Cyberattack! It’s the word that strikes fear in the heart of every business owner. By now, most business owners are aware of the basic measures needed to help mitigate the threat – training employees to verify email that looks remotely suspicious, disallowing company data to be stored on personal devices – but these actions alone won’t guarantee prevention from malware, hacks and any other variety of cyberattack.
But, like most business owners, they concentrate first on what they need to keep the business running (or so they think): sales, marketing, managing employees and so forth.
Ask any business owner who probably feels they need another five or six hours in a day to accomplish everything how much time they spend thinking about cyber security, and you’re apt to get a response like, “Yes, I know it’s a threat, but we keep our software up-to-date and this stuff usually happens to someone else.”
Highlighting the scope of the problem
That’s where it’s tempting to launch into full sales mode and say something like, “Did you know that every day over 80,000 variants of malware are released, with thousands of hackers leveling tens of thousands of new hacks against businesses daily? And if that hasn’t frightened you enough, consider that it has been determined someone is hacked every 39 seconds.”
Or, “Would you buy a brand new BMW or Cadillac if it didn’t come with a warranty? Think of your business as the car, and your infrastructure protection as the warranty. You hope you never need it, but if you don’t have it and something happens, it’s costly to fix.”
One of the mistakes that companies make is having their IT support team expand their role to include cyber security. Without the right training, and in the absence of a clear understanding of the link between cyber security as an IT risk and a business risk, companies might focus on the wrong cyber security threats. Inasmuch as there are different business contexts, individual cyber security threats or sources may or may not cause financial, compliance and/or reputation issues. Therefore, companies might treat cyber security purely as an IT risk and could prioritize threats incorrectly.
The case for retaining the services of an experienced MSP
Here is where retaining the services of an experienced managed service provider (MSP) comes into the picture.
For us, part of the “sales” process is education. And it should be that way for everyone in this industry. We all know that there are a lot of organizations that promote themselves as MSPs. But, just as no two drops of rain are the same, neither are any two MSPs identical.
Here is where the education kicks in for us, and it should for anyone seeking to either sell or recommend MSP services.
What to look for in selecting an MSP
Elements to look for when selecting an MSP include:
Technical capabilities and experience working within your industry
Ability to support complex software infrastructures
Single point of contact/dedicated manager assignment
Remote and on-site support
Centralized analytics capabilities
Responsiveness and ability to communicate easily
Tiered cost system options
The range of security services an MSP can offer is wide, including:
Detection and response services
Endpoint security, including monitoring for attacks
Intrusion detection and reporting
Log management and analysis
Managing advanced threat defense technologies
Virtual private networks, or VPNs
Web and email security, such as anti-viral service and spam protection
An MSP should also have a thorough understanding of the compliance regulations that apply not only to their specific industry, but also in the state(s) they operate from. It’s wise to work with a single MSP with the ability to provide security program design and management with comprehensive knowledge of regulatory and standards compliance.
The importance of retaining an MSP that utilizes cutting-edge security management and mitigation tools cannot be overstated. You should look for firms that consistently introduce products designed to detect and alleviate cyber threats.
Many mitigation tools, for example, face challenges with the time and distance between storing and analyzing data. And having an MSP with the tools to meaningfully combat identified threats is an imperative. Many SIEM systems face challenges keeping up with real-time and immediate investigations of threats and acting on them requires a second or third level of effort. An MSP should have the tools to provide real-time monitoring of threats across the entire technological domain, and the ability to analyze large quantities of data to determine where issues/incidents are occurring, as well as the ability to confront and handle threats immediately.
Where cyber threats are concerned, sometimes seconds can make the difference.
IT leaders have a responsibility to educate our clients
As leaders in the field of IT, it is incumbent upon us to educate our prospective clients to make the best and most informed choice when it comes to partnering with an MSP.
A comprehensive portfolio, thorough understanding of industry compliance regulations and an arsenal of leading-edge security management and mitigation tools are the trifecta to look for when choosing a managed service provider. Remember, our prospects and clients have worked far too hard and invested far too much to leave a business vulnerable to cyberattacks. The cost of retaining a well-rounded MSP pales in comparison to the price a business will need to pay if the company is left exposed to threat.
Al Alper is CEO and Founder of Absolute Logic, which since 1991 has been providing Fortune 500-style technical support and technology consulting to businesses of up to 250 employees within Connecticut and New York. He is also the founder and CEO of CyberGuard360, a firm which develops and markets a solution set of products designed to detect and mitigate threats from cyberattacks. Al is a national speaker on IT and security issues and has authored a series of books, Revealed! which addresses cyber security issues.
In the 1880s, Thomas Edison and Nikola Tesla battled for the nation’s energy contract in what is now known as the War of the Currents. Edison developed direct current (DC) and it was the standard in the U.S. However, direct current is not easily converted to higher or lower voltages.
Enter Edison’s nemesis, Nikola Tesla. Tesla believed that alternating current (AC) was the solution to the voltage problem. Alternating current reverses direction a certain number of times per second and can be converted to different voltages relatively easily using a transformer.
It’s extraordinary to think that after all this time, there is still an AC/DC conundrum happening and—nowhere is it more prevalent than in the data center power flow that churns the workload, to supply the applications for our digital lives. Consider that even when alternative energy is brought into the mix, these production technologies initially produce DC power and AC power is still being delivered to the IT racks within the data center.
Progress Since the War of the Currents
According to the U.S. Energy Information Administration, the United States has relied on coal, oil and natural gas to provide the majority of the energy consumed since the early 1900s. Nuclear energy was once seen as the clear successor to coal for domestic electricity generation in the U.S., but a series of mishaps over the years has delayed, perhaps permanently, the widespread adoption of nuclear power. In addition, incidents at Three Mile Island (U.S.), Chernobyl (USSR/Russia) and Fukushima (Japan) have made it difficult in the minds of many to justify the growth of nuclear power plants as a source of electricity. Not to mention, the waste byproducts of nuclear fission. The decades-long fight over a long-term storage facility at Yucca Mountain in Nevada has forced many facilities to retain their spent nuclear fuel on site.
And in the early 2000s, solar power was first considered as a potential alternative to carbon-based sources of energy. However, the cost per kWHr has traditionally had difficulty reaching parity with power from coal, oil and natural gas until recently. Even with decades of drawbacks, it’s still vitally important to pursue renewable forms of energy.
The EIA defines renewable energy as “energy from sources that are naturally replenishing but flow-limited. They are virtually inexhaustible in duration but limited in the amount of energy that is available per unit of time.”
It’s important to keep the EIA definition in mind as data center builders are considering renewable power. A mix of renewable power is important because it lessens the strain on the local utilities while also helping them to meet local, state and federal requirements for alternative energy use.
New Alternative Energy Current War?
Since 2001, the uptake of renewable energy has seen slow but steady progress. The figure below provides a detailed breakout of the types of renewable energy used in 2017, with biomass, hydroelectric and wind being the top sources.
As previously mentioned, the power train supplying a data center has historically been implemented using AC power. From generation to transmission to point of use the power has been AC that gets stepped up or stepped down in voltage, as needed before being converted to DC power by the power supply residing in a server, network switch, router, load balancer or storage application.
