Forget all the hype. After 35 years in Finance IT consultancy, Ray Bricknell MD of Behind Every Cloud and the creator of the Clover index Cloud Vendor Ratings benchmark tells us what “real world” COO’s of mid-sized Financial Services firms in London are talking to him about most in early 2017, and what he is advising them by reply.
- I think our IT function is too heavily focussed on “keeping the lights on” and we need to refocus it more on differentiating our business.
Perhaps the most common theme that presents in the strategically minded COO, this question is THE big one you should be asking in 2017. For decades IT has played the role of the internally and downwards facing cost-centre, and with the accessibility of Infrastructure as a Service, the emergence of DevOps and Agile software development and the highly flexible, instantly available capacity that Public Cloud can offer – there is no longer any excuse not to embrace IT and Cloud for REAL business differentiation and Board Level focus.
- I’m interested in IT Outsourcing Strategy and Business Case development for a “future proof, Cloud Ready” world. We’re not really sure yet what we’re going to do next and would really just like some credible independent guidance.
If they had their own way, the MSP and Cloud providers would have you believing that you’re the last firm in the world to move to “the Cloud”. It simply isn’t true. Our Clover index data tells us that only about 10% of mid-sized UK Finance firms are fully Cloud based, and they are mostly green field start-ups. So you’re not the only firm yet to form a strategy in this area, and by taking a more conservative approach you have already avoided some of the pitfalls of being too “bleeding edge”. Having said that, Cloud’s impact on the way that we deploy IT based functions IS inevitable. And its now a lot clearer to those in the know where we are all heading than it was perhaps 12 months ago. Good, experienced independent advice is out there – you just need to know where to look – and question the motivations of everyone you speak to.
- Our IT equipment is getting on a bit now. It’s been a couple of years since we refreshed it and we need to look at the options for moving our IT to some sort of Cloud platform.
At this stage, other than in the use-case where capacity is needed for a short and burstable workload, the cost benefit argument FOR Cloud is yet to be proven. Our view is that rather than return the savings to their clients, the mid-sized MSP’s are retaining profits to pay down their platform investment debt, and the Public Cloud vendors are surprising many clients with unforeseen costs. Only genuine competition in a commoditised market will make that happen, and at this stage the quality and variety of offerings is so variable that we have a way to go. That said, there IS typically a less tangible service level improvement benefit to be had, and right now your value to an MSP as a “new logo” has a massive multiple that you need to play to its full potential in your negotiations. M&A in this space will be continuous in the next few years and many mid-sized business are positioning to exit before the big players eat their lunch, so we’re in the early stages of a fierce client “land grab”. IF your current kit is between 18 months and 12 months from End of Life – NOW is the time to start exploring the strategic and commercial options.
- I’d like to meet some good quality vendors who can help us on a journey towards a “multi-cloud” or “hybrid” future that perhaps includes some Public Cloud and hosted application elements like Office 365 or Sales force along with our core business applications.
Lots of London MSPs TALK a great game about being Public Cloud integrators. The simple fact is that many of these firms resisted engaging with e.g. Azure until they could no longer avoid it – because products like Office 365 and Exchange On-Line cannibalise their core recurring revenue base. These firms are being offered as little of 10% of their recurring client book to “sell-out”. The visionary MSPs saw the writing on the wall – and recognised that the future for them is based on “multi-cloud” workload management and excellent client service. Like the VAR’s of old, they realised that manufacturing Cloud platforms would likely NOT be where they add value. Rather – “Adding Value” – and providing an end-to-end Service wrapper for Cloud is their future. The vendors who embraced this early are streets ahead, and the ones who embraced the idea by investing in IP to manage multi-cloud workloads, whilst few and far between, are further out in front still.
- I’m concerned that our Security and Data Protection might not be where it should be but I honestly have no idea, and I would also like to know more about this particular area in a “multi-cloud” and GDPR future.
The simple answer is that if YOU aren’t SURE, then I AM – it isn’t! Only detailed analysis and reporting at a meta/trend/ pattern based AI/algo level, that aggregates feeds from multiple sources, analyses events in context and reports by exception, will ever give you that confidence. This is a very specialised field – and there are literally hundreds of providers clambering for your custom – some better than others. This one needs some serious focus, and is DEFINITELY something you should outsource. Put your effort into vendor comparison and make sure your poacher is not your gamekeeper (which hold for all Vendor Management relationships). That said, the IT industry does hype and FUD better than Hollywood – and there is actually quite a lot of solace in the assertion that even an average CSP is probably doing security better than your typical On-Prem SMB IT team.
- We have an Office move coming up, so we need to look at the options for moving our IT out of our building.
