Barry Turner and David Pool explain the business planning, technical considerations and operational processes that need to be addressed when shifting infrastructure to a next generation public cloud managed service provider.

Next-generation public cloud managed service providers (NG-MSPs) enable their clients to achieve key business outcomes that were previously thought to be difficult or unachievable while simultaneously creating tangible financial benefits. Selecting the right partner or partners for a cloud project is, therefore, a critical part of any business strategy.

What is the business case?

The starting point in making a decision should always be: the business case. This defines why a business might want to use an NG-MSP. It outlines the benefits, the costs and risks - all of which impact vendor selection.

The benefits are generally acknowledged as business agility, access to new capabilities and a consumption cost model which can reduce expenditure. Organisations that focus more on the strategic impact of agility and new capabilities, rather than costs, are typically more successful. An example of a strategic benefit is improving the customer experience and therefore reducing churn by transitioning from large infrequent software releases to small multiple daily updates.

Costs can be grouped into different categories:

  • Strategy and planning: evaluating which workloads make sense to move to the cloud and in which sequence. Factors such as licensing, application cloud readiness and reserving resources for a reduced fee may be a factor. There could well be a need for new organisational capabilities, which have a cost implication.
  • Design and deployment: the costs of the application, infrastructure and data design. The ability to pay by the hour allows a level of experimentation previously unavailable. Using a larger server may complete the work faster for the same cost, whilst for other workloads, a move to a new architecture may be the best option.
  • Migration costs: moving workloads to the cloud. Depending on the capabilities and resources available in-house this may be a mix of internal costs and contracted services.
  • Operational costs include service consumption: management of the infrastructure and application, as well as governance and vendor management. The nature of the public cloud means users can easily create new resources. Without governance, these costs will quickly escalate. The granular consumption charging can also make the bills complex to manage.
  • Optimisation: this is a cloud-specific consulting process where the workload is periodically reviewed to identify performance, cost, operational, reliability and security improvements.
  • Decommissioning: the initial business case needs to include any costs associated with either down-sizing or completely removing existing data centre capacity.

Risk assessment also needs consideration. Migrating to the public cloud brings with it a number of risks with potential positive and negative impacts. The assessment needs to look at strategic, commercial and technical risks, evaluate the expected impact and outline management strategies. An example of a technical risk would be ensuring data integrity during the migration process and a commercial one, is the need for a cloud-specific governance model.

Delivering next-generation managed services

The role of an NG-MSP has evolved from the traditional service model. In has become more about translating customer needs to the appropriate solution and supporting the workload through the full plan, design, implement, operate and optimise phases. This requires a consultative business-led approach, experience in migrating and running a variety of workloads in the public cloud, as well as being able to innovate at speed.

Look to the NG-MSP to help design and implement new applications that take advantage of the new capabilities in the public cloud and enable developers to deploy applications using DevOps. With involvement up to and including the application level, the NG-MSP should also offer the cloud-specific managed services activities, as defined below.

This change in approach requires the managed service provider to have capabilities across the lifecycle of: consult > plan & design > build & migrate > operate > optimise. This all requires a more comprehensive customer lifecycle management approach.

What are the security vulnerabilities?

The security vulnerabilities in public cloud are different from those in the traditional data centre. This dictates that security needs to be built into the design from the start, or you are simply increasing the rate at which you create security vulnerabilities.

A well-designed public cloud environment offers a substantially higher level of security than traditional IT services. Public cloud vendors have their own frameworks to achieve this and adhering to these best practices can provide a secure foundation to build on.

An NG-MSP can also expand on this to include security tools that extend to a multi-cloud environment. Look for organisations that provide services such as automated governance and compliance, security incident and event management systems (SIEM). These detect and remediate against security vulnerabilities. It’s also worth looking for data recovery and backup services. Finally, include security testing in the design phase of the project.

If the NG-MSP is not asking about security at the initial conversation you probably need to find an alternative provider.

Ask the right questions for partner validation

Public cloud providers provide different partner tiers and specialisms, which require the NG-MSP to maintain levels of spend, vendor-certified staff and demonstrate organisational competence. Looking for these accreditations will add a level of confidence in their capabilities. Industry-based certifications also indicate high levels of expertise, ISO2000 demonstrates robust service management processes, ISO27001 does the same for security.

Assess the best managed services for the business

Managed services come in a wide variety of shapes and sizes and are best described as many shades of grey, as opposed to black and white. Typically, these are the types of activities provided by an NG-MSP:

  • Operational service hours that meet your requirements - there is no need to pay for 24/7 service on an application running UK business hours.
  • Monitoring of security, infrastructure, application and service with online access to real-time data.
  • Patching and support operations to ensure the workload provides the required service in a secure manner. Take care to ensure the MSP has the skills required e.g. an ERP environment is very different from an open source e-commerce platform.
  • IAM and security operations covering account and subscription management, IAM principles and comprehensive security services.
  • Service desk access using the medium that suits your culture, this may include voice, email, chat and web portal or just one of these.
  • Cloud management platform (CMP), the portal through which the customer accesses, requests and manages services.
  • Foundational SLAs that specify the management service - for example a P1 incident will be responded to in X minutes.
  • Workload and application SLAs typically fall into two types: performance and reliability. A performance SLA could be based on application volume output or customer experience such as transaction time. Reliability is usually expressed as application or infrastructure availability - for example 98.5%. RPO and RTO targets can also be classified as a workload SLA.
  • Service management reviews and support team if applicable. These may be charged as extra so if a quarterly phone call is all you need, specify this. Alternatively, some organisations will require dedicated onsite teams from the MSP.
  • Business practices, there are a variety of pricing models available from pure consumption-based through to fixed costs. The difference between them is the sharing of risk, at one end this lies with the client at the other with the MSP.
  • Contractual arrangements, some cloud-specific contractual areas to review are pricing models, currency, data ownership, termination process and access and SLAs. Take care to avoid lock-in at either MSP or cloud provider level, portability is a key cloud attribute.

The best NG-MSP can help you use public cloud services effectively, delivering services that are based on public cloud best practices and tailored for your specific needs. They will have also created an agile working environment that enables them to integrate the almost continuous flow of new capabilities coming from the public cloud vendors into the services they offer. The right partner can help you on your digital journey, helping you to use these platforms to deliver value to your business.

Barry Turner: 
David Pool: