate skills in the first place.
“Part of the problem is that IT staff with specialised skills are in hot demand, and they get to a point where they want to progress their own careers. They want to move on, and they often want to work for a service provider like us because they know they’ll see a lot of variety and learn a lot more than they will working in house somewhere,” said Liffey.
Often current affairs and the events of the day can focus the attention of companies keen to ensure they’re not exposed to security risks. In particular, the WannaCry ransomware attack that took place last May has ensured that there is demand for outsourced managed security services.
“This, together with concerns around GDPR (general data protection regulation) compliance, is having an interesting effect on the market,” said Chris Casey, services director for the PFH Technology Group.
“We’re seeing a lot of demand for our managed ransomware service, whereby we actually monitor and measure attacks and the level of services and data coming in to guard against phishing, and that kind of thing.
“Companies are using GDPR as the benchmark of how to get their systems right. The WannaCry event yielded a mind-set change in terms of making companies realise how vulnerable they were in their IT infrastructure. So there’s a lot of work happening right now around the automation of systems and making sure they’re robustly secure.”
According to Casey, this is happening in addition to the run-of-the-mill managed security services, such as those built on anti-virus and web monitoring. As ensuring good IT security becomes more and more complicated, and in many cases becomes a specialised skill in its own right, the appeal of outsourcing it to a managed service provider grows.
However, companies thinking of doing this should be aware that success requires a lot of buy-in on both sides.
“You need both. You can’t just hand over security to protect your systems, because behind every system are your own customers who are vulnerable to attacks through their mobile devices or whatever way they interact with you. Your company culture is important as well as your IT, so it has to be a collaborative effort.”
The best implementations of managed security feature someone in the client company who takes on the role of sponsor for it, effectively making sure the company doesn’t think it can wipe its hands of the matter.
“Security has become a field whereby no one person and no one organisation can really deliver it all themselves. You’re trying to take on the globe when you do that,” said Casey.
John Bergin, managing director of IT Force, said that while most managed service providers are in the market with outsourced helpdesk and IT support type services, in his estimation fuller services are growing in popularity.
“Most companies do monitoring and patch management etc, but we go beyond that to do much more proactive work in security and compliance with companies for whom that is a main challenge.”
Many of IT Force’s clients operate in the financial services sector and as a result regulatory compliance is a feature of their needs.
“They are asked by the Central Bank to conform to various different standards and some of them are quite challenging so they need to meet those to keep the show on the road. This doesn’t just happen in financial services, there are other companies as well but they would be a typical example,” said Bergin.
“To be frank though, security should be in everything we do in the IT sector. If you’re going to put something in the cloud or have some bespoke software developed for you, security needs to be woven in from the very start and a lot of the time it isn’t. That’s where people fall down — they don’t think until afterwards ‘how are we going to secure this?’”
Being able to secure a company’s IT function is crucially important for a managed service provider to remain credible in the market, and frequently that means making sure accreditations are up to date
“Security is almost a given nowadays, it just has to be. Our clients come to us and ask what ISO certifications have we got? They need to know that because they in turn use that information to reassure their own customers,” said Bergin.
Meanwhile, larger managed service providers are pushing the concept on by providing ever more comprehensive services. Among these is Dell EMC’s PC-as-a-service offering.
“In simple terms, this brings together the hardware, software and services components of a traditional IT function into a pay per user model. It’s different to the traditional model whereby a company would buy their hardware from a company like Dell, their licensing from Microsoft, maybe some services in the form of support contracts and so on,” said Michael McGrath, professional services manager at Dell EMC Services.
“Instead it’s about focusing on the end-user device and delivering that as a service. From an end-user perspective, you still have a device whether it is a mobile device or a full desktop PC with all the peripheral elements like keyboards and monitors. It’s about delivering the requirements for office productivity but as a service.”
According to McGrath, this model is common in other industries — in the motor trade for example — and the appeal is easy to understand. No up-front capital outlay, no refresh costs and no maintenance headaches.
