• United States



by No Analyst or Consultant

Managed Service Providers (MSPs)  Coming Of Age?

Feb 02, 20018 mins
CSO and CISOData and Information Security

RFG believes that some MSPs have reached the levels of technical maturity financial stability required to provide reliable business benefits to the enterprise. IT executives should review MSP capabilities, financial conditions, and service cost structures to verify if outsourcing selected parts of the IT management infrastructure makes good business sense and provides a strong value proposition.

Business Imperatives:

  • A good way to begin working with an MSP is to enter into a pilot that minimizes business risk, limits financial exposure, and tests selected services. IT executives should discuss an MSP outsourcing pilot with their technical staff and select areas that are difficult or costly for the enterprise to support internally as pilot candidates.
  • Enterprise requirements must be the foundation for MSP contractual terms and conditions and service level agreements (SLAs). IT executives should prepare a statement of work that is reviewed carefully with the MSP to ensure enterprise requirements are mutually understood and satisfied by the MSP proposal.
  • Networks and IT infrastructures are increasing in complexity and asset, fault, performance, and security monitoring and management can easily overstretch scarce enterprise resources. IT executives should focus on identifying the technical support gaps that currently exist and plan to evaluate any MSP services that can help improve technical support and overall performance.

The MSP Association defines MSP as a company that delivers information technology infrastructure management services over a network to multiple clients on a subscription basis. In many cases, there may not appear to be significant differentiation between an MSP and an application service provider (ASP), and the distinction will probably remain clouded for some time. Some MSPs have been around for almost two years, but have only recently gained widespread interest in large enterprise environments because of declining technical resources and shrinking support budgets at many larger corporations.

With most MSP offerings, the MSP maintains a set of monitoring and management tools that monitor a client’s network and systems. Embedded software agents, simulated transactions, and the Simple Network Management Protocol (SNMP) are used to collect traps and alarms to obtain the required performance information. The collected information is then sorted, archived, and logged into a database for further processing and action as required by the particular customer.

The MSP value proposition, although fairly simple, can be quite effective if it clearly indicates significant cost savings and improved management solutions for the enterprise client. Some of the important benefits that an MSP can provide include:

  • Rapid deployment IT monitoring and security quickly;
  • Support of focus by customers on core competencies;
  • Saving time and money for customers via 24×7 management systems that are maintained and upgraded by the MSP;
  • Increased availability and reliability of customer networks, via expert analysis of network performance by specialized individuals and systems; and
  • Minimal start-up costs to customers for outsourced IT infrastructure monitoring and management.

However, a critical area where the “rubber meets the road” lies in the MSPs ability to monitor and report on IT network and systems performance and take defined actions that are customer-specific. For example, a third-party router vendor SLA may state that the availability guarantee is 99.99 percent, but proving conformance with this requirement can be difficult. However, an MSP can monitor the router and report any deviation from the SLA guarantee to the customer via a predetermined method, such as an instant page or exception report. IT executives should verify enterprise monitoring and reporting requirements are well defined, included in the MSPs SLA, and tested in the service pilot.

Some MSPs have developed excellent abilities to monitor proactively the performance of SLAs from other vendors, and include such abilities in their monitoring and reporting services. SilverBack Technologies, a pioneer in the MSP arena, provides 24×7 monitoring and management services for the critical components of the IT and network infrastructure. In addition, the company provides expert technical advice and instant notification to clients if and when deteriorating SLA performance situations are encountered.

From a service reliability standpoint, MSPs should repair or replace any on-site equipment that it installs and requires for network performance monitoring and reporting within 24 hours. This also includes back-office systems required to provide the monitoring and performance reporting service. Additionally, all essential equipment and software should be backed up using high-reliability techniques. IT executives should discuss back-up and reliability capabilities with potential MSPs and verify that all critical software, hardware, and connectivity technology required to maintain the service has high availability levels.

MSPs have expanded their market from mid-size companies to large enterprise clients by offering proactive monitoring and reporting services they hope will tie SLAs and contractual guarantees together into an attractive enterprise offering. Enterprise IT executives are often drawn to MSPs by the growing need to detect and correct network problems quickly before they become catastrophes. To succeed at this, many MSPs claim, ongoing, proactive management and monitoring is now a necessity. In addition, MSPs including InteQ, SilverBack and Triactive, to name a few, are taking advantage of Web technology to provide Web-based customer portals to view network performance and statistics.

RFG believes that MSPs can help overtaxed IT organizations by providing a blend of outsourced application management, e-business, network, and systems monitoring and management services. MSPs operate under both centralized and distributed models, and the pros and cons of each continue to be debated. However, an on-site application hosting approach may provide for better customer control and allow for an easier pilot test. IT executives should evaluate MSP models to determine if they provide any of the key business benefits listed below.

  • Increased IT and network staff efficiency.
  • Low cost subscription based service with no large infrastructure investment.
  • Minimal costs for installation, upgrades, and ongoing maintenance service.
  • A value proposition that translates into cost savings, improved performance, and increased productivity.
  • Enterprise-class scalability.

Enterprise IT executives must carefully analyze SLAs before selecting a specific MSP. SLAs deserve special consideration because they are the documents in which MSPs must clearly define their services, how the services will be delivered and supported, and what non-performance penalties will apply.

IT executives should also verify that MSP services comply with enterprise business requirements and that there are no contractual misunderstandings by preparing a comprehensive statement of work to which the MSP must respond in writing.

MSP fault management should include a Web-based portal and intuitive user interface that provides alarm status from network equipment, systems, and service providers. A graphical user interface (GUI) should present meaningful information using graphs, gauges, bar charts, pie charts, and similar tools, so that alarm streams of incongruous information are viewed as actionable information. In addition, fault management should translate network, system, and application specific alarms and status into usable information that monitors SLA performance from other vendors and network providers.

Asset management deals with tracking IT and network equipment to maintain accurate inventory control for accounting and finance purposes. It also provides the capability to manage equipment and software upgrades and track maintenance and support contracts. IT executives can use asset management to improve network planning and inventory management, and to determine when system upgrades are required.

Performance management includes reports that identify the health and performance of a network and IT systems over selected time periods. The reports should include utilization levels, failures by number and type, and other information that helps quantify availability and reliability. MSPs should be able to customize the reports to track vendor specific SLA guarantees and provide notification if levels are not being met as promised.

Security monitoring includes scanning services that monitor firewalls, Web servers, and Internet connections. Virus scanning will also become important for many companies along with intrusion detection and frequent port scanning to detect network vulnerabilities. MSPs have an opportunity to provide a valuable enterprise service with security management because of the complexity and time-consuming process it takes IT organizations to upgrade, maintain, and monitor enterprise system security.

MSPs can add significant value to monitoring and detection services focused on these areas if those MSPs understand the business requirements of each specific enterprise they serve. IT executives should review the service menus of their chosen or candidate MSPs, and select services that can fill in any niche area that requires additional support.

RFG believes that MSPs can provide to enterprises valuable subscription-based services that help effectively monitor and manage critical networks, systems, and applications. IT executives considering working with MSPs should compare internal costs for providing IT monitoring and performance based services against the MSP start-up costs and monthly service subscription fees. This assessment will help IT executives determine if the potential savings are compelling enough to move forward with one or more MSP partners.

© 2001 Robert Frances Group. All rights reserved.