Again a pretty simple one. If you run a relatively “Cloud Ready” suite of applications, then there IS a cloud model that can work for you BUT, migration and transition takes time (between 6 and 12 months) if you want to avoid unnecessary risk. So plan at least that far ahead. Installing new client site communications links in London alone can take 12 months worst case (i.e. when the lawyers and landlords start talking about way leaves). You should DEFINITELY NOT be running your IT in your office during or after you move. If the assets have sweat left, then put them into a Tier 3 DC BEFORE you move offices. If they are EOL, then start implementing a Cloud (Private, Hybrid Public) strategy now so you can break the dependency.
- I’m concerned that our Disaster Recovery might not be up to scratch. I hear things have moved on a bit commercially in this space and I wonder if there might be a better, more cost effective way to acquire it.
This has been an area of great change in the past 2 years. In 2016 we did a webinar on Brighttalk summarising the evolution in this technology area since about 10 years ago. The bottom line is that if you implemented DR pre-Cloud, then your Cloud DR strategy and tech will likely need to change. We have also been agitating massively for Vendor Diversity – and a Prod/DR split between vendors seems to be the most palatable/manageable line of MSA/SLA demarcation. We’ve proven this in the market with the pairing of a couple of “best of breed” Prod and DR vendors for some of our clients, and it works well. One of the key sticking points is getting the DR Provider to be granted admin access to your primary Production Private Cloud provider’s environment at the right level – but it can be done pretty easily if you are buying a dedicated compute layer.
The other huge gain here is that DRaaS can be procured at about 20% of the run rate costs of the traditional “hot standby” model – which is a great source of relief for all of the COO’s and CTO’s out there who truly resented putting 50% of their spend into an insurance policy. Initial commitment terms for DRaaS are usually only 1Y too.
- I’d like to meet some IT vendors who just focus on providing good quality on-site Desktop and End User Support Services.
Yes – believe it or not this is getting trickier than it ought to be. Getting a good Desktop Support guy in our industry is hard in the first place – everyone who is really capable tends to do it for a year or two, and then aspires to more. If you are an MSP who provides this service as an outsource – then managing the churn, the variable quality and the client expectations (which are high) is a real challenge. Bizarrely this is perhaps the hardest service layer in the market to get right consistently because it is all dependent on the personality of the on-site resource – and his/her fit with the culture and personality of the client firm and its staff. To cap it all off, this role probably contributes about 75% toward the client’s view of how good their MSP is. Talk about a challenge!?
- We have quite a lot of older “legacy” applications but we don’t want to re-engineer them for the Cloud. I’d like to know if the Cloud model still has value for us? I’m pretty sure we need to explore options for a dedicated or shared Private Cloud that guarantees us security and regulatory compliance, combined with flexibility and scalability.
Yep – I am pretty sure you do too. But this is one of those almost “religious” discussion topics and views vary wildly.
My opinion: Public Cloud isn’t there yet for every workload profile (and in my opinion probably never will be). Service wrappers, termination rights and contracts are critical. Audit and Step-in Rights are mandatory requirements of the Regulators. DR is a real challenge for Legacy Appns. Data jurisdiction and international / SEC laws/rights remain uncertain. A PAYG cost model doesn’t work for steady predicable workloads, and no one can get hold of good DevOps techs at the moment for love or money. And who wants to re-engineer all of their VMware VMs just so they can pay more to run them in a PAYG model – with no functional gain. In region failover (e.g. 2 * Tier 3 DC’s within the UK) for Public Cloud doesn’t exist. I could go on…
On average the mid-sized UK Finance Clients of BEC have a very low level of interest in Public Cloud right now. Sure there are brave exceptions, especially in the disrupter world, or in firms that have historically embraced Open Source (again few) but the common view is that UK Centric, 2 * London DC, Shared (Multi-Tenanted) Private Cloud – perhaps using dedicated compute and shared SAN – is the go-to model for next few years. So lots of firms are seeing this as a “Step 101 on their Cloud Journey”. Adjusting to any sort of outsourced IT is a big cultural change for any firm, let alone trying to re-engineer the entire appn and appn devt stack simultaneously.
- I’m really ONLY interested in Public Cloud provider comparison (e.g. MS Azure vs. AWS)
OK. Good luck with that. Can’t really help you except to say: If you are building rapidly variable, agile web appns – go with Amazon. If you are corporate enterprise with a heavy existing footprint in SharePoint, Exchange, and SQL – go with Azure BUT in my opinion, we will probably all end up (and arguably we already are) in a “multicloud” world that includes SaaS, IaaS, Dedicated Legacy in Colo, DRaaS, PaaS, and Public Cloud. So start thinking about things like authentication and single sign-on, a “multi-cloud ready” network – and policies to control / manage spending on shadow IT.
- We’re looking at moving our Corporate Network to a more flexible “Multi-Cloud Ready” state.
Good plan. There are VERY few really good global vendors in this space and they’re not cheap – but Man, are they GOOD!!