As a Managed Services Provider (MSP) we need to purchase a lot of products from third party hardware and software Vendors to make our world - and your world - work. That’s part of the value – we do it, so you don’t have too. It’s a pretty straightforward model, where the more successful we are, the more product we buy to support a growing infrastructure, and we have become quite good at it over time.
Most Vendors treat MSP’s as their customer, and provide product in the same way they would to a very large customer of their own, so making product sourcing a pretty standard commodity item. We are finding however that the emergence of Cloud solutions is changing this a little.
With the constant media focus on alternative delivery models, MSPs and Cloud Service Providers (CSPs) have become a high priority for many Vendors, as they realise that your world is becoming more interested in managed services. And this is causing all sorts of fun and games that I thought I'd share!
Many Vendors are courting us for their business. We have account managers coming out of our ears, Service Provider Licensing models for software, complex leasing and financing arrangements for hardware, pay as you go quarterly true-up maintenance models and all sorts of other complex commercial offers being floated and discussed. Staying on top of all of this, of course, is our job. And trust me, you are glad it’s ours and not yours!
While it is proving interesting, it's actually giving us the ability to offer some very interesting commercial models to our clients as a result. Being debt free with excellent credit facilities and cash in the bank helps with that too!
When you consider the ability for Service Providers to resell to Service Providers it becomes all the more entertaining, especially for the bigger Vendors. The politics can be a source of large distraction for you – the end user - and we’re committed to making sure that is not the case.
At niu we are a simple bunch. If our clients can articulate what they want, and how they want it served to them, we can work with our downstream Vendors to support it. We’re more interested in doing what’s right for the client than playing politics. With all the levers in the marketplace today open to MSPs, we aren’t short of creative options, and with all the complicated options that have become available, we are now experts in navigating the politics in a given Vendor – and we work with most. Many of the Vendors really understand this today, and are relying on us to help them abstract their value to you in the brave new world of Cloud.
As Vendors get more skilled in embracing MSPs, and MSP / Cloud becomes almost the defacto model for consuming IT, these wrinkles will undoubtedly be ironed out. Until that point, be rest-assured that engaging us and being able to articulate what you want commercially, no matter how creative and who gets paid on what, is a simple and painless process.
The Cloud Industry Profanisaurus. By Phil Clark
That’s right, I am unashamedly a massive fan of Viz, especially the profanisaurus. Having spent a lot of time talking with some well known industry analysts about our cloud plans for next year, it came to my attention that the ICT services industry could do with a profanisaurus of it’s own.
We are preparing to launch a new core product set, which is very exciting from our perspective, but because of its breadth of functionality it doesn’t really fit neatly into the buckets allocated by the industry for companies like ours.
So, I thought I’d try and write down my views on the different industry terms, as many of them as I am aware of, to see whether anyone else had a different view. Unfortunately, I’ve been told that this is not the appropriate outlet to take quite the same tone as Viz’ infamous profanisaurus, but I have tried to keep some of that spirit in my approach cloud terminology. After all, if we’re talking cloud semantics, you have to laugh a little!
- Managed Services Integrator n. – a company that pulls together multiple Managed Services Providers and makes them work as a single seamless service for their clients. Any company that fronts other potentially competitive MSPs, makes money, makes it seamless and keeps their clients happy, deserves its own category in my opinion. Like “Fairydust” and other things that don’t really exist.
- Multivendor Services Integrator n. – Something that my well known analyst thinks exist, but I hadn’t heard of until last week. Apparently it’s all about buying in third party services and making them work seamlessly as a service. Not to be confused with managed service integrator or fairy dust, though quite easily done.
- Managed Service Provider n. - manages a client's IT Services on their behalf to an SLA. Not to be mistaken for a Colo provider (just providing Power and Space), or a Hosting Provider (who only really provides services from their own Data Centres)
- Cloud Service Provider n. – has a data centre and quite fancies getting on the back of the long-standing marketing hype about Cloud. Commonly sighted on the M4 corridor.
- Cloud Service Integrator n. – anyone (and everyone) who sells IT. If you sell a Private OnSite Cloud solutions to a client (also known as a PC) and plug it in to the clients internet data point, you can claim to have integrated a cloud service. Genius.
