In the world of infrastructure as code, large and small businesses need a team that understands how infrastructure enables faster deployment and smarter product development. In the cloud, costs depend more on how day-to-day workflows are managed, not just on what hardware is running — so processes and reporting are more complex. Companies need a partner to not just fill in the gaps, but to tell them where the gaps are. They need experts not phone support.
The cloud is challenging managed service providers (MSPs) to offer more value to customers, and enterprises should update their criteria to take advantage of these services. Here are six things enterprises should look for in a cloud MSP:
This may sound obvious, but true cloud expertise is harder to come by than you might imagine. Here are some things to ask — and some warning signs to watch out for:
Is the MSP an approved partner? (ex. AWS Premier Partner) What tier?
This matters. Top tier partners have more experience — proven experience, more stable, and are more accustomed to dealing with enterprise-level clients. AWS has tens of thousands of partners, so Premier Partners highlight those in the top 1-2%. If a partner you are evaluating is new to the AWS ecosystem, they will have more limited enterprise support access and no preferred access to beta programs.
Has the MSP been independently audited for this expertise?
It is one thing for an organisation to become a partner, but quite another to be audited by a third party for this expertise. AWS offers this as a program, and approved MSPs get APN Managed Service Partner status based on rigorous criteria.
How many cloud certifications does the MSP hold?
The IT industry is filled with thousands of new cloud engineers and new cloud companies. While this makes the cloud industry an exciting place to be, it is also a risky one for enterprises that cannot afford to hire green cloud engineers or inexperienced cloud partners for their mission-critical projects.
If your enterprise is moving to the cloud, make sure your partners arecertified in your cloud platform of choice. Certification will not prevent all mistakes, but it will guarantee that the MSP’s staff has breadth of experience, troubleshooting skills, and a serious commitment to cloud best practices.
How does the partner define “cloud”? Are they still trying to sell old tech as “cloud”?
Many MSPs still sell private cloud and colo — and this is a benefit. However, the thing to watch out for is when an organisation sells their own “public cloud” or tries to make the pitch that their collection of data centres is “more secure” than the big players or “more flexible”.
Cloud has come to mean many things, and you do not want your organisation stuck in a small, old-tech data centre because you bought the promise of pseudo-“cloud” technology. If your MSP is trying to sell anything other than AWS (or Google, or Azure) to you as public cloud, take a closer look.
Agility leads the list of drivers for adopting the cloud, according to a report by Harvard Business Review. Innovation comes second. Most see this agility from reducing business complexity and IT operational complexity.
These statistics, like most cloud-based studies, unfortunately confuse the distinction between cloud-based SaaS products and cloud hosting. The former provides built-in agility, the latter does not. In order to get the cost and agility benefits of migrating core infrastructure hosting to AWS or another cloud provider, you need to not only orchestrate the platform’s services on your own, but you need to also set up your own workflows, build your own reports, and perform hundreds of other tasks that AWS does not do for you. AWS is not a SaaS provider, it is a platform.
The answer is to automate your cloud infrastructure so that it becomes a PaaS-like platform for your development team; i.e., they can spin up and down new environments in minutes, replicate changes automatically across instances, and centralise documentation and change management.
These tools make a DevOps transition possible. Developers can get their code tested and in production in minutes. Automation empowers cost-effective experimentation. Tools like containerisation create a common language for both systems engineers and developers to communicate. Together, cloud automation and orchestration software have the potential to drastically reduce the effort in migrating to the cloud, reduce the risk of human error, guarantee that developers maintain compliance, and increase speed of development.
The problem? It would take multiple, senior-level level automation engineers working for months to develop a script that spins up perfectly configured instances for a variety of applications from scratch.
If cloud MSPs can run a script (created beforehand) to spin up a new environment in days, that is a huge value add for enterprises. Cloud MSPs can do the initial setup and maintenance of deployment pipelines. They can become software companies as well as curators of a dizzyingly complex software marketplace, helping enterprises take advantage of the true agility of the cloud.
