Tag: pricing

10 Steps to Better Evaluating a Cloud Service Agreement | Blog

Comprehending a Cloud Service Agreement (CSA) can be difficult. With the increasing clout of hyperscalers, buyers need to fully understand a CSA to effectively negotiate with cloud service providers. Learn how to better evaluate these contracts in this blog.  

With the increased adoption of cloud services, Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure have come to dominate the public cloud space in recent years. The negotiating power of these hyperscalers has significantly increased, changing the dynamics of the CSA.

As the influence of cloud providers grows, customers need to carefully evaluate the proper terms and conditions in the CSA. First, let’s better understand the key terms:

  • Cloud service agreement (CSA) – a service level agreement (SLA) for cloud computing services between the cloud service consumer and cloud service provider
  • Cloud service consumer – an individual or a corporate enterprise end user accessing cloud computing resources and services from the cloud service provider
  • Cloud service provider (CSP) – third-party suppliers of cloud-based platforms, infrastructure, application, or storage services
  • Customer agreement – the relationship between the provider and the customer, including roles, responsibilities, and processes used by the CSP

The contract may be written according to the service delivery model selected, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS). CSPs can modify their contract terms at any given time.

Based on our observations, many customers have difficulty understanding these contracts. With the growing portfolio of cloud services in every organization, understanding the nuances to better negotiate contracts with service providers is crucial.

Below is a practical reference to safeguard customers’ interests.

Ten Steps to Evaluate a Cloud Service Agreement

  1. Understand the roles and responsibilities properly
  2. Evaluate business-level policies thoroughly
  3. Understand service and deployment model differences
  4. Identify critical performance objectives
  5. Evaluate security and privacy requirements of the environment
  6. Identify service management requirements
  7. Ensure proper backup for service failure management
  8. Understand the disaster recovery plan
  9. Ensure an effective governance process
  10. Evaluate the exit process fully

For a detailed analysis of your contracts, please reach out to [email protected]. To discuss the cloud service agreement, contact Rohan Pant, [email protected], and Vaibhav Jain, [email protected].

Seven Best Practices to Follow During a VDI Implementation | Blog

Driven by the increasing numbers of mobile workers during the pandemic, VDI implementation has rapidly grown as a secure solution that provides flexibility and cost savings. While it’s a good fit with today’s steadily growing remote workforce, VDI must be implemented properly to avoid pitfalls. Read on to learn the challenges and benefits of implementing a virtual desktop infrastructure.

Workplace infrastructure is quickly evolving. While Virtual Desktop Infrastructure (VDI) transformation has been in the industry for some time, COVID-19 has spurred its increased use to manage IT consumerization and control costs.

The benefits of implementing a virtual desktop infrastructure for enterprises can be remarkable and include easier accessibility for users, device flexibility, increased security, and lower costs. However, if not implemented correctly, VDI can bring organizational challenges. Many projects fail due to improper design leading to performance issues.

Based on our experiences helping organizations understand and optimize VDI implementation to achieve the right model for their budgets and timelines, we identified the following seven best practices:

  1. Understand end-user requirements – Boot storms can be avoided by being cognizant of such details as the number of VDI users, end-user applications, and the times of day users will log in and access their virtual desktops
  2. Consider end-user location – VDI architecture and resources may vary for users at different locations. Bandwidth and latency also have a big impact on the end-user experience
  3. Choose the ratio of persistent or non-persistent desktops – The virtual desktop type can sometimes be determined by the user type, such as task workers, power users, kiosk workers, etc. Persistent desktops retain a user’s personal settings when they log off, while non-persistent virtual desktops do not
  4. Consider client device options – A desktop virtualization benefit is that nearly any device can have a virtual desktop client. Deciding the best mix of thin client devices, converting old personal computers into thin clients, and having bring your own device (BYOD) clients are key factors in VDI deployment. Maintenance requirements and ownership will differ for each case
  5. Design for high availability – While a problem with one physical desktop affects just a single user, an overall VDI failure has the potential to impact all employees. Design the underlying architecture to be highly available to avoid this
  6. Craft a BYOD policy – VDI lets organizations deliver a desktop experience to many types of endpoints and devices – even those owned by end users. Carefully design and distribute a BYOD policy indicating what users can and cannot do on their personal devices
  7. Factor in security – Do not overlook infrastructure security. All security best practices that apply to physical desktops/laptops also pertain to virtual desktops. Administrators should make sure to extend patch management operations to cover virtual desktops

For a detailed analysis of your VDI implementation, please reach out to [email protected]. To discuss further, contact Vaibhav Jain at [email protected].

Razor-sharp Solution Sizing for IT Services – How to Ensure Competitive Pricing | Webinar

ON-DEMAND WEBINAR

Razor-sharp Solution Sizing for IT Services – How to Ensure Competitive Pricing

There is clear intentionality as IT applications and infrastructure move to managed services, a shift that the global challenge to find talent across industries accelerated.

Pricing model asks are now moving from simple day rates to more complex pricing constructs, such as pricing for agile pods, weekly pricing, fixed fee, and output and outcome-based pricing. In such scenarios, getting the solution sizing right is often the difference between wins and losses in competitive deal scenarios.

Within a managed services model, providers will also need to correctly translate these underlying solution considerations and the value they bring to the client to ensure that the solution is evaluated for its true merit.