On the other end of the power spectrum, many of the renewable energy sources inherently generate one form of electricity or another. Photovoltaic (PV) solar cells generate DC. Biogas and natural gas-powered fuel cells also generate DC. In order to be used in most data centers, the DC power from solar farms and fuel cells goes through an inversion process that turns DC into AC power. This allows the electricity to be transmitted efficiently across a distance and to be put back into “the grid” when not being put into energy storage systems or into loads such as data centers.
Regardless of renewable energy sources, data center locations are still primarily chosen for their proximity to cheap, reliable AC power from one or more utility provider power sources. However, by using renewable energy sources such as wind, solar, fuel cells and hydroelectricity to power data centers, companies can minimize power transmission and conversion losses, reduce their perceived carbon footprint and gain control over their sources of energy production. This allows them to grow their data centers to meet customer demands while complying with local, state and federal environmental impact laws.
But here is the rub: data centers are not situated close enough to the windmill, or to the dam supplying the hydroelectric power, requiring that the data center relies on an AC infeed supplied by a utility to get the electricity from the point-of-generation to the point of consumption. Google’s Sustainability Report underscores this statement by saying, “The places with the best renewable power potential are generally not the same places where a data center can most reliably serve its users. And while our data centers operate 24/7, most renewable energy sources don’t — yet. So, we need to plug into the electricity grid, which isn’t currently very green.”
Who’s Doing Their Part?
Contrary to the “rub” statement, good energy precedent is being set by some of the largest data centers, processing the biggest workloads.
Microsoft has been a notable pioneer in attempting to re-think the power train for their data centers. For example, their data center in Cheyenne, WY is powered from a biogas source supplying fuel cells on site. More recently, Microsoft built an evaluation lab that brings natural gas to the top of the rack and uses fuel cells located there to convert the gas to DC power that is consumed directly by the devices in the rack. This saves on power transmission losses and conversion losses at the expense of deploying some potentially costly fuel cells.
Facebook is also leveraging renewable energy sources and it is predicted that by 2020, the company will have committed to enough new renewable energy resources to equal 100 percent of the energy used by every data center they have built.
For Google’s part, in the same Sustainability Report, as previously mentioned, the company says, “In 2017 Google achieved a great milestone: purchasing 100% renewable energy to match consumption for global operations, including our data centers and offices. We’re investing in a brighter future for the whole industry. And we’re going beyond investing in renewable energy for our own operations—we want to grow the industry as a whole. Not only have we invested $3 billion in renewable energy projects, but we freely share technology that might help others study and respond to environmental challenges.”
The transition to higher adoption of renewable energy production continues for both utilities and consumers while being led and paid for by the largest internet properties around the globe. By working with the utility companies to develop large renewable energy production facilities and committing to purchase the outputs, the data center giants are leading the way to meet the clean energy needs of their businesses and communities.
While renewable energy coming from these projects is still a mix of AC and DC power, in the end, AC power is the common intermediary that joins the point-of-production to the utility and on to the point-of-consumption at the data center. Thus, most enterprise and cloud data centers rely on AC power to run their IT infrastructure. Sorry Edison, this is the “elephant” in the room, conclusion.
Whether your data center is using renewable energy or not, AC power is still the primary infeed to a data center, and AC power is distributed within the data center to the IT rack. For those data centers electing to remain with this tried and true approach, look for ways to help, such as using an intelligent PDU that supports an infeed of 415VAC 3-phase to deliver 240VAC to the outlet without requiring a transformer in the PDU. This helps to minimize conversion and distribution losses, minimize the size of copper cabling required for power and enable maximum power density for the rack, resulting in a greener, more efficient data center.
Marc Cram is Director of Sales for Server Technology (@ServerTechInc), a brand of Legrand (@Legrand). Marc is driven by a passion to deliver a positive power experience for the data center owner/operator. Marc brings engineering, production, purchasing, marketing, sales and quality expertise from the automotive, PC, semiconductor and data center industries together to give STI customers an unequalled level of support and guidance through the journey of PDU product definition, selection and implementation. Marc earned a BSEE from Rice University and has over 30 years of experience in the field of electronics.
Gartner recently made a bold claim: The data center is dead. Along with this proclamation, Gartner predicts that 80% of enterprises will have shut down their traditional data center by 2025, compared to the 10% we see today. Gartner also states that “hybrid cloud is the foundation of digital business” and further estimates that the hybrid cloud market will reach $209 billion in 2019, growing to $317 billion by 2022.
But what current trends and drivers are prompting Gartner’s claims and predictions? And, more importantly, does this mean you should jump ship from your data center to the hybrid cloud?
A Look at the Data Center Footprint
By diving into the current environment and statistical predictions for the future, we can shed some light on Gartner’s perspective. Although annual global IP traffic continues to rise and predictions go even higher (annual global IP traffic is estimated to reach 3.3 zettabytes by 2021), the number of traditional enterprise data centers globally has declined from 8.55 million in 2015 to 8.4 million in 2017 and continues to fall.
Even with data center numbers on the decline, the energy usage and costs associated globally can be shocking. U.S. data centers devour electricity using more than 90 billion kilowatt-hours of electricity a year, and in turn require roughly 34 giant coal-powered plants. Data centers account for approximately 3% of total global electricity usage in 2015, equating to nearly 40% more than the entire United Kingdom. With all these statistics, it comes as no surprise that in 2016 the Data Center Optimization Initiative (DCOI) told federal agencies to reduce the costs of physical data centers by 25% or more, leading 11,404 data centers to be taken offline by May of 2018. While this initiative is cutting costs associated with traditional data centers, the resource burden of these 11,700 federal data centers still must shift elsewhere.
New Tech, New Tools, New Demands on Data Centers
This shift from the traditional physical data center to newer options comes from more than just cost-cutting mandates—it is sparked and accelerated by the explosion of artificial intelligence, on-demand video streaming and IoT devices. These technologies are being rapidly adopted and require substantially more power and infrastructure flexibility. With 10 billion internet-devices currently in use and projections reaching 20 billion IoT devices in use by 2020, massive increases to data center infrastructure and electricity consumption are required to keep up.
With these mounting demands and the introduction of the Power Usage Effectiveness (PUE) metrics, traditional data centers are evolving through more efficient cooling systems and greener, smarter construction practices for better-regulated buildings, along with greater energy efficiency from storage hardware. Successfully rising to the challenge is achievable, as Google demonstrates by now maintaining an impressive PUE of 1.12 across all its data centers.
Hybrid is The Answer
Despite these advances, enterprises are still relying heavily on public, private and hybrid clouds over data centers, reinforcing Gartner’s position; however, cost and demand are driving shifts from traditional data centers to the hybrid cloud. While many enterprise organizations assumed a complete transition to the public cloud would solve their issues with legacy systems, this approach ultimately shifted IT pains rather than resolving them. Escalating and unpredictable costs persisted and grew in the public cloud, along with new security concerns.
