Tag: managed services

Why You Need to Buy Security Differently from Managed Services | Sherpas in Blue Shirts

In many newspapers these days, one doesn’t have to read very far without tripping over the latest sensational article on a security breach. The black hat community conducting security attacks is incredibly well funded and incredibly sophisticated and our traditional firewall security precautions are woefully inadequate. The implications of this for companies are stark and robust. I think we must start with how we approach security.

The list of attacks is long and includes, for instance, Target’s customers, Anthem’s healthcare customer records, and the U.S. federal government apparently being penetrated by the Chinese. Behind all this is the frightening prospect of a highly sophisticated black hat community potentially funded by national governments in China and Russia and increasingly being in alliance with organized crime. The black hats are conducting security threats on a scale that is both mind boggling and deeply worrying – not only right now but even more so over times as the R&D effort of this community drives increasing levels of sophistication.

To date, we have approached security as a hygiene vehicle – one and done. We think about it in terms of firewalls securing our data center or making different layers of IT or technology architecture secure. We invest once to try to imbue our technology with a level of defense, and then we seek to spread that investment over the technologies; and we expect the cost to decrease as the learning curve goes down. The problem with this is that it cannot stand against the R&D effort and the rate of improvement in the black hat community.

Therefore, we must change our expectations and how we buy security. We must have a separate security tower in which the expectation is the cost will rise over time and we will invest ever more money and time into ways to counteract the growing black hat menace. The black hats are not constrained to attacking just one functional element of an organization’s service chain; therefore, businesses need an overarching security solution that secures everything. The consequences of not countering this threat are immense.

When we approach security as a hygiene vehicle, we ask for a component of security and monitoring in each technology function. Whether it’s a data center, applications, network, or other infrastructure, we use firewalls, encryption, or other tools and techniques to harden our environment and make it less vulnerable. That’s all well and good, and this should continue. However, this is woefully inadequate on its own with the increasing sophistication and threat from the black hat community. We cannot expect to be defended or even maintain our corporate responsibility if we assume that a hygiene approach is adequate.

It’s clear that we must also procure a different kind of security that is overarching and that matches the rapidly changing security landscape vulnerabilities uncovered and exploited by extremely well-funded and incredibly gifted black hats. We must realize that a hygiene approach to security will prove to be dramatically ineffective against the black hats’ innovation. And we must expect that the cost of an overarching security function will increase because of the need to constantly invest in our capabilities to innovate – and innovate faster – to counteract their threats.

We see the changing expectations starting to happen with the chief security officer in a role outside of technology and reporting directly to the CFO, CEO or board. But we have not seen the kind of budget and capability being invested into that function that are necessary to counteract the growing threat.

Furthermore, we have yet to see service providers providing a managed service to this new entity. The managed services they offer are based on the normal managed services principle of providing a constant service that will get cheaper over time as the learning curve and technologies mature. That’s the underlying theme of all managed services. That principle gets stood on its head in the context of security when the adversaries’ sophistication keeps rising exponentially. The cost of sophistication to counteract the adversaries must rise equally – which doesn’t work in the managed services principle.

Furthermore, no one firm can have the sophistication to take on the Russians, Chinese, organized crime mob, and the black hat ecosystem. That’s not a reasonable expectation for even the largest organizations. Therefore, organizations must turn to service providers that can aggregate customers in order to match the investment of the black hat community. The services industry must get together to defeat this massive threat to businesses, but managed service offerings are not the answer. We must innovate at the same rate at the black hats; thus a provider’s expectation of cost dropping over time is false because the learning curve will not go down.

Bottom line: The cyber attacks situation will get worse. All businesses – including service providers and their customers – must expect that their investments in security will increase to match the ever-escalating threats.


Photo credit: Flickr

Virtustream Acquisition – EMC Spreads Its Hybrid Cloud Wings | Sherpas in Blue Shirts

EMC has taken a significant step forward in its hybrid cloud journey with the announcement of its acquisition of Virtustream in an all-cash transaction of US$1.2 billion. Founded in 2009, Virtustream is estimated to have clocked ~US$ 100 million in revenues last year through its cloud hosting services and management software (xStream) offerings – while cloud IaaS accounted for 60% of this revenue, the remaining 40% came from management software licenses.

The U.S.-based company will eventually become the managed cloud services division within the EMC Federation business. The transaction is expected to close by the third quarter of 2015 and be additive to EMC’s revenues starting 2016.

EMC is well known for its deep pockets. With about 70 acquisitions since 2003, the inorganic route is clearly not new to EMC (to put it mildly). The company has not shied away from flexing its muscles from time-to-time to build capabilities for its mainstay storage business and beyond.

EMC’s “Shift” to Cloud

The emergence of cloud has had a strong impact on EMC’s core storage business, which has been witnessing a sluggish demand over the past few years (the overall Information Storage division of EMC has witnessed a CAGR of ~3% over 2012-14). While EMC has rejigged its focus to cover new storage products, this “strategic tweak” in itself is not expected to arrest EMC’s plummeting revenue growth. Therefore, EMC has put its bet on the “next big thing” in the IT industry – hybrid cloud.

EMC’s association with VMWare and Pivotal has ensured that EMC is no newbie to the cloud; however, the real sign of intent from EMC came with the launch of its Enterprise Hybrid Cloud Solution last year. The launch also coincided with a triplet of cloud acquisitions – Cloudscaling (an OpenStack IaaS solution developer), Maginatics (a cloud-enabled storage provider), and Spanning (a cloud-based application data security provider).