- Cloud Service Broker(age) n. – Those who “broker” cloud services. Broker. Really? It may just be semantics but skimming low commission and margins off other peoples product is the way this sounds. However, the analyst community are definitely trying to persuade us all differently.
- Hosting Provider n.– a managed service provider who uses their own data centres. In every respect a cloud play, but resisting the urge to jump on the marketing bandwagon.
- Private Cloud Service Provider n. – a hosting provider with a more creative marketing manager. See also the lesser-spotted cousin Cloud Service Provider.
- Hardware Reseller n. – a private cloud service provider with no marketing creativity. Increasingly endangered in the wild, but at least an honest approach to marketing.
- IT Outsourcer n. - any of the above, but with a promotional department stuck in the ‘80s. Commonly seen wearing oversized shoulderpads and carrying big binders of legal agreements.
- Multi-sourcer n. – A confused IT Outsourcer.
- Flying Saucer n. – something completely different.
- Cloud Aggregator n. - allow customers or partners or both to purchase a range of cloud solutions from a single portal. See also Multi-vendor Services Integrator, without the integration. Natural habitat is the U.S, but increasingly spotted this side of the Atlantic.
They can’t possibly all catch on, as what would our industry do with the acronym cross-over? MSI - would that be managed services integrator or multi-vendor services integrator?
At niu, there is more work to be done on defining what is to be an exiting set of new services as we approach 2013. My well-known analysts friend, whilst introducing me to way too many new terms and definitions, will certainly play a helping hand, so watch this space for where cloud semantics takes us!
Fun as they are intended to be, I would certainly be keen to hear your thoughts on any of the above definitions. Have I missed out a critical service type? Or dropped the ball on my definition of a certain provider bucket? Let me know at email@example.com and like the Viz profanisaurus, I may do a regular update!
However, if you’re looking for a more serious approach, Cloud terms is a good resource for a comprehensive look at definitions; who is calling what, what and why. Be warned though, this includes Cloudstorming, Cloudware and Cloud portability!
As a Cloud and Hosting Service Provider, niu is acutely aware of the pace at which end clients are looking to adopt cloud services, and deploy them universally within their estates. As things stand today, with cloud solutions still being in relatively ‘early adopter’ mode, people are seeing the benefits of application lead cloud deployment, sourcing individual applications from specialist vendors and providing those applications to their end users in a utility model.
Interestingly though, we think, niu is already investigating solutions to a problem that we feel is a bit further down the line, the convergence of two very powerful forces in the market today – device proliferation and ‘cloud provider’ proliferation.
As all IT professionals will have noticed, more and more end users are demanding their own style of devices to get access to their business applications. This breeds issues with data loss and user security, as well as asset control (if owned by the business) and user / asset administration.
As an isolated trend, this could be very easily managed. However, if you transpose this device hungry drive in the marketplace with the expanding need to manage multiple cloud application providers, and all associated costs/bills, userids and accounts, security, SLAs etc., your IT estate becomes an incredibly complex management overhead, that will require very slick processes in order to keep under control.
Imagine a new starter who has an iPad, a laptop and a smartphone (that’s three devices), all of which need to be business application enabled. This same new starter needs Cloud delivered Office Products, Cloud delivered CRM, Cloud delivered Email, and Cloud delivered Analytics functions (all from different Cloud Providers). This is when the new starter process becomes a convoluted implementation and configuration nightmare.
Issuing requests to vendors for new devices and application logons, configured securely and consistently across all devices, with an understanding of the process for wiping business data, and closing those accounts should the same user eventually leave the company. Cloud and Device Management together is going to be the next big headache for all IT Departments.
At niu Solutions we are integrating a range of tools and techniques to overcome these problems, which we’ll be productising and launching in the New Year. If you’d like to be involved in the launch or are interested in these solutions before then, please contact us.
July - August 2012
Mobile Device Management: Have IT Your Way
The rapid proliferation of smart devices in the workplace is outpacing that of any previous technology. According to research last month from IDC, 75% of US and European organisations questioned said their organisation provided corporate-liable smartphones to employees in 2011, and another 49% offered tablets. The launch of bring your own device (BYOD) initiatives, brought about by user demand, is accelerating this. Employees are bringing their devices to work, like it or not, whether there is a policy or not. Organisations need to ensure they are on top of the security, compliance and management holes this brings with it. Add together this BYOD trend, and the aforementioned rise of corporately owned smart devices, and organisations are met with the challenge of securing, managing and monitoring all manner of devices and operating systems.