Despite turning away from data centers and facing new issues in the public cloud, a better and more complete answer can be found in hybrid, custom and multi-cloud solutions – solutions blending the capabilities and benefits of public and private cloud technology with traditional data centers. This comprehensive approach meets the cost, security and compliance needs of enterprise organizations. With custom solutions providing better tools, better management methods and easier migrations, the future looks more hopeful with hybrid and multi-clouds being the “new normal” for business. As AWS introduced its AWS Outposts product following Microsoft’s introduction of the hybrid Azure Stack, the IT landscape truly begins to transform into this new normal.
More than Surviving, Data Centers Evolve and Thrive
As they are streamlined and made stronger through hybrid and custom platforms, data centers are not in fact dead but instead evolved to be more efficient and support new solutions. Emerging approaches to storage, computing and physical space continue to make the data center a relevant component in today’s IT equation for enterprise businesses.
Through even more efficient approaches like hyperconvergence and hyperscale, hybrid and multi-cloud solutions can simplify migrations, reduce cost and improve agility. These innovative new techniques in data storage and computing are proving to save organizations—and government agencies—from costly expansions and lagging operations. Additionally, physical improvements like airflow management, liquid cooling, microgrids and more are breathing new life into legacy infrastructures.
Keeping Up with the Cutting Edge
As traditional data centers are evolving for a new IT era, the landscape has clearly become more complex than ever before. Keeping up requires the expertise of IT partners that have data center expertise, and that can also provide the necessary geodiversity, interconnection services, tools and experience from migration to management. Partnering also allows organizations to leverage experts that can rationalize public cloud workload placement and offer “as-a-service” offerings to alleviate some of the cost and resource pain points that organizations sometimes run into when trying to implement changes using their stretched internal IT staff. Building this network of partners to enable and integrate diverse platforms is just another component in the evolutionary change of the IT environment.
As we look at the issues data centers will face in 2019, it’s clear that it’s not all about power consumption. There is an increasing focus on workloads, but, unlike in the past, these workloads are not contained within the walls of a single facility rather, they are scattered across multiple data centers, co-location facilities, public clouds, hybrid clouds and the edge. In addition, there has been a proliferation of devices scattered from microdata centers down to IoT sensors that are utilized by agriculture, smart cities, restaurants and healthcare. Due to this sprawl, IT infrastructure managers will need better visibility into the end-to-end network to ensure smooth workload processing.
If data center managers fail to obtain a more in-depth understanding of what is happening in the network, applications will begin to lag, security problems due to old versions of firmware will arise and non-compliance issues will be experienced. Inevitably, those data center managers who choose to not obtain a deep level of operational understanding will find their facilities in trouble because they don’t have the visibility and metrics needed to see what’s really happening.
You Can’t Manage What You Don’t Know
In addition to the aforementioned issues, if the network is not properly scrutinized with a high level of granularity, operating costs will begin to increase because it will become more and more difficult to obtain a clear understanding of all hardware and software pieces that are now sprawled out to the computing edge. Managers will always be held accountable for all devices and software running on the network no matter where it is located. However, those managers who are savvy enough to deploy a technology asset management (TAM) system will avoid many hardware and software problems with the ability to collect more in-depth information. With more data collected, these managers now have a single source of truth—for the entire network—to better manage security, compliance and software licensing.
Additionally, a full understanding of the devices and configurations responsible for processing workloads across this diverse IT ecosystem will help applications run smoothly. Managers need a TAM solution to remove many challenges that inhibit a deep dive into the full IT ecosystem because today, good infrastructure management is no longer only about the cabling and devices neatly stacked within the racks. Now, data center managers need to grasp how a fractured infrastructure, spread across physical and virtual environments, is still a unified entity that impacts all workloads and application performance.
Finding the Truth in Data
The ability to view a single source of truth gleaned from data gathered across the entire infrastructure sprawl, will also help keep OPEX costs in check. Deploying a TAM solution combines financial, inventory and contractual functions to optimize spending and support lifecycle management. Being armed with this enhanced data set promotes strategic, balance sheet decisions.
Data center managers must adjust how they view and interact with their total operations. It’s about looking at those operations from the applications first—where they’re running—then tracing it back through the infrastructure. With a macro point-of-view, managers will now be better equipped to optimize the workloads, at the lowest cost, while also ensuring the best service level agreements possible.
It’s true, no two applications ever run alike. Some applications may need to be in containers or special environments due to compliance requirements and others may move around. An in-depth understanding of the devices and the workloads that process these applications is critically important because you do not want to make wrong decisions and put an application into a public cloud when it must have the security and/or compliance required from a private cloud.
Most organizations will continue to grow in size and as they do, the IT assets required to support operations will also increase in number. Using a technology asset management system as the single source of truth is the best way to keep track and maintain assets regardless of where they are residing on today’s virtual or sprawled-out networks. Imagine how difficult it would be to find these answers if your CIO or CFO came to you and asked the following questions—without a TAM solution in place:
Are all our software licenses currently being used and are they all up to date?
How many servers do we have running now and how many can we retire next quarter?
Our ERP systems are down and the vendor says we owe them $1M in maintenance fees before they help us. Is this correct?
IT assets will always be dynamic and therefore must be meticulously tracked all the time. Laptops are constantly on the move, servers are shuffled around or left in a depleted zombie state and HR is constantly hiring or letting employees go. Given that data center managers must now share IT asset information with many business units, it’s imperative that a fresh list is continually maintained.
We are all embarking upon a new digital world where the essence of network performance resides on having a level of interrelationship understanding for hardware to software, that previous IT managers never had to contend with. Leveraging new tools for complete network and workload visibility will provide the full transparency necessary to ensure smooth operations in our distributed IT ecosystem.
Mark Gaydos is CMO at Nlyte where he oversees teams that help organizations understand the value of automating and optimizing how they manage their computing infrastructure.
By Brian Wilson, Director of Information Technology, BitTitan
As more enterprises begin migrating to the cloud, the question of cybersecurity is increasingly urgent. While cloud migration offers many benefits, it’s key to understand your company’s overall goals. Security and data protection can be maintained and even enhanced by a move to the cloud, but the appropriate processes and procedures must be understood and implemented for safeguards to be effective.
Set Appropriate Goals
Problems arise if you fail to understand or adequately set your company’s cloud-migration goals. The cloud is a big amorphous term. Companies can get stuck when they find themselves in a “boiling the ocean” scenario. Migration projects must be broken down into deliverable actions with a realistic timeline.
It’s sometimes easy to assume the cloud is the panacea, especially with the cloud’s cost-cutting benefits. Cost is certainly a motivating factor, but the cloud is not a cost-cutting solution for every situation in every business. For example, an inappropriately-sized cloud environment that’s larger than a company requires will escalate costs.
It’s crucial to understand what an organization will gain in terms of flexibility, security and compliance. Most operating systems will work in the cloud, offering flexibility on the software and workloads they deploy. In addition, many cloud companies make significant investments in security, which are much bigger than what an individual company’s IT department could make.