“You’re able to continually give your end users the latest and the best technology while also enjoying an affordable and predictable financial arrangement. A similar thing is happening in licensing agreements Microsoft is pursuing.”
Traditionally, Microsoft updated its operating systems every three years or so — XP became Windows 7 and Windows 8.1. However, Windows 10 is considered to be the last major upgrade — from now on it will be constantly updated to keep it current.
“As the owner of a licence in order to stay compliant you need to accept updates as they become available. This is effectively Windows-as-a-service — it drives standardisation it means company A, company B, company C will all be following a similar approach. This is better for many reasons — it reduces the number of badly patched machines out there and improves security.”
The difficulties in implementing this are a hot topic in the end-user computing world and Dell EMC has created service offerings to help customers manage that.
“The main thing is that the PC-as-a-service model takes an enormous administration headache and makes it go away,” said McGrath.
“For a company like Dell EMC, this stuff is our bread and butter, so it’s not a challenge for us. We have created a global capability to deliver this in a standardised way that is complementary to the Microsoft strategy.”
Other large players in the market are also pursuing similar approaches to advancing managed services, including HP.
“The move to device-as-a-service is part of a bigger trend — ‘everything-as-a-service’,” said Gary Tierney, managing director for HP Ireland.
“We’ve taken everything we’ve learned from doing managed print services and applied it to device delivery — across PCs, workstations, thin clients, retail point of sale products etc. But why stop there? We’ll continue to look at other areas of our business where end-users would benefit from an ‘as-a-service’ model, such as 3D printing. ‘Everything as-a-service’ is the future,” he said.
According to Tierney, Irish companies are ultimately looking for ways to maximise productivity and drive down costs and the managed services approach delivers this by removing ownership costs and outsourcing all the processes that come with managing IT systems.
“Whether that is planning your IT requirements, designing the right solution, implementing the technology or device management and disposal, managed services allow businesses to stop worrying about all these workloads — handing it over to expert teams that do it day in, day out,” he said.
“Each customer has different security and access policies that need taking into account before managed services experts can get down to the business of managing customers’ devices. Navigating the processes and procedures to satisfy the individual customers’ requirements is challenging but not insurmountable if you have the depth of experience and breadth of solutions that we do.”
Elsewhere in the market, William Waldron, managed services director with Singlepoint, reports that many of the companies he works with are increasingly looking for a single managed services provider to take care of all their needs.
“Most of the companies we deal with are looking for improved efficiencies at the same time as well as the ability to manage risk and reduce IT costs. Because of this, we’re increasingly seeing companies looking for a single provider to cover all their needs,” he said.
“At the same time, they don’t want to compromise in any way at all. For example, security is becoming very important and the reason is that security breaches, ransomware attacks and hacks are being widely reported in the media.”
At the same time, Waldron noted that the market is looking to move away from a break/fix model to a managed service model where suppliers are proactively managing an environment and not just being called in to fix something that’s broken.
“It’s more looking at the whole model to see if there is redundancy there and if it is necessary to proactively manage high availability for some solutions so they don’t actually go down in the first place?” said Waldron.
“Definitely a lot of business are moving in that direction but obviously sometimes when a problem isn’t right in front of you, it’s not a problem. For many companies, when they have money to invest and everything is running fine, it’s natural to think of investing in new technology, new solutions and new products but sometimes the correct thing to do is to invest in protecting and shoring up what you’ve got.”
According to Tanya Duncan, managing director of Interxion, because the managed services sector is booming and there are many companies offering services, developing a reputation as being trustworthy is becoming increasingly important.
“When it comes to managed services across the board, clients are looking for a provider they can trust and work with seamlessly. For data centres and information management, it is becoming more important to ensure that the customer can focus on its core business function as opposed to data management,” she said.
“Organisations need to know that their data provider is on hand to help them scale up their needs as required and provide them with the access they know they need when they need it.”
This may not seem unusual for a managed services provider but with information storage, security and access are the two most vital components.