- Cue mobile device management (MDM). Despite the name, the fact is it’s only the user that cares about the device, a businesses’ priority is securing and managing the data on that device. As workers become more mobile the real worry for businesses, of any size and function, is the location and protection of their data.
- For the business, IT and end user alike, the prospect that employees can use any device they want to make their jobs easier is an exciting one. But how do organisations get there securely? There’s no one size fits all for a mobility strategy – each organisations’ smart phone landscape looks different. When looking at the key challenges in managing this new-look mobile estate, the main risk questions to answer include:
- Where is my data? Location, risk and unauthorised access of company data are a top worry for businesses when it comes to mobile. Tracking the location of a device, profiling access and remote lock and wipe capabilities are critical.
- Whose phone is it anyway? The productivity benefits of BYOD are clear but organisations are worried about who is responsible, and for what. It’s a question of maintaining the personal aspect of the device and protecting business assets. Security settings should enable organisations to secure mobile devices regardless of ownership. If corporate access is enabled on an employee’s device, administrators should be able to deploy and update security settings such as passwords, remote lock and wipe, and content restrictions, over-the-air, without user intervention. The key here is that the business safeguards business information and network access, without impacting the personal aspects of the user-owned phone. A solution that separates corporate and personal data is paramount.
- Can I remain compliant with BYOD? Compliance enforcement capabilities should let organisations allow only the devices that meet the security and corporate requirements around encryption, jailbreak, and policy updates. If a device, or user, is not compliant they won’t get access to business data. Businesses can only meet auditing requirements if they have the capability to specify granular device policy, and user controls. Distribution allows integration with certificate authorities and extends seamless strong authentication to mobile devices, preventing unauthorised devices from connecting to corporate resources.
- Do I need to set policies? Organisations should always set a clear policy for device use and it’s essential that this is communicated and agreed by employees. Policy should also consider individual’s expectation of privacy. In the circumstances of BYOD, in particular, the company will almost certainly require permission from the employee to monitor their device and allow remote access or revocation of company data when necessary.
Organisations will do well to seek an MDM solution that can provide all these elements and more, such as content provisioning, asset management and self-service capabilities. Don’t isolate your users, let them bring in the devices they require for their job. This way you can increase productivity, whilst keeping employees happy but still maintain your security posture.
The acceleration rate at which these devices are penetrating businesses is showing no signs of slowing, in fact it’s ever evolving and changing – IDC predicts that by 2016 over 1.84 billion smart devices will have been shipped globally.
So what else should organisations keep on top of? Apps. Apple announced just last month that it’s reached 30 billion app downloads from its App Store – how many of these were your employees? I can bet that it’s more than you think. Gartner predicts that by 2014, 90% of organisations will support corporate applications on personal devices. Will your organisation be in that 90%?
Excerpt from latest Quocirca whitepaper ‘Sourcing and integrating Managed Services’.
Introduction: the focus on core value
By Bob Tarzey, analyst at Quocirca
Successful businesses have a clear idea of their core value proposition, often expressed through a mission statement. For most, staying focused on this is what helps achieve other goals such as profitability, growth and delivering stakeholder value. The decisions managers make must be focused on delivering that proposition.
Only software companies are likely to say that their value comes from delivering high performance, reliable and secure applications. However, most other businesses now rely on software applications to ensure they can deliver their core value proposition effectively and Quocirca research shows that ensuring application performance is a top priority for IT managers. In short, information technology (IT) now lies at the heart of most businesses.
However, this is a metaphorical heart, no longer necessarily a physical one. Software applications may be essential to supporting a given business but, increasingly, the same business does not need to be expert in IT to achieve this; it does not even need to run the necessary systems on its own premises. Find the right third party to work with and the running of all or part of a given organisations IT requirements can be trusted to a partner who sees ensuring high performance, scalable, reliable, compliant and secure applications as their core value proposition. Today there is huge flexibility in the choices that can be made because of the global network connectivity that has been put in place over the last 20 years.