Take a Holistic View
Fundamentally, the overall migration process remains the same, whether you’re moving from on-premises-to-cloud or cloud-to-cloud. Though in an on-prem environment, most companies are working with known systems and tool sets for security, network monitoring or mobile device management. Those existing tools might not translate to the cloud, even if fundamentally, your processes haven’t changed. It’s important to plan for having the right set of security processes and tools during a migration that presents a hybrid infrastructure, either temporarily during the migration, or as part of the ongoing architecture.
Given this, it’s vital to take a holistic view and evaluate the total environment so you can plan how to manage, monitor and secure operations within the cloud. Also, it’s important to understand that migration often brings new security responsibilities to managed service providers (MSPs) and their clients. These might include new application scanning tools, intrusion detection systems with event logging, internal firewalls for individual applications and database or data-at-rest encryption.
Though the underlying platform is the cloud provider’s provenance, it’s up to enterprises to decide how the platform will be used, what data will reside there, who will have access to it and how it will be protected. By thinking holistically about these things, you’ll be more successful in achieving the appropriate level of cybersecurity protection.
The quest to guard against cyberthreats is never-ending. The cloud and all things associated with it are always evolving, and it’s a constant battle to stay one step ahead of the bad actors.
Therefore, companies must understand their risk profile and the level of protection they need. For example, businesses that handle personal data such as names, phone numbers, social security or credit card numbers, or medical info will likely have higher risk profiles than those who do not.
Sensitive data must be safeguarded, while appropriate employee education and procedures must be in place. The key to understanding your risk profile is to identify possible threats, and with that in mind, consider where you might be most vulnerable — both internally and externally. Use that information to drive conversations about the level of risk tolerance that is acceptable for your organization. In turn, this will define the level of investment required to minimize or mitigate any existing gaps in your risk profile.
Remember: regardless of whether data lives on-prem or in the cloud, the number-one security threat is still human error when it comes to data breaches caused by phishing attempts or ransomware. Companies should educate employees on appropriate procedures, while also leveraging their provider’s security tips and offerings. This often involves communicating risks, making security a responsibility for all staff and providing people with routine training.
Not All Data is Equal
Finally, companies should understand how to differentiate and classify sensitive and non-sensitive data. Companies can come to rely on their MSP’s abilities to automate data storage and security.
For larger corporations that may be running an Azure environment, for example, there’s greater willingness to rely on their MSPs to automate various provisioning activities. If an organization wants more control in those areas, they must be aware of their responsibility to turn those features off.
Additionally, regarding governance, companies get far greater leverage through automation methods that can facilitate application deployment, perform routine maintenance tasks to provide a level of uniformity that follows best practices and simplify compliance accreditation.
As a company considers a cloud migration, the simple edict is to understand from where you’re starting and where you ultimately hope to land — all before beginning a migration project. A clear vision of what your company wants to accomplish will ultimately determine your success. It’s a new environment that requires support from everyone involved.
Brian Wilson is the Director of Information Technology at BitTitan, where he specializes in the areas of IT strategy, roadmaps, enterprise systems and cloud/SaaS technologies. Prior to joining BitTitan, Brian worked as an executive with San Jose-based IT services company Quantum and in various IT consultant roles with Cascade Technology Consulting, PricewaterhouseCoopers and the Application Group. Brian has over 25 years of experience as a senior IT executive, with an industry background that spans high technology, consulting, commercial real estate and manufacturing.
By Mark Kirstein, Vice President of Products, BitTitan
The new year brings a wave of eagerness and ambition for innovators across industries. For IT professionals and managed service providers (MSPs), this often means setting new business goals. For instance, in 2019 MSPs or IT firms may be considering new service offerings, building a new core competency, or simply growing revenue and improving profitability.
Regardless of the goal, as part of this process, it is often helpful to think about trends surrounding the adoption of technology solutions. At BitTitan, we’ve been thinking about this and want to share our thoughts on what to expect in the coming year:
1. Cloud solution adoption makes its way through the early majority
If a company is only using on-premise technology versus cloud-based solutions, they’re likely falling behind the times.
Consider, as just one example, email hosted in the cloud. According to a recent survey from Gartner, just shy of 25 percent of public companies have made the jump to cloud email services, with adoption rates among SMBs even higher. In the coming year, we expect to see many more SMBs and enterprises alike moving to cloud-based email – the end of the early adopters and the beginning of the early majority.
Given this, MSPs and IT firms may want to do an audit of technology solutions and workstreams under their management to evaluate whether on-premise solutions would be more cost-effective if they were transitioned to the cloud.
2. Fueling the fire of cloud adoption
Remember that the enthusiasm for cloud-based solutions is being fueled by a number of factors, not just email. Consider that:
Many businesses have already successfully migrated email and/or other work in the cloud, boosting the confidence for those who were once wary of cloud solutions.
Cloud providers like Microsoft are increasing license costs and shortening support cycles of on-premise solutions, pushing businesses toward cloud alternatives. As a result, maintaining this legacy infrastructure is becoming more costly for IT.
Security concerns previously prevented people from moving to the cloud, but these concerns are being addressed. Cloud solutions can provide a higher level of security and are better maintained by cloud providers like Microsoft or Google through regular updates and patches to address new cyber threats. The same cannot be said for on-prem systems.
3. Customers are becoming more savvy about the cloud
While the last decade has primarily focused on why and how organizations should move to the cloud, in the next decade we’ll see more managers focused on optimizing their cloud services. Tech professionals will be sophisticated when selecting cloud providers and adopting new services.
For instance, they may take a multi-cloud approach for more flexibility and room for negotiation, helping to stave off vendor lock-in while allowing businesses to host workloads with the cloud provider that makes the most sense for specific business objectives.
As a result, managing IT environments will become more complex. Hybrid and multi-cloud strategies dominate, but department-level technology decisions are influencing an influx of SaaS solutions. These solutions can be challenging for IT teams who manage governance and ensure broader business integration. As this trend continues in 2019, MSPs will seek additional software management solutions to ease the transition and troubleshooting.
4. The market for specialists heats up
Companies will move away from generalists to tackle their cloud needs, and MSPs might consider specializing in one particular area to distinguish themselves from competitors. A wealth of user technology is available — such as container services to move applications, serverless computing, blockchain applications and automation to manage IT environments — and more specialists are necessary to effectively manage the tech field’s growing landscape.
Also, look for MSPs to further establish vertical specialties in industries such as health care or education, where speaking the end user’s language and understanding their specific ecosystem’s needs, challenges, and technical solutions gives MSPs a leg up.
5. Governance further commands attention
Another primary focus for IT in 2019 will be improved security and governance practices. For those coming from on-prem infrastructure with well-established processes, cloud governance looks far different. IT and MSPs have an opportunity to review and update these processes to ensure they’re appropriate for cloud-based systems. In addition to dictating where data is stored and for how long, governance plans also should address the availability, usability, and integrity of data.
Also, IT managers must ensure migration plans – whether to the cloud or between clouds – have security as a core tenant of its execution. Cyberthreats are only becoming more sophisticated, and any organization, regardless of size or industry, is vulnerable. Educate users about cyberthreats, and keep systems and applications up-to-date, while exploring other options to ensure all bases are covered.