“The biggest challenge we encounter when working with clients is that the business itself and customer needs are always evolving. When initially working with a data centre provider, an organisation may identify what they believe the scale and size of their data needs to be, however our experience with SMEs and multinationals is that these requirements will more than likely change over time.
“New services are introduced and clients look for personalised products. How we manage data impacts this. To overcome this, the internal team and the data centre need to work together to ensuring that data management becomes a fluid conversation, allowing the provider to identify the businesses needs in advance.”
Duncan suggested that when it comes to its clients, it tries to position itself as a partner, ready to meet their needs as the organisation grows.
“The data centre industry is seeing similar changes to other sectors. Clients want to have increased flexibility in how they manage their data. More and more they are looking at cloud and hybrid options to allow them to move data storage off site and reduce costs,” she said.
“Legislation and security are also top of the list for clients, most of whom are preparing for the arrival of GDPR and are looking to their managed service provider to support and guide them. The coming of GDPR is driving them to look at how they manage their data, to ensure that it is secure and complies with the legislation.”
According to Duncan, organisations are also looking for increased performance from their data centres and that sector is moving away from just being about storing data.
“It’s about assisting companies so that they are primed to achieve the business objectives they have, whether that is reducing cost, increasing accessibility or introducing new connection partners. Five years ago, cloud storage was still new to the market and people were filled with questions and doubts.
“Today cloud storage is a preferred option along with hybrid storage for many. If we were to look five years down the line there’s no reason not to think that the industry will have transformed dramatically again.”
In the short to medium term, Duncan suggested, GDPR is likely to have a significant effect on the industry.
“New legislation will no doubt come along after GDPR and organisations will be looking for innovative ways to access data and ensure connectivity across their sites.”
Karen O’Connor, general manager for service delivery with Datapac, suggested that for many companies, the decision to work with a managed service provider is often made for purely pragmatic reasons — staying on top of the latest developments in IT is an increasingly difficult job.
“For this reason, managed infrastructure and managed print continue to be popular among Irish businesses, and many organisations are now increasingly looking towards managed security and business continuity and disaster recovery (BCDR) as a service,” she said.
“There are two main drivers behind this move. Firstly, the spread of ransomware and the spate of high-profile cybercrime attacks that have taken place over the past 12 months has led to increased cyber-risk awareness among Irish businesses. Companies are eager to avoid falling victim to these types of attack and are turning to experienced managed service providers like us to help them protect their assets.”
At the same time, GDPR is set to come into force on May 25 of 2018, bringing with it fines of up to €20 million or 4 per cent of global turnover for non-compliance.
“This is certainly having an influence on demand for these services with many customers working with companies like us to deliver solutions that assist them on their compliance journey. Aligning with an experienced service provider lets these companies have access to a range of skills and a knowledge-base that they may not have access to within their own organisation,” said O’Connor.
“This can help them to more effectively protect against developing threats, make adequate preparations towards new legislation or regulatory requirements like GDPR and free up in-house resources to concentrate on the organisation’s core business.”
Meanwhile, Brian Finnegan, marketing solutions architect for Sungard Availability Services, reported that while there is constant demand for the traditional outsourced managed IT services, an interesting trend is that there is also growing demand for services from the so-called hyperscale providers such as Amazon Web Services.
“There’s certainly more interest in public cloud than there was. Many companies used to be concerned at the security implications of the cloud but they’ve realised that robust security in the cloud is a given these days, and it’s just not the impediment it once was. In fact, the cloud can end up being more secure than anything you could do in-house,” said Finnegan.
“There is still a shared responsibility model. Your service provider will be responsible for ensuring the security of the physical data centre and infrastructure your data is in, but then customers themselves need to satisfy themselves that they’re using a provider that’s certified to ISO 27001, and then they can focus on the application layer security.”
This reduces the onus on the customer in terms of what they need to worry about but it doesn’t eliminate it.
“There’s a serious dearth of security professionals in Ireland, probably due to the number of large multinationals that operate here. They’re able to provide an interesting environment for security professionals. That makes it hard for smaller companies to attract the same calibre of staff,” said Finnegan.
