In a survey of 322 organizations, CompTIA found that 30% of all users of managed services plan to invest in or increase spending on managed security services this year. Thirty-three percent said they plan to purchase or spend more on managed storage, backup and disaster recovery services. Web or email hosting is another spending priority, followed by network monitoring, Software as a Service and application subscriptions.
The surveyed organizations ranged from small businesses with 20 or fewer employees to large enterprises with 1,000 or more employees and $250 million or more in annual revenue,
The managed service model -- defined in the survey as the "ongoing management, monitoring and maintenance" of IT infrastructure and services -- is here to stay, said Richard Rysiewicz, vice president of services for Oakbrook Terrace, Ill.-based CompTIA.
"The strength of the managed service provider model from the CIO's perspective is that the provider becomes much more of adviser rather than a resource you use on an ad hoc basis," Rysiewicz said. "When most people talk about managed services today, what they are really talking about is a business relationship between a customer and service provider, similar to a lawyer or an accountant."
Leave the esoteric to the MSP
In a rapidly evolving technology environment, leaving it to the experts can be the most prudent approach, he added. "A CIO may know a lot about databases or the applications used by the organization, but not about the newest wireless technologies; the managed service provider takes care of that," Rysiewicz said.
This is particularly true for security, argues Forrester Research Inc. analyst Paul Stamp, a former systems architect with the Global Security Practice at Unisys Corp. In a report published earlier this month on managed security services, Stamp says the days are gone when an organization can single-handedly manage all the security risks to its IT environment. In an interconnected world, sensitive information is shared among vendors, suppliers, customers and even competitors, each of whom shoulders some security responsibilities.
"An organization that doesn't consider outsourcing at least some security tasks on the grounds that it needs to maintain total control is missing the point," Stamp said. "A security provider can take on many of the more esoteric or difficult security tasks, often more efficiently and effectively than an internal team, leaving the security team to focus to concentrate on its main purpose: aligning security strategy with the core business."
Indeed, respondents in the CompTIA survey listed a lack of in-house expertise and the more euphemistic, "It allows us to focus on core competency," as main reasons for using managed services. About a third said using a managed services provider (MSP) is cheaper than doing the work themselves.
ROI: A compass
Whatever the reason, the rising demand for managed services is driving a fundamental shift in the provider business model, Rysiewicz said.
"The industry and the end users are all starting to see the same need, and that need is that you have to demonstrate a return on investment on the service you provide," Rysiewicz said. "CIOs are getting pressured by their organizations to show the ROI when they invest in a particular technology. Now the CIO is going out to the managed service provider and asking the same thing: 'If I invest in you, what is your ROI?'"
One obvious benefit is the cost savings realized by reducing or eliminating downtime, because the service provider managing the system is continuously and proactively monitoring it. "If you can reduce downtime, the cost savings can range from thousands to millions of dollars, depending on the size of the organization," Rysiewicz said.
ROI starts with due diligence and a good contract, he added. "If you get true partnerships and you structure these deals well, and the partners do their jobs and the CIOs do their jobs, the ROI can be very significant." CompTIA is doing its part, he added, by coming out later this year with the equivalent of a Good Housekeeping Seal of Approval for managed service provider best practices.
CompTIA might want to consult with Vic Fischer, vice president of IT at Colliers International, a San Jose, Calif.-based commercial real estate firm with 12 offices and more than 400 brokers and a small IT staff.
Colliers uses managed services from Sprint Nextel Corp. to provide firewall protection, Internet connectivity and Network Address Translation and domain name server services between its private network and the outside world. Fischer defines the arrangement as managed service, not outsourcing, because Sprint has "nothing on their premises that actually belongs to us," Fischer said in an email. The chief benefit has been to keep the responsibility for the wide area network (WAN) function "all with one party and avoid finger-pointing."
"The chief drawback has been that when we want to make changes, as we recently did to improve the flow of email traffic to and from the Internet, Sprint's procedures guarantee that the change will take at least five business days," Fischer said.
Colliers does not use outsourced services, Fischer said, after flirting with a deal to outsource Exchange to a third party. "There's also a subjective flavor to all this," he added, related in large part to "how visible the service is to the user base."
"While a problem with the WAN might have an immediate and direct effect on our users' activities, the network is kind of a deus ex machine to them and knowing which party has direct control over which part is not of interest," Fischer explained.
Email, on the other hand, is very real to his users, and knowing their firm would be dependent on a third party might raise concern.
However he, too, is looking at using more managed services, including Redmond, Wash.-based Azaleos Corp. for hosting and support of Exchange, and perhaps an MSP for storage, given the firm's penchant, he added, for "saving everything in sight."
Let us know what you think about the story; email Linda Tucci, Senior News Writer.