Despite new challenges in 2019, the outlook for IT professionals and the service provider landscape remains strong. Technology leaders continuing to look ahead and purposefully approach the cloud will help their organizations execute on their visions in the coming year and beyond.
Mark Kirstein is the Vice President, Products at BitTitan, leading product development and product management teams for the company’s SaaS solutions. Prior to BitTitan, Mark served as the Senior Director of Product Management for the Mobile Enterprise Software division of Motorola Solutions, continuing in that capacity following its acquisition by Zebra Technologies in 2014. Mark has over two decades of experience overseeing product strategy, development, and go-to-market initiatives.
When not on the road coaching his daughter’s softball team, Mark enjoys spending time outdoors and rooting for the Boston Red Sox. He holds a bachelor’s degree in Computer Science from California Polytechnic State University.
No one wants their business to have to weather a disaster – but sometimes they happen. If you go in without any concept of what you’re doing, you’re more or less guaranteed to be in crisis. But if you go in with a well-established disaster recovery plan? You’ll be able to survive just about anything.
Sometimes, bad things happen. Sometimes, those bad things are unavoidable. And sometimes, they impact your business in a way that could potentially lose clients, customers, and employees.
In today’s climate, your business faces a massive volume of threats, spread across a larger threat surface than ever before. Disaster recovery is critical to your security posture, as it’s often not a question of if you’ll suffer a cyber-incident, but rather of when.
Whether or not your organization survives a disaster largely depends on one thing – how well you’ve prepared yourself for it. With a good disaster recovery plan, you can weather just about any storm. Let’s talk about what such a plan involves.
A Clear Idea Of Potential Threats
It’s impossible to identify every single risk your business could possibly face – nor should you put time and resources into doing so. Instead, focus on the disasters you’re likeliest to face. For instance, a business located in Vancouver probably doesn’t have to worry about a tornado, but there’s always a chance that it could be struck by a flood.
When coming up with this list, consider your industry, the technology you use, your geographical location, and the political climate where you’re located. Incidents that impact all businesses include ransomware, malware, hardware failure, software failure, power loss, and human error. Targeted attacks are another threat to your organization, particularly if you work in a high-security space – you may even end up in the crosshairs of a state-sponsored black hat.
Ideally, your crisis response plan needs to be flexible enough to deal with any incident you deem likely, and adaptable enough that it can be applied when you encounter an unexpected disaster.
An Inventory Of All Critical Assets
What systems, processes, and data can your organization not survive without? What hardware is especially important to your core business, and what sort of tolerance does your entire organization have for downtime and data loss? Make a list of every asset you control, both hardware and software, and arrange that list in order from most important to least important.
From there, you want to ask yourself a few questions.
First, what systems are absolutely business-critical? This is hardware and software your business cannot operate without – stuff you need to get as close to 100% uptime as possible. This could include the server that hosts a customer-facing application if you need an example.
Second, what data do you need to protect? Healthcare organizations, for example, are required to keep redundant backups of all patient data and to ensure that data is encrypted and accessible at all times. Figure out what files are most business-critical and prioritize those in your response plan.
Third, for the assets mentioned above, what is their tolerance to downtime? If those systems do go down, how much revenue will you potentially lose for each minute they’re offline? Are there any other considerations aside from revenue that mark them as important?
For instance, a communications platform for first responders needs 100% uptime – lives literally depend on it.
Finally, what can you do without? If you run a home-repair business that brings in customers mostly through word of mouth, your website going down probably won’t be too harmful to your bottom line. If, on the other hand, you’re an eCommerce store, your website is likely one of the most important assets you’ve got.
As you’ve no doubt surmised, no two disaster recovery plans are going to look the same. Every business has different needs and requirements. Every business has different assets they need to protect, and a different level of tolerance for downtime.
Once you’ve figured out your critical assets, ensure you have backups and redundant systems in place. These failover methods need to be thoroughly tested. You must be absolutely certain they’re in working order; you don’t want to find out the files on your backup server are corrupt after you’ve lost your hardware in a flood.
Accounting For People
Too many disaster recovery plans neglect the business’s most important resource – its people. How will employees escape the building during a catastrophic event? What should each staffer do during an emergency? Who’s responsible for coordinating emergency communication, reaching out to shareholders, and ensuring all critical systems failed over properly?
Ensure that roles and responsibilities during an incident are clearly-defined and well-established. More importantly, your plan needs to include guidelines for how to shift responsibility. If the staffer who’s meant to handle coordination of their colleagues during a fire is on vacation, who steps into the role?
Your disaster recovery plan needs to account for these details, while also including a means of disseminating information between employees. Ideally, you’ll want a crisis communication platform of some kind. Ensure that everyone has access to that platform.
When establishing your communications guidelines, make sure you attend to the following:
How you will keep in touch with partners and shareholders
How you will notify customers of the incident
How employees will communicate during the incident
Seeing To Recovery & Service Restoration
So, you weathered the storm. Your business is still standing. Good – now it’s time for recovery.
You should already have a good idea of what services are most critical to your business from the inventory you performed, so this is a fairly simple process to figure out which ones to restore first.
What you need to establish beyond service restoration is who you’ll reach out to, and how you’ll reach out to them. If clients or shareholders suffered monetary losses during the incident, how will you reimburse them? After the crisis has subsided, what will you do to improve your response in the next incident?
Practice and Evaluation
It’s been said that no plan survives first contact with the enemy. That’s true of disaster recovery, as well – if you leave your plan untested and unevaluated until your first disaster, it’s extremely likely you’re going to find weaknesses at the worst possible time. To identify areas that need improvement and familiarize staff with their responsibilities, run regular practice scenarios.
Additionally, you should constantly revisit your disaster recovery plan. Don’t approach it as a project. Approach it as a process.
Always look for ways you can improve it. Regularly revisit and re-evaluate it in light of new technology or new threats. And never assume you’ve done enough.
You can always be better.
Don’t Let A Crisis Cripple Your Business
Natural disasters. Hardware failure. Hackers and rogue employees. Malware and ransomware. The array of different threats facing your organization is absolutely staggering. A good crisis response and disaster recovery plan is critical if you’re to survive – critical to establishing a good cybersecurity posture.
Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.
Cyber hygiene shouldn’t be a difficult concept – yet it seems like many organizations struggle with it. Yours might even be among them. Either way, it’s probably better to be safe than sorry. Read on to see if you’ve done everything necessary to keep your security posture strong – and what you still need to improve on.
Hygiene’s pretty important. If you don’t regularly shower, keep your environment clean, and wash your hands, you get sick. By that same vein, if you aren’t actively trying to keep your systems, people, and data safe, your business is going to end up in a spot of trouble.
Trust me, I am going somewhere with this analogy.
Today, we’re going to talk about cyber hygiene. It’s a pretty simple concept, but one that’s surprisingly complicated (and often difficult) to incorporate into your own organization. In essence, it’s everything involved in maintaining a strong security posture and ensuring your infrastructure stays in working order.
There’s actually quite a bit to it, even if we just focus on the security side.