“Because of this, there is demand from smaller companies to take up managed security services, basically to get rid of the staffing headache that they’re experiencing. We’re in the lucky position in Sungard that we’re part of a large global organisation so we don’t have much trouble attracting high quality staff — we have dedicated teams of people that we can leverage — but that’s not the case for a lot of other companies.”
Security driving growth in services
One of the biggest drivers of increased take up of managed services in the Irish market is concern around security. Irish companies want to be absolutely sure that they’re as well protected as possible but if they don’t have the expertise in house to do this, they see it as expedient to simply outsource the problem.
“When offering a managed security service, the service provider is sharing the business risk with the customer and is responsible for any security incidents detected while under support,” said Barbara Bogdanescu, chief architect and product director for Integrity 360.
“In order to offer a comprehensive security service, the service provider has to make a significant investment in both tools and people that will allow it to automate most of the time-consuming activities involved, while allowing the experts to deal with difficult cases as well as service improvement.”
Doing this well requires the service provider to be able to respond 365 days a year, 24 hours a day. It also requires the company to be able to identify risks before they become problems.
“As opposed to a standard network operating centre, where a clear problem will trigger action and response, managed security service alerts are mostly around items that have the potential to become an issue or are otherwise out of the ordinary,” said Bogdanescu.
“At the moment we are seeing cyber security go through a growth period driven by the increase in malware and attacks as well as regulation. Security and privacy have become priority items at the board level as well as state level, taking front place in recent political discourse.”
The growth in awareness and requirements have led to a booming security industry that results in complex and difficult decisions when it comes to choosing and supporting a comprehensive security solution.
Managed services into the future
Managed services aren’t going anywhere anytime soon but one thing that is likely to change in future is the range of services offered as part of these services.
That’s the opinion of Karen O’Connor, general manager for service delivery with Datapac, who goes on to say that emerging technologies like the Internet of Things (IoT) will undoubtedly play a role.
“These technologies will continue to present a range of new challenges as companies seek to minimise the security risks posed by increasing numbers of connected devices and regulatory issues will reinforce this challenge,” she said.
“Other developments such as 3D printing could also herald an exciting future for managed service providers. I think we will see far more commercial uses of 3D printing and with that there will be new challenges for service providers and their business models.”
New technologies will bring with them new sets of expertise and companies will look to service providers to help them effectively apply these technologies in their businesses.
“However, I think the biggest change that we are likely to see in the sector is that companies will undertake far more due diligence when it comes to choosing a provider and selecting solutions. The prevalen
ce of cybercrime and the increasingly stringent data protection legislations will mean that customers are going to want to know what is powering the solutions they are investing in,” said O’Connor.
More regulations to impact managed services?
Most companies are aware at this stage of the general data protection regulation (GDPR) due to come into force in Ireland in May 2018, bringing with it fines of up to €20 million or 4 percent of global turnover for non-compliance.
But how many are aware of the other regulations that could impact them? Take for example the markets in financial instruments directive (MiFID II), due to come into force in January 2018.
According to Aidan McEvoy, sales director with managed services provider Zinopy, this is likely to have a big impact on financial services companies.
“MiFID II comes into effect on January 3, 2018, and all firms that provide investment services, bonds, shares etc will need to record, store and report on all financial advisory services with customers including emails, phone calls and face-to-face meetings,” he said.
“That’s a big deal, particularly at a time when there are skills shortages across all areas in IT but particularly in security-related fields.
“Hiring people in who can handle this is expensive and it’s a lot easier to outsource the problem to a managed services provider.”
According to McEvoy, managed services are becoming accepted as cost-effective ways to create a ‘route to service’, in other words for companies to solve problems that involve expertise they don’t have in house.
There is no doubt that protecting critical assets should be one of the top priorities for any business. IT Force is pleased to be able to provide dedicated IT services and bespoke solutions based on the needs of the client in question. As threats and dangers continue to evolve, these methods will constantly improve. Please contact us to learn what additional options we can offer your firm.