For mid-market organisations this is a double-edged sword; they can more effectively compete with larger organisations without having to build up internal IT expertise. However, entrust the task to the wrong partner and the intended goal of delivering more reliable applications may not be achieved and the business could be derailed.
The whitepaper looks at the issues mid-market businesses (500–5,000 employees) must consider when working out how and where to run the various applications that they rely on. It looks at whether they should they keep old ones in-house and what the options are for deploying new ones. It also looks at the types of managed service providers (MSP) and the benefits to be expected when partnering with one. Download the full Quocirca whitepaper here.
Making Sense of the ‘C’ Word
By Phil Clark, Marketing and Channel Development Director, niu Solutions
Once you have stepped off your cloud assisted train, and bought your managed cloud croissant, you can log on to your cloud hosted desktop, which attaches to your cloud network, to your cloud v-server running your applications-as-a-service.
If you are senior IT Decision Maker, I’ll put a hefty bet they you are currently being bombarded with this sort of ‘cloud’ marketing collateral from every direction right now.
The truth of the matter is almost all providers have re-badged their traditional businesses with the ‘c’ word, hoping to get your attention. All the time this is happening, the industry risks devaluing what could be a real transformation in the IT and business applications space.
Apps is actually where it’s at. You have probably got a view that you need to run some applications. These range from highly customised, “only would ever work for your business”, core business applications that are the crown jewels of your industry; through to “everyone’s got one” email and payroll systems. In truth, you have some skills in house to do a lot of the work to keep these applications afloat, but it’s a limited pool, some of the apps don’t have 24x7, some of them are creaking at the seams, and some are working beautifully.
Application by application you have a different landscape of things that are complex and interrelate. And the interrelationships are critical, because if these break your business processes break. Then your users complain. Then your helpdesk gets swamped. Then the board start moaning about IT….
The relentless marketing machine in IT says you should buy some cloud to solve this. And maybe you should, but in reality, rather than focussing just on the delivery model, first shouldn’t we all focus on the applications needed to run a successful business, innovate above competition and deliver value to customers?
Instead of choosing between the cookie-cutter 5p per user per month model to buy some e-mail from an unknown data centre, or 10p per user per month outsource your full Payroll system, or for 50p per user per month your warehouse system can sit on the “Cherry Picker Cloud” service run from a eco-friendly data centre in Iceland – shouldn’t you look to something that fits your own business need?
A cloud is made up of hosted IT and Applications. A cloud service that is meaningful to business need is bespoke IT and applications that meet specific short and long-term requirements, integrated with appropriately sourced cloud services from best of breed providers - and most importantly, your internal IT function.
Our aim is to provide a service which complements your existing working services, and replaces the ones that need attention with the right solution picked from our own services, partner services and alternative delivery models. We have been providing services like these for over 10 years, making sure we consider more than just cost and “self service provisioning” when advising our clients and delivering services. It just wasn’t always called ‘cloud’.
A “typical solution” of ours doesn’t exist within our customers. All of our customers have trusted us to integrate various IT components, from their own skills, third party skills and our own skills to provide the service they need to run their business. In IT terms, we have integrated Colocation Services, Remote Managed Services, Hosted Services, Virtual Desktop Services, Public Cloud Services, Mobile Device Management Services, Public and Private Network Services, Voice / Telephony Services, Collaboration Services, ERP Services, CRM Services within our Helpdesk and Service Management Services and it works. Only one cloud in that list.
If you’re looking for more bamboozling cloud blurb – here at niu, we actually take the water droplets, and design clouds that will float past your window in interesting shapes that make your day. We can pull the water droplets from your common all garden Cumulonimbus, get a few from the Stratus, a soupcon from the Nimbus, and give you a cloud that will sit under your feet whilst doing your day job.
Taking Critical Control Of Your IT Security
By Darren Pitman, niu Solutions’ Compliance & Security Practice
When developing a cyber security strategy there’s so much to consider, with hundreds of potential products and controls to think about – it’s often difficult for organisations to determine where to start and how to prioritise each one. Most organisations have a pretty good grasp of what’s important and in many cases they are relatively successful in creating a security strategy that will suffice, but still need advice and guidance on maximising their investments and moving from a reactionary position to one that delivers proactive protection.