Know Your Risk Profile
First thing’s first, you’re going to want to think like a cybercriminal. What assets or systems are most valuable to someone looking to make a quick buck off your business? What about someone wanting to defraud your organization or its staff, or a competitor looking to steal your intellectual property?
That’s only the first step. Next, you need to think about how a criminal might get access to sensitive assets. What elements of your infrastructure are most vulnerable to attack? Where are you most likely to experience a data breach, and how?
External threats from criminals aren’t the only thing you need to account for. You’ll also need to consider risks like internal bad actors, natural disasters, equipment failure, and more. The most important thing is that you have the security in place to protect yourself from all but the worst threats, and the resilience to survive should your systems still end up compromised.
Speaking of resilience…
Have a Disaster Recovery and Business Continuity Plan
You cannot control the weather. You cannot stop every cyberattack, nor can you account for a malicious insider. Eventually, there is a very good chance your systems will go down, a very good chance you will encounter a crisis of some kind.
How well you make it through that crisis depends on your level of preparation. It depends on how comprehensive and thought-out your disaster recovery and business continuity plans are. How prepared you are for the worst, in other words.
In broad strokes, a good disaster recovery/business continuity plan establishes the following:
Roles and responsibilities in the event of a crisis. Who is in charge of keeping critical infrastructure operational and ensuring failover happens as it should? Who will keep in touch with shareholders and business partners? Ensure every employee understands precisely what their role should be.
A response plan for a wide range of emergencies. Figure out what your business is likely to face, and plan to weather that. A general crisis response plan is also important.
Critical and non-critical assets. What systems and data are critical to your business? What systems need to operate without interruption, and which ones need to be brought back online as quickly as possible?
Communication details. How will people stay in touch? Contact numbers, emails, a crisis communication platform, etc.
Major infrastructure. Do you have backup systems in place to ensure there is no interruption of service? Have those systems been adequately tested?
Do you retain multiple, redundant backups of critical data? How will you handle sensitive or regulated data?
Service recovery. What process will you have for getting services back online after an emergency?
Regular testing. This one is self-explanatory. Constantly evaluate and re-evaluate your crisis response plan.
Encourage Safe Practices By Staff
The old adage that your employees are the greatest security risk in your business holds true more than ever these days. Criminals are always going to seek the path of least resistance by default. What that means for you is that if you have nigh-unbreakable security infrastructure, they’ll simply try to gain access by bamboozling your employees.
And even if an employee doesn’t fall victim to the machinations of a hacker, they might still inadvertently compromise your business. Human error is the cause of most data breaches, after all. Unfortunately, there’s only so much you can do to mitigate this.
Do what you can to promote a culture of cybersecurity within your business. Ensure leadership is schooled in the importance of cyber best practices, and ensure you are regularly training and educating your staff on the ins and outs of staying safe in the digital world. More importantly, have systems in place to recognize people who best embrace and embody their role in keeping your organization’s data safe.
Make cybersecurity a part of everyone’s job. Because ultimately, whether you like it or not, it is. That’s not going to change anytime soon.
Don’t Forget About The Basics
We’ve talked about some fairly high-level stuff so far. Processes and policies, training programs, corporate culture, and so on. But the problem is, that’s not actually where the majority of businesses fail at cybersecurity.
As it turns out, most of them struggle with the foundation. In a study carried out by cybersecurity firm Tripwire, it was found that 57% of organizations still struggle with visibility into their networks and systems, taking weeks, months, or longer to detect new devices or services. Many businesses (40%) still aren’t scanning regularly for vulnerabilities, and even more (54%) don’t collect and consolidate critical system logs into a single location.
It gets worse. 31% don’t even have a password policy in place, and 41% aren’t using multi-factor authentication. In short, their cyber hygiene is awful, regardless of any other steps they’re taking to protect their data.
Luckily, it’s fairly easy to avoid falling into the trap that they have:
Patch your systems regularly and immediately.
Scan for vulnerabilities on a daily basis.
Ensure you have complete visibility into all networks and systems within your organization.
Implement automated monitoring tools that alert you of any unusual network activity.
Multifactor authentication: use it.
Understand That Cybersecurity Is Constantly Evolving
Last but certainly not least, one of the most common cybersecurity traps I see people fall into is the assumption that once their infrastructure is in place, their job is done. They don’t need to worry anymore – their data is safe, at least until next year sometime.
This is a dangerous mindset. The cybersecurity landscape is constantly shifting and evolving. You need to be cognizant of that. You need to pay attention to emerging vulnerabilities, new security techniques, and more.
Because if you’re not paying attention, you’ll simply be left behind.
Whether you’re talking about your infrastructure or yourself, hygiene is critical. Poor personal hygiene can result in sickness and isolation. Poor cyber hygiene can result in lost or misplaced data, data breaches, and productivity bottlenecks.
You don’t want to fall victim to either – and now you know how to avoid both.
Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.
Cloud hosting company, Superb Internet Corporation, was founded 22 years ago by current President and CEO, Haralds Jass, when he was just 16 years old. More than two decades in business have given Jass a powerful firsthand perspective on the Internet as it has developed, especially because his company has often served as an industry bellwether. I spoke with Jass about his inspiration for starting the company; what he feels has made the firm so successful; the rise of cloud technology; and various other aspects of the hosting industry. His responses give us a better picture of the world of web infrastructure from a recognized thought-leader.
Inspiration for starting the 2nd oldest hosting company
Success based on transparency
Lessons from 22 years in business
How more than two decades of experience is valuable to clients
Thoughts on the rise of cloud
Cloud’s relationship with the Internet of Things
Importance of infrastructure background to cloud
Maintaining speed and reliability
SMBs vs. enterprises
What compliance and standards are all about
Appreciation for the Internet and infrastructure
On the horizon for the industry and for Superb
Inspiration for Starting the 2nd Oldest Hosting Company
While Superb Internet Corporation is headquartered in Honolulu and features the original American hosting coast-to-coast IP network (HopOne), Haralds Jass grew up in Latvia. His father was the head engineer in his hometown of Cēsis before becoming a self-made entrepreneur.
Jass shared some of his father’s leadership spirit, even when he was a small child. “On the first day of school in first grade, some kids were saying how I was ‘bossy’ – back before I even knew what the word meant,” he says. “I also then kept looking at my watch, and made it clear that I didn’t think that all the introductory speeches from the principal and teachers were the best use of my time.”
Jass’s mother was a teacher, so he learned to read and write at about the same time he learned to walk. By the time he was five, he was already dabbling with invention. “I designed a perpetual motion engine, which was powered by electricity that was generated from its own motion,” he says. “I was planning to make one as soon as I could, realizing the business potential for it.”
Jass wasn’t just creative but also entrepreneurial. He went into business in a sense before he even started school, running his own publishing outfit that printed single copies of books. He also created large diagrams designed to improve city traffic flow, an early indicator of his future interest in Internet traffic optimization. Once he got into school, his penchant for starting businesses continued. “Ever since the first day of school, I was selling pencils and pens, at a margin of 100%,” he says. “I also tried and experimented with setting up satellite TV rebroadcasting through a powerful antenna, to try to make a wireless subscription service in my apartment building.”