To maintain agility, you must maintain feedback between business and IT. IT needs to know where to spend and how, and business needs to know how infrastructure costs are changing over time. Typical MSPs will give you a cloud bill, and leave it to you to figure out the rest.
The great thing about migrating to the cloud is that more detailed cost reporting is available to you than ever before. But you need to configure and maintain it. A good cloud MSP handles set up and provides detailed cost reporting and automated reports. These MSPs go further to implement reviews where this data is subjected to human logic and implement appropriate cost savings strategies. For example, they may buy Reserved Instances, provide cost projections, give budget and allocation advice, and help you tag cloud resources by project and team for tracking.
A good MSP will also provide change management, incident management, ticket management and prioritisation, and basic project management. This is especially useful for organisations without an existing project management office. This can be as basic as a central ticketing and change tracking interface, but usually necessitates a dedicated technical account manager.
Traditional IT expertise
At a time when the vast majority of enterprises will implement a combination of on-premises, private, and public cloud environments, they need a partner that understands all three. They need an MSP who can deploy greenfield public cloud environments in a relatively short span of time, but also has experience in traditional enterprise hosting in order to understand legacy applications and communicate in the same language with their not-yet-cloud-ready internal teams.
A ‘born in the cloud’ MSP will stay as far away from your monolithic apps and legacy infrastructure as possible. As a result, they will often perform a cursory audit of the application, and may deploy it to a public cloud without understanding the application’s weaknesses, which tiers/features cannot be replaced by cloud platform’s resources, or the roles of the engineers that maintain that application. They are also usually not accustomed to integrating with complex enterprise teams who require more than standard monitoring and reporting features.
In addition, not every application tier is immediately suitable for the public cloud. There are many legacy systems – like Oracle RAC, for example – that have no replacement in a cloud platform like AWS. There may also be business reasons why it is not advisable to move all tiers of an application, such as when significant capital has been invested in custom database or virtualisation systems. An MSP that understands both traditional IT and cloud infrastructure will not only be able to better audit and advise enterprises on this score, but may even be able to transport that physical hardware to their own datacenter. This enables the enterprise to get all the benefits of outsourced management while maintaining colocation between their database tier and other tiers hosted on the public cloud. The cost savings and agility benefits of such a configuration can be significant.
Cloud technology changes every day. Old-guard MSPs are highly proficient at maintaining a system, but may not build cloud infrastructure that can evolve efficiently. Business should find an MSP that prioritises ongoing changes, not just ongoing monitoring.
A great MSP will understand that setting up your cloud “perfectly” on Day 1 is impossible. Instead, they will give your cloud the capacity for efficient change, which is usually a function both of the project management services (described above in #3) and cloud automation (#2). A cloud that is fully templatised and automated can change more frequently, automatically document those changes, and enable roll backs. This reduces both the risk of change and the overhead associated with change management.
Security credentials and certifications
Most enterprises that are looking for an MSP are also looking for a MSSP — a managed security services provider. Security expertise is table stakes in any MSP evaluation.
How do you evaluate cloud security experience? The field is relatively new, and little exists in the way of credentials or certifications. As a result, there are three key characteristics you should look for instead: traditional security credentials, compliance experience, and 3rd party audited security practices.
First, any well-qualified MSP will maintain the following certifications:
- SAS70 Type II
- SOX Compliance
- PCI DSS Compliance
The ability to earn such qualifications indicates that the MSP possesses a high level of security and compliance expertise. They require extensive (and expensive) investigations by 3rd party auditors of physical infrastructure and team practices.
Secondly, the MSP should have compliance experience, measured both by existing client logos, detailed responsibility matrixes, and 3rd party auditors. Most organisations will claim PCI and HIPAA compliance, but make sure they have had their offering audited by a reputable auditor against the HIPAA requirements as defined by HHS or the PCI DSS 3.0.
In 2016, more old-guard MSPs and new born-in-the-cloud providers will enter the cloud MSP space. It is crucial that businesses know what to look for — and distinguish the marketing speak from reality.