For several years now, savvy organisations in the US have been using the SANS ’20 critical controls for effective cyber defence’. Increasing media coverage on cyber security, threats and best practice has accelerated board level attention and put pressure on IT teams. The critical controls provide a focus for organisations, enabling them to address their security issues and compliance requirements in the most efficient and cost effective way.
This year CPNI (The Centre for the Protection of National Infrastructure) has recognised the benefit these guidelines can offer to organisations in the UK and is participating in an international government-industry effort to promote them to businesses.
As a globally recognised set of guidelines, organisations of all sizes and functions can use these to confidently shape the development of a successful security strategy or, more likely, help them to build upon and maximise those they already have in place.
The 20 critical controls present an opportunity for UK organisations to assess existing strategies and address where the gaps may be and in which areas they’re most lacking. Implementing all of these controls to an effective standard and being able to continually monitor them will not only make organisations much more secure but will also simplify any compliance requirements they may have. In fact, for many organisations, this will enable them to move from a pure 'box ticking’ approach to one that provides more tangible benefits.
Of course, organisations should still complement their IT security strategy with overall policy and governance in mind, including organisational structure, personnel and physical security controls. As the threat landscape evolves, regulations get tighter and the culture within organisations changes; it can seem like treading water to try and keep on top of everything. These critical controls will help organisations stay on top of the IT element of its overall security strategy.
To find out more about the 20 critical controls and how your organisation can get ahead visit http://www.niu-solutions.com/products/20-critical-controls-for-effective-cyber-defence
After years of observing this wonderful industry, I am firmly of the opinion that we are experiencing a gear-shift in technology that is as profound as the printing press in 1436. Take a look at the way people - young people especially – communicate today.
My 14 yr old son and his peers have a profound understanding of communications and technology – and how to adapt that to meet their needs. For example, he recently explained to me how to bypass the school firewall. I'd like to say he's a chip off the old block, but all his pals are the same.
My old NHS audit boss used to say: Steve, think like a criminal and work backwards when you develop defences against fraud and other criminal behaviour. That was 1981. 30 years later that principle still holds true when it comes to IT security and governance matters.
It’s not just the youngsters though, the 20-30 something’s at the Chaos Computer Club in Germany are astounding. The Club is the elite black and white (and grey!) hat hacker group for the region. Unsurprisingly, it has spawned uber-hackers such as Karsten Nohl - the guy whose team has progressively subverted the A1 and A5 encryption systems that form the heart of the GSM and 3G cellular networks.
These guys can now eavesdrop in real time on our mobile phone calls and mobile data sessions. It takes them four minutes to decrypt a WPA2 WiFi password using a multi-core multi-GPU equipped PC. You'll see on the screen you can crack a WPA2 WiFi password in four hours – that's not bad value for £30.00.
It’s all out there on the Internet as open source software. Chuck in a few hundred dollars of hardware and away you go cybercriminal!
What we are seeing here is a technology-driven culture of younger people that have not known a time when they did not have the Internet at their disposal. They really do use the Internet to consume information, to interact, and to communicate in ways and means many of us are only just beginning to fathom.
This all feeds into a brave new world of industrial espionage. It may sound way-out there but terrorist subversion, cyber heists and social engineering have all spawned from this gearshift in technology practice. It is still an arms race, but it’s bigger and quicker than ever. Did you know that Al Qaeda has a 30-strong technology group that specifically used IT subversion to promulgate its jihadist messages of hate? Or that online heists of big bank accounts are taking place using Zeus and SpyEye malware.
This is a real stuff. Not Spooks on a Sunday evening. This is the security threat we – as an IT industry – now face in the real world. I write about this stuff. It's riveting – and it's also frightening.
Combating it all comes down to the effective use of technology to counter cyber-criminality, cyber-espionage and cyber-terrorism. By taking a multi-layered strategy of harnessing the power of as many types of security technology as you can muster, you will create a defensive system for your organisation’s digital assets that is greater than the sum of its constituent parts.
There are plenty of resources out there to help you find out more. I refer you to the COBIT security framework from ISACA, the not for profit governance association and materials available from organisations such as the ISF and ISC(2). We’re not alone in the fight. These non-profit making associations are populated with like minded professionals, who like many of you, are working hard to find a way through the minefield of IT security and governance today.