 

What questions will the webinar answer for the participants?

  • Why is razor-sharp solution sizing so critical?
  • What are the important parameters to keep in mind?
  • What are the common pitfalls to avoid to ensure a competitive fee profile?

Who should attend?

  • Service providers
  • Commercial leads
  • Sales leaders
  • Pricing team members
  • Solution design leads
  • Contracting leads
Gupta Prateek Refresh gray square 1
Prateek Gupta
Practice Director

Is Managed Detection and Response (MDR) the Holy Grail for Cybersecurity Services? | Blog

With the meteoric rise in cyber attacks and cybersecurity talent shortage, Managed Detection and Response (MDR) can help enterprises improve incident detection, investigation, and response without more staffing. MDR provides a winning combination of technology, analytics, and human intelligence to improve cyber resiliency. Read on for recommendations for an effective cybersecurity approach.  

Contact us for questions or to discuss this topic in more detail.

The cybersecurity outlook has shifted from business and IT-driven to the C-suite. Enterprise investments are now geared towards establishing cyber resiliency programs with holistic threat advisory, comprehensive monitoring, and faster response as the key building blocks.

Let’s take a look at the elements enterprises want in cybersecurity.

Strategic enterprise priorities for running an effective cybersecurity program

Picture1 2

Picture2 2

The MDR solution

With the right building blocks, MDR is becoming a near-term remedy for major enterprise cybersecurity challenges and helping companies meet their strategic priorities for effective cyber security programs.

Sophisticated threats are becoming difficult to detect because they can evade traditional controls and detection techniques. MDR aims to improve the struggling enterprise incident detection, investigation, and response capabilities.

MDR leverages next-generation technologies to hunt and respond better. Further, MDR brings the perfect amalgamation of technology, analytics, and human intelligence to bolster the enterprise cybersecurity position.

Types of managed detection and response providers

Our recent assessment of MDR services for leading technology enterprises analyzed the evolution of MDR technology vendors. We looked at their evolution from providing Endpoint Detection and Response (EDR) solutions to adding greater value through different services.

MDR service providers take different approaches to solutions and pricing services and can be classified in the following categories:

Type A vendors: They primarily position their EDR offerings as part of MDR services and typically provide an as-a-service model that includes the necessary software along with services

Type B vendors: These multi-threat vector-focused vendors cover not only endpoints but also include cloud-based workloads and networks in their solutions. They propose as-a-service and pure services models depending on the customer’s requirements and investment into detection and monitoring software in the current environment

Type C vendors: They are primarily managed security services providers delivering end-to-end security services along with MDR. In certain instances, they create bespoke offerings depending on customers’ requirements. They are typically vendor-agnostic and offer both as-a-service and a pure services model

Points to ponder before embracing MDR

Bringing together existing capabilities with an experienced provider is the key to jumpstarting the enterprise MDR journey.

Below are some recommendations to achieve success when implementing MDR services:

  1. Start small
  • Add MDR capabilities to areas where your enterprise lacks capabilities or has an imminent need to scale existing capabilities
  • Consider starting with incident response and threat remediation, given the lack of skilled resources and the required tools and technologies
  1. Integrate with existing technologies
  • Undertake a comprehensive assessment to determine how the MDR provider’s threat containment and response approach can be best integrated with enterprise policies and business processes
  • Integrate with existing security technologies quickly and based on standards (e.g., Application Programming Interface (API), protocols)
  1. Choose the right MDR stack and vendor
  • Understand no single best MDR provider exists in the market. Select MDR providers that have experience in use cases relevant to the enterprise’s size, maturity, and industry vertical
  • Choose a technology-agnostic vendor with a proprietary delivery platform with log and data management, analytics, orchestration, and incident response capabilities

Once enterprises have kickstarted their MDR journey, they often can choose to combine overall cybersecurity and MDR services under one portfolio. In a few instances, we have observed the supply side proposing the convergence of the Security Operation Center (SOC) into the MDR solution to help enterprises save costs. Enterprises should leverage MDR in a way that complements their existing operations to essentially fill the gaps in their threat management strategy.

Managed detection and response pricing

MDR pricing models and structures are still evolving. For example, Type A or Type C vendors usually prefer going with per unit-based pricing models where EDR and other software might or might not be included depending on requirements. Bespoke offerings can further modulate the price based on service inclusions and exclusions. Thus, different pricing metrics are offered, such as per asset, per user, etc., which slightly complicates matters and makes apples-to-apples comparisons difficult.

Additionally, we have observed that service providers may command premium prices because of the delivery location and type of value-adds included. For example, in the government sector, we have typically seen onshore delivery because of compliances, regulations, and discomfort with offshoring. At the same time, we have seen a few other cases where vendors leverage offshore locations for functions such as 24×7 monitoring to improve price positioning.

High-end threat hunting and cyber deception services are niche skills in the market. The current talent war creates a void in enterprise threat management strategy. Managed Detection and Response, with its suite of services, has the potential to emerge as a market winner.

Learn how to we can help you benchmark prices and contracts for a wide array of services, from contact center service IT to business processes. Our price benchmarking catalogs cover competitive market pricing for the most prominent locations across the globe.

To discuss Managed Detection and Response and cybersecurity, please reach out to [email protected], [email protected], and [email protected].

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

"*" indicates required fields

Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.