Success Based on Transparency
One thing that Jass has always believed in fundamentally is transparency and clarity, and he thinks these principles have suffered in the world of cloud, particularly with consumer applications. Systems are too often geared toward the lowest common denominator. Companies don’t really know the inner-workings of cloud and don’t typically have much control.
Essentially, Jass believes in being forthright with customers and treating them as equals rather than pandering to them. “All of our data centers, platforms and services, as well as our network, operate under full disclosure: our customers know exactly what to expect, how things are built, the exact service and performance specs, the exact network architecture and maps,” he says. “We trust our customers to be true professionals and trust them to understand what we do.”
Plus, the company has always focused on overdoing it with everything it engineers to avoid limitations. “We always build for the fastest growth, highest load, highest traffic scenarios – and then double or triple it some more, so that infrastructure is never the bottleneck,” he says. “At the core of it, we are an infrastructure and a service organization, and we never cut corners on either.”
Lessons from 22 Years in Business
Jass stresses that a critical aspect of running a hosting service is that every tiny tweak must be carefully documented. Any change to the configuration, no matter how small, must be preceded by thorough planning, with complete scripting, peer-review, manager approval, and testing. Additionally, back-out steps must be outlined ahead of time for each step taken, Jass explains. “It is definitely an art form to balance the formal change management and QA, along with speed, agility and being responsive, one of our trademark elements,” he says. “It is an art form that I believe we have now perfected and that we truly deliver the best of both: speed, agility and responsiveness, along with a very high level of QA, thorough change control and management.”
How More Than Two Decades of Experience is Valuable to Clients
Superb Internet has been a frontrunner in the industry, Jass notes. The provider was the first to offer name-based virtual (shared) hosting in 1997 and the first to offer commercial virtual private server (VPS) hosting in 1999, the latter of which evolved into today’s cloud. “We are not just a user of the various platforms and technologies,” he says. “We have been, often, involved in actively shaping and developing them.”
This extensive experience as a thought-leader and bellwether is a great source of value to clients, explains Jass. The company’s background “gives us a far deeper level of understanding of the underlying hosting technology, and thus its security implications and the best ways to optimize performance, speed and reliability,” he says. “Our 7 million lines of original code base, the core that ties all of our operations into a unified whole, is the result of nearly 100 man-years of development time alone. The level of efficiency, coherence, and expertise that we have is, frankly, unmatched.”
Thoughts on the Rise of Cloud
As indicated above, Jass thinks that the downside of others’ cloud technology is that both individuals and businesses lose privacy and control; they typically don’t even know where their data is located. The convenience, scalability, and redundancies of cloud must be balanced with control and ownership.
Businesses can protect themselves when choosing cloud hosting in a couple of ways, Jass explains. They should “use a responsible, mature commercial cloud hosting service with a strong SLA and full transparency of exactly how the data is handled and where it resides,” he says. “Even better, a business should consider setting up a private cloud, where the business is still in full control of the architecture and their proprietary, confidential data, leaving nothing to doubt.”
The other major aspect that must be remembered about cloud is that the convenience isn’t just a plus for consumers and businesses, but also for hackers, Jass notes. With everything interconnected and accessible, security is a very real concern. “That is the one part that the industry doesn’t like to talk about and which keeps being quietly ignored,” says Jass. “Once again, choosing a mature provider, with full transparency, credible third-party audits and certifications, and a strong SLA is integral.”
While cloud increases the convenience and ubiquity of computing globally, it also brings with it another broad risk: if a large public cloud has an outage, it could mean a sizable chunk of the Internet goes down with it.
To look again at the positive attributes of cloud, Jass notes its application to the field of big data and analytics. The technology allows companies to analyze data essentially without limitation, thus discovering previously unimagined correlations. Another huge plus throughout industry is its scalability, he explains. The technology allows for “optimizing business operations and cost, by instantly scaling up and down as needed and never lacking the processing power or storage space,” he says. “The massive and instant scalability is a major boon to business, making every business using the cloud much more agile and responsive.”
Cloud also levels the playing field in business, allowing SMBs to compete with long-established enterprises. “What an SMB can get out of a public cloud is not very different from what an enterprise has in a custom-built private cloud,” says Jass. “It makes computing, storage and connectivity more ubiquitous and available for rapid, massive scaling to everyone, allowing SMBs and start-ups to start out small, but very quickly scale to many times their original size.”
Cloud’s Relationship with the Internet of Things
Some recent estimates suggest that the Internet of Things (IoT) could triple the size of the public cloud. The expected astronomical growth of IoT creates incredible opportunities for companies via emerging business models. Jass explains that much of this growth will be in advertising, as firms collect and sell personal information, such as shopping habits. “Combined with even more intelligence from interconnected, correlated, and personally identifiable data,” he says, “the Big Data will get even bigger and bigger.”
Importance of Infrastructure Background to Cloud
Cloud systems should be built by companies with deep histories in infrastructure, Jass explains, because problems that can potentially arise are manifold. The hosting service must understand “the intricacies of the hardware, the network protocols, the network architecture, the Internet routing as a whole, the distributed storage technology, the actual source code running the platform, and so on,” he says. “This is essential in order to be able to build and design it with multiple layers of fault-protection and redundancies within, and to truly optimize it for the best performance and resilience.”
To clarify, Jass adds that it isn’t difficult to create a cloud. However, it is exponentially more difficult to build one that is not going to fail no matter the circumstances, and that will always deliver a steady, predictable performance level.
Maintaining Speed and Reliability
One of the main concerns when designing for optimal speed and reliability is to engineer platforms and services that have safeguards against failure on numerous layers, Jass advises. The key concerns are “closely guarding against human errors, which are the #1 cause of all IT-related outages and problems,” he says, along with ensuring that there are “no single-points-of-failure – utilizing a completely distributed, decentralized architecture, as opposed to the legacy mainframe-like central storage filers that are still widely used by most in their ‘cloud’ hosting systems.”
It’s also fundamental that a hosting service doesn’t become greedy and oversell its cloud, Jass explains. “The great obfuscation and lack of transparency in the public cloud is an opportunity that, for most of the other Cloud Hosting Providers, has been simply too tempting to ignore,” he says. “Engaging in cloud overselling will dent both speed and reliability, not to mention destroy customer confidence in the CHP and in the cloud as a whole.”
Finally, Jass notes that you want to build with growth in mind, so that you are prepared for unexpected issues, such as traffic spikes and DDoS attacks. Speaking of DDoS, he says, security needs to be a primary concern at all times.
SMBs vs. Enterprises
Superb Internet has recently pivoted toward better meeting the needs of enterprises, while at the same time continuing to serve the SMBs who have populated its loyal customer base for over two decades. The needs of these different sizes of business are essentially the same, Jass explains: they both need IT solutions that are functional, fast, and reliable. The difference between the two “is that enterprises need third-party certifications and compliance with various US and international standards,” he says. “That is, enterprises need to meet the requirements of a complex and ever-changing regulatory environment and require third-party assurances that the service meets or exceeds various standards, such as ISO 27001 Information Security Management and ISO 9001 Quality Management.”