So what does Virtustream bring to the table?

As EMC looks to make a mark in the enterprise cloud market, the Virtustream acquisition offers multiple benefits to EMC:

    1. Expansion of the Enterprise Hybrid Cloud Solution portfolio: EMC’s Enterprise Hybrid Cloud Solution is currently an on-premise private cloud offering that provides cloud-bursting options to VMware vCloud Air and other public cloud services. The addition of Virtustream’s xStream platform provides EMC with capabilities to manage both on-premise and off-premise deployments, thereby offering a truly hybrid cloud setup

      The xStream platform will be leveraged by EMC Federation service provider partners to deliver independent services based upon it

    2. Credible cloud managed services capabilities: Virtustream has witnessed credible success in serving large enterprises with complex cloud deployments and managed services requirements, through partnerships with industry-leading vendors such as SAP (which made a US$40 million investment in Virtustream in 2013), Oracle, and Microsoft. Virtustream has been certified by SAP to offer SAP HANA as-a-service. EMC can leverage Virtustream’s managed service capabilities/experience to serve its own existing clientele as well as prospects

    3. Datacenter footprint: Virtustream brings a credible revenue stream based on its datacenter footprint spanning locations such as the U.S., UK and the Netherlands (catering to key demand markets such as North America and Europe)

    4. Meaningful clientele: Virtustream brings a credible roster of clients including Coca-Cola, Domino Sugar, Heinz, Hess Corporation, and Kawasaki, which will get added to EMC’s kitty (to cross-sell its broader hybrid cloud and storage offerings).

The move to acquire Virtustream seems to be a logical one for EMC (although the revenue multiple of ~12X indicates some level of desperation on EMC’s part, given the ongoing stakeholder unrest). Also, given EMC’s traditional modus operandi of allowing its acquired entities to operate autonomously, we do not expect the acquisition to grossly impact Virtustream’s innovation capabilities (barring potential integration and cultural challenges)

Virtustream’s rationale for being acquired?

The development may have come across as a surprise for many market observers, given that the company was grappling with the idea of going public barely six months ago. While Virtustream was going great guns, the brand recognition of a cloud provider typically plays a huge role when it comes to large enterprises looking for sourcing options. Consequently, hitting the “next level” of growth trajectory potentially becomes a significant challenge for players such as Virtustream (especially with a large enterprise focus).

Therefore, it comes as no surprise that Virtustream’s CEO, Rodney Rogers, claims to have considered multiple suitors over a period of time, before choosing EMC (based on terms offered and a chance to become a part of the EMC Federation).

Does this point to more consolidation in the cloud IaaS market?

The EMC-Virtustream deal has been preceded by multiple notable acquisitions in the cloud market over the past few years (Terremark by Verizon, Savvis by CenturyLink, SoftLayer by IBM, Metacloud by Cisco, and GoGrid by Datapipe). As various players in the enterprise cloud market, be it global IT service providers, telecom providers, or public cloud providers look to gain a stronger foothold, it is hard to bet against other similar acquisitions happening in the near future. The question is which company will be the next one to get gobbled up? CloudSigma? DigitalOcean? Joyent? ProfitBricks? Or even Rackspace? That only time will tell.


Photo credit: EMC

MSP Adoption Broadening | Market Insights™

MSP-Mastering the Winds of Change EGR-2013-3-R-0958-I-2

Once covering only temporary workers, Managed Service Provider (MSP) now encompasses more types of contingent workers, including Statement of Work (SoW) workers and independent contractors, positions originally managed by operations or business units.

Visit the report page

The FTE Labor vs. Managed Services Decision | Sherpas in Blue Shirts

Industry buzz says companies can realize more value via outsourcing by moving away from the FTE or contract labor model and opting instead for managed services. The FTE model is dead, they say. But don’t believe everything you hear.

The managed services model in outsourcing sounds great. It beckons with reduced costs and the benefit of service levels. You can buy it “as a service” in a predictable fashion and perhaps even pay for it on a usage basis.

Sounds wonderful.

But let’s take a deeper look. The perception of value in managed services is countered with limitations. Because the service must remain stable, the service description can’t change. What it provided yesterday is the same as what it will provide tomorrow. But there’s a sting in that stability.

In volatile environments — where there are significant shifts in process and what the provider is doing — the service description becomes volatile. For example, application development environments, as well as application maintenance environments, are inherently unstable. The result of this instability in a managed services deal will be an unhappy customer, either because the service no longer fits their needs or because it is necessary to issue a change control — which often leads to the service provider changing the pricing structure to accommodate the change in service. Even small changes over time build up to great frustration.

Where volatile environments and change are part of the equation, the idea of having predictable pricing through managed services is just an illusion and the customer buys something that doesn’t exist. Even worse, the customer may be locked in to the managed services contract and thus feel like a hostage.

The situation isn’t good from a provider’s perspective either, as it has to deal with an increasingly unhappy customer base.

The more change that the buyer requires in the managed services model, the more the buyer and provider get out of alignment and can become adversarial.

The FTE or contract labor model is much more flexible in reallocating resources to address changing circumstances. But that doesn’t mean that there isn’t a vital place for managed services in outsourcing.

When making the decision, buyers need to keep in mind that managed services are best suited for areas that have a stable and predictable service in terms of functionality. Companies that inappropriately apply managed services to environments that are too volatile will become very frustrated.

Thus we believe the stories of the death of the FTE service model have been exaggerated. It’s not dead and it’s unlikely to die or completely replace the FTE model because it meets a very fundamental need.

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

"*" indicates required fields

Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.