What to Consider When Using a Cloud or Managed Service Provider

Workloads are getting bigger. To manage all of this information and application data, businesses have a few options: store workloads on a company-owned server, tap the storage space of a managed service provider (MSP) or go with a hybrid model that combines a private, on-premises cloud with an MSP.

So, how does a business decide? “There’s no black or white, nor an absolute right or wrong answer,” says Laura DiDio, principal, Information Technology Intelligence Consulting (ITIC), a Massachusetts-based technology consultancy and research firm. As an industry analyst, DiDio offers insights on the considerations and caveats organizations should weigh when deciding how to manage their workloads.

Know Thyself

Recent changes in IT and data storage affect the ways nearly all businesses operate their IT functions.

The problem of sufficient storage space, for example, is fairly new, DiDio notes. In the early dot-com days, the internet seemed to easily accommodate all of the bits and bytes generated online. But in the past 10 to 20 years—the big data era—more workloads have been offloaded or outsourced into the cloud. “I don’t know of any shrinking applications,” DiDio says. And as workloads increase, many organizations are running out of physical space for additional servers.

“If you’re going to remain competitive and ensure a smoothly running organization, your IT system must incorporate high reliability, high availability, strong security and encryption.”

—Laura DiDio, principal, Information Technology Intelligence Consulting

Some small and midsized businesses (SMBs) also have limited resources to devote to IT. Why build an on-premises private cloud when an outside vendor can provide the same types of services at a lower cost?

To decide whether to keep all workloads in-house or move some of them to an outside MSP, determine what your enterprise needs, both now and in the future.

Make an Assessment

“Every organization, regardless of vertical market, must perform a thorough analysis and review of what its workloads look like,” DiDio says. Assess your IT environment by measuring how many servers it has and how much bandwidth it’s consuming. She advises constructing a three- to five-year plan that anticipates any and all possible disruptions, changes and growth possibilities. “Otherwise, you’ll be hanging a going-out-of-business sign.”

Then, check your needs in terms of the budget and technological expertise of your IT staff. All of your organization’s technology stakeholders must be involved in creating this deep dive into the business—C-level executives, network administrators, facilities people, and the company’s telecom and connectivity professionals.

“A lot depends on what’s going on at the level of expertise and support you have in your internal IT department,” DiDio explains. “If you’re going to remain competitive and ensure a smoothly running organization, your IT system must incorporate high reliability, high availability, strong security and encryption.”

Besides talking with your IT managers to determine whether your company has the experience and head count to accomplish these tasks, talk to your developers. If, for example, a company hopes to build a custom application—it could be one targeting a specific vertical, such as a specialized medical accounting application—its staff might have the expertise but not the time to test and retest the application. The servers must be robust enough to accommodate current and future workloads, and the company needs the physical space to accommodate additional servers and racks if necessary. A lack of server space—along with a lack of funding to add such space—can delay release of a groundbreaking, money-making product by weeks or months.

Current and Future Needs

DiDio recommends looking at your current application environment workloads and future workload predictions per year. Storage needs and workload sizes are growing year over year, even in companies where the head count is static. Meanwhile, she notes, many companies—particularly SMBs—simply can’t increase their budget for internal technical services.

Compliance and Security

Another major consideration is regulatory compliance, a particular concern in the healthcare and financial services industries. While many companies have internal counsel who can keep on top of changes or new regulations, if your business doesn’t, “can your organization keep up with regulatory compliance on its own?” Didio asks. “Is it worth it?”

An issue for all businesses is the growing threat of cybercrime. This includes not only the expense of preventing a breach to your system but also the potential costs a breach could inflict.

In short, in approaching the decision of whether to outsource workloads, you must determine what makes the most sense to your particular business and budget. “For a lot of people, it’s going to be a hybrid environment,” DiDio says. She believes that more than half of U.S. businesses will manage their workloads through a hybrid setup within a few years.

A hybrid model offers multiple advantages. Some workloads can be kept in-house to securely protect proprietary applications. To keep IT costs under control and not overtax your IT staff, other workloads could be managed by an MSP.

Sharing Responsibilities

If your organization transfers workloads to an outside service, DiDio says, you must have oversight. “Otherwise, the reality may not match your expectations.”

Based on independent, web-based surveys and first-person customer interviews ITIC has conducted, only 26 percent of businesses actually make sure their vendors are meeting the service-level agreement requirements. That could mean that if a power outage occurs or you need more server space, you might not get the type of service you need. “Offloading workloads that must be in compliance with government regulations may not be a panacea,” DiDio notes. “You have to make sure your MSP has that expertise.”

She suggests looking at a potential MSP as a landlord, comparing it to an apartment building. “The infrastructure is great, you have laundry services on the premises, beautiful appointments, copper pipes and so on,” she says. “But what good is that going to do if you’re living next door to people who party all night?”

Ask a cloud provider or MSP whose data shares tenancy with yours. “Your applications, resources and workloads are going to reside on a server with other businesses,” DiDio explains. Ask how much of that server’s capacity is going to be devoted to your company. If you get stuck on a server with a resource hog, this can prevent your company from accessing added capacity when you need it most. If an MSP says it would never let that happen, DiDio suggests you reply, “Great. Put it in writing.”

Also ensure the MSP isn’t mixing certain types of applications and workloads on the same server. Cloud-based and MSP environments will almost always feature virtualization. “Applications are not one-size-fits-all,” DiDio notes. A web server will have different memory, storage, performance, capacity, availability and uptime, scalability, backup and disaster recovery, and growth requirements from a line of business. The cloud provider must also have a thorough understanding of the business and technical requirements for every application and each virtualized instance.

Make Security a Priority

Security is always a consideration. A data breach or a service outage in a shared virtualized server environment will result in greater collateral damage. If all of your company’s mission-critical applications and services reside in the same virtual server, your organization will be crippled in the event of a direct hit or failure. DiDio suggests you ask these questions:

• What happens if a service outage or other problem occurs?
• How quickly will your outside storage provider respond?

“A lot of these service contracts are written to be deliberately nebulous. The service contract will often only say that the MSP will make best efforts to resolve an issue,” DiDio notes. She strongly advises businesses to ensure the vendor’s responsibilities are specifically outlined in the terms and conditions.

DiDio also recommends having a legal specialist review the service agreement to make sure nothing’s hidden. And don’t be afraid to challenge the contract terms and conditions. “Push hard and negotiate for better deals,” she says. “If the MSP truly wants your business and values your firm as a customer, it will bargain in good faith.”

Once you’ve signed an agreement with an outside cloud services provider, it’s essential to connect stakeholders in your organization with their counterparts working for that provider. That way, if something goes wrong, everyone involved can work together as seamlessly as possible to ensure everything gets back on track quickly.

“Your in-house network engineers, IT departments and software developers have to work closely with the MSP or cloud vendor,” DiDio says, “because you’re going to need seamless integration and interoperability between the two environments—your on-premises environment and your external, outsourced cloud environment.”

Should something go wrong, that interoperability must also occur within your organization. Your company’s stakeholders must work together and know who does what should an emergency occur. “How well your company survives and gets back up and running with minimal damage is going to depend upon cross-silo process interactions and shared responsibilities,” DiDio explains.

Ask Questions

The decision to outsource workloads to an MSP or cloud services provider depends on a company’s understanding of its business—its financial resources, in-house talent, and future challenges and opportunities. And it requires asking a lot of questions—some directed to the potential MSP, others to the organization itself.

“You have to look at everything about your workloads from a business perspective,” DiDio says. If your business remains successful, those workloads won’t shrink.