Actually, there is a significant advantage to focusing on enterprise requirements that is helpful to all clients, Jass adds. It means that Superb is able to serve “the full growth cycle of a company, from a startup, through its SMB years, and up to when it becomes a global enterprise,” he says. “Our services, capabilities, certifications and expertise are there to serve the business through its full growth cycle. Our customers never outgrow us and our capabilities.”
What Compliance and Standards are all About
Certifications for compliance and standards are critical for hosting services to be able to get the business of enterprises and government agencies. Jass says that in getting audited and certified for various standards, he realized the basic idea behind most of them is fundamentally the same: “formal and well-documented change management, quality management, and stringent security standards employed in the company and systems, network-wide.” He adds that he has “especially enjoyed seeing how our internal self-developed processes, continuous improvement techniques, and checks and balances were already, largely, in compliance with many of the standards; thus, often, only the wording and terminology, and sometimes recordkeeping format, had to be updated.”
Appreciation for the Internet and Infrastructure
The Internet is integrated into almost everyone’s life and is central to how businesses operate, Jass notes. At the same time, it’s still the same basic trusting environment of “best effort” that it’s been for over 30 years. “It’s like an airport with no security checkpoints,” he says. “A single network, either by misconfiguration or on purpose if compromised by attackers, can severely disrupt and potentially take down large portions of the Internet, by simply advertising some invalid BGP routes, for example. The impact of that risk has never been greater, as more and more data is stored and lives are lived ‘in the cloud’ and ‘on the net’.”
When you look at the cloud platforms themselves, they are incredibly accessible and efficient technologies, Jass explains. However, they are accompanied by a tremendous and increasing risk “of potentially devastating global consequences, with few measures in place by governments and ISPs for how to respond to feasible security-compromise or human-error-inflicted scenarios.”
Jass sees the Internet in terms of its promise but also in terms of its vulnerabilities. “It is such an integral part of our lives, but the security and resilience have not kept up at the protocol and architecture level,” he says. “While some networks, such as our coast-to-coast IP backbone, take a multi-layered approach to redundancies and security, most other networks just hope for the best; and that if something happens, everyone else will be down as well anyway.”
On the Horizon for the Industry and for Superb
Jass believes that a major upcoming trend in hosting will be a blurring of the lines between dedicated and cloud as hybrid hosting becomes more prevalent. Beyond that blending of approaches, hosting will likely “become even more ubiquitous, and even more cloud-based,” he says. “It’s both a threat of further commoditization, but also an opportunity to do things better than the giants, such as AWS.”
In terms of Superb Internet itself, Jass looks forward to another 22 years of client satisfaction and loyalty, with customers growing their businesses exponentially. “Our whole raison d’être is to be there for our customers as their partner in success,” he says. He also sees the company continuing to serve as an industry bellwether, living up to its motto Ahead of the Rest®. “We will never rest on our laurels and will always continue investing heavily in R&D, thus keeping our customers ahead of their competition and benefitting from our innovative industry-first services.”
*Disclaimer: The opinions expressed by Haralds Jass in this interview are entirely his own and do not necessarily reflect the position or views of Superb Internet Corp.
Key Findings from IT Glue’s Global MSP Benchmark Survey
By Joshua Oakes, Documentation Evangelist, IT Glue
The managed services business is reinventing itself, quickly. Companies are starting to realize the value of process and planning. More MSP owners, having been in the game a while, are starting to think more carefully about their exit strategies. In fact, even if you’re just starting out, you should be thinking about how to maximize the valuation of your business. It’s never too early to start building your equity.
For most MSP owners, when it comes time to retire or leave the business, there’s only a couple of viable options – sell the business, or wind it down. The latter option is problematic because all of the sweat equity the owner puts into the business is for naught. The former option is better, but there’s a problem here, too. Only around 20% of MSPs are sold. This makes sense – most MSPs are very small businesses, with their value deriving almost entirely from one or two key people. Buyers are looking for high-performing MSPs that aren’t reliant on key people, especially if those key people are exiting the business. It’s not easy to get into that top 20% of MSPs, but if you understand what those high performers look like, it becomes a lot easier.
So how do you get there? That Golden Quintile of MSPs that are attractive to prospective buyers – what do they look like? The results of IT Glue’s recent Global MSP Benchmark Survey provided us with some great insight into what the top 20% of performing MSPs actually looks like. Size doesn’t matter – great MSPs range from one-person shops to integrated companies large enough to target small enterprise clients. But there are some common traits that they all share:
Some MSPs are earning amazing margins. Net margins of at least 20% are required to get you into the Golden Quintile. There are a couple of key implications to this figure. First, it means that the best-performing MSPs aren’t price cutting in order to win business. They are focusing on the value that they deliver to their clients, and charging fees in accordance with that value. They’ve built their entire sales model around being a premium player in the market. For example, when they talk to prospects, they don’t get sucked into a negotiation about price. Instead, they highlight how they will handle tickets quickly, because the value they bring lies in maintaining as close to 100% uptime as possible. Combine this pricing approach with cost control measures, and you’re on your way.
The best-performing MSPs not only earn high margins, but they are growing quickly as well. The top 20% of MSPs are earning growth rates of at least 10% compounded annually. There are three keys to sustained double digit growth.
Investment in sales and marketing
More than half of MSPs report struggling with sales, marketing or both. But investment in these areas is critical to lead generation and sustained growth.
Delivering on your promise
Selling great service is one thing, but if you deliver, you’ll gain customers who become evangelists. If lead gen is a pain point, these evangelists are critical for helping you attract new business.
Churn is evil – if you churn 10% of your customers every year you need to add 20% just to hit 10% net growth. Nuts to that. Deliver on your promises and you’ll go a long way to eliminating churn.
According to Greg Abbott of Aabyss, a leading UK MSP, venture capitalists looking to buy MSPs will add anywhere from 5-15% for a turnkey business. If your business depends on you, the owner, and you are leaving when the sale has been completed, then you will not get the premium valuation you want for your business. You need to build a business that can thrive without you, and that means having a process orientation. First, you need to determine the best processes, perhaps by adopting lean methodology or other process improvement techniques. Second, you need to document your processes. If the buyer feels confident that past performance will be replicable without you, your MSP will be more attractive, and command a higher multiple.
Not to be lost in all this is having a customer focus. If you truly want to deliver value, then you need to know what your customers value. Find out what their pain points are, and focus on the ways that you can mitigate or eliminate that pain. Having a strong customer focus increases the likelihood that you’ll have lower churn, and be able to earn higher margins while maintaining customer satisfaction.
Getting into the Golden Quintile definitely takes some work, but with a better sense of what the industry’s leaders are doing, it will be easier to get there yourself. IT Glue is a powerful IT documentation platform that contributes in many of these areas, especially delivering great service, optimizing your repeatable processes and lowering the cost of service delivery.
Bio: Joshua Oakes is the Documentation Evangelist for IT Glue, where he strives to produce thought-provoking pieces that help IT service providers improve their business, focusing on lean practices and the value chain.