Aligning Direction For Managed IT Service Success
Businesses evaluating engaging a Managed IT Service Provider should carefully define their needs and requirements in order to achieve the desired business outcomes.
Mike CromwellWe have seen this year, even before COVID-19 hit, lots of companies exploring managed I.T. outsourcing, various aspects of their I.T. organizations, some parts of it, some the whole thing. And we've seen that really accelerate in a huge way because of COVID-19. Because we have so many companies now entering that stage where maybe they haven't done it before, or are exploring it for the first time, let's talk a little bit about what that journey looks like. Brian, you're participating in a lot of these meetings when partners are bringing opportunities to NETRIO. Can you walk us through what those first couple meetings look like in determining if a end-user customer in Enterprise is right for taking advantage of managed I.T.?
Brian DeVaultSo I think it kind of starts at a high level with the strategic direction the organization would like to take. So in many cases, that conversation is around there are so many demands on the executive leadership in I.T. Today. They're trying to shift and be a little more strategically focused on what helps them grow the business or enable the business from a technology perspective, rather than supporting desktops and end users and devices across the landscape of the network. So that's what really starts the conversation.
Mike CromwellWhat do we need to make sure we get right while we're in that qualifying stage?
Brian DeVaultIt's really that big picture of what the organization looks like on paper. So, you know, how many branch offices do you have? How many employees do you have? What types of applications are you consuming? Where are those applications that are consumed, hosted? Are they in the cloud? Are they on Prem? Are they elsewhere? Understanding the line of business applications that are in play.
Brian DeVaultSo how are you running your business from everything from sales and CRM to order fulfillment or service fulfillment or whatever it is your job role is. You want to take into consideration any compliance requirements. So PCI, HIPAA, high trust, anything that's in play there and how that might affect what the end-user's computing environment might look and feel like. In some cases, the corporation may not be allowed to use a technology like a VPN and they may require a VDI or some type of secure hosting environment.
Brian DeVaultSo we need to really understand kind of how they use technology on a daily basis, gain a visual representation of that. So what does the network topology look like? What are the plans for changes or evolution of that technology through digital transformation? How they're consuming every piece of technology that helps them conduct business. So I'd say everything from the edge of the network all the way to the desktop and the end-user, the productivity users are doing. Actually, I'd say it's more common that they don't have a complete set of documentation than it is that they do.
Brian DeVaultSo one of the advantages, and I always explain this to customers as we're a little ways into it, but one of the advantages of outsourcing all of your managed I.T. solutions is that it forces you to go through that process of documenting what's in place and it forces you to also make decisions, sometimes strategically, about why those systems are the way they are and where you want them to be future state. So it kind of forces you to deal with current state and then guides you towards where you want to be future state.
Brian DeVaultAnd I'd say one of the areas that we always find deficiencies in always every case, no matter how buttoned up an organization is, is the process by which, and think about this for a minute, how important this can be to an organization's security posture, is end-user onboarding and offboarding. So what happens when a user is brought into the organization with a specific job function or specific job role? And what systems does that job role mandate that they have access to? And then at what levels, right? There's tiers of permissions within applications. You want to make sure you get that right. It's an important aspect for offboarding as well, because you want to make sure that you close all those security holes that you opened during the onboarding process so that you get the organization tightened back up once that user has left the organization.
Mike CromwellWhat is some of the most impactful? So that's a big impact for you. What are some other impactful areas where you see it, you know immediately, we're going to help them get to a much better outcome.
Brian DeVaultI'd say patch management is probably the next biggest outlier. And the problem is organizations that don't have someone dedicated to this role. It's a shared responsibility, sometimes among multiple people. Sometimes if it's a single I.T. Person running the whole organization, they simply don't have time for it. And so the process of updating operating systems and third party software is not perfect on its own.
Brian DeVaultAnd so you really need to have an RMM tool or some type of a software asset inventory tool that allows you to go out and once you've deployed patches, actually go out and verify that the patch is deployed. That's one of the things we do a little differently here at NETRIO as an MSP than I've seen with some other MSPs. So one of the processes that we run after our maintenance windows for patching, following day we have engineering go and pull a patch evaluation report and that goes out and assesses how successful that patch process was.
Brian DeVaultAnd then that allows us to go back and make corrections for any systems that were missed or maybe offline. We make arrangements to get those systems up to the current patch levels and revisions as part of that process. From a security posture the onboarding offboarding takes care of a lot of the gaps that we see. So one of the things that we do when we enter into an engagement is we have a tool that we run that provides a network and security assessment against the client's environment.
Brian DeVaultSo what this does is it goes in, it interrogates your directory service and says give me a list of all the user accounts, all the security groups, all of the systems and everything that's involved in my - in the landscape of my I.T. organization. And what we find a lot of times is that there are users that still exist in the system that were there three years ago, still have accounts there active, they may have changed their password at some point or in some cases you see passwords that set to never expire.
Brian DeVaultSo those those are security problems long term. You have to have good password policies in place. You have to have passwords that expire frequently, set password complexities. So I'm requiring more than eight digits, I'm requiring alphanumeric, possibly symbols, those types of things in place. So really, most of the time we see a well managed I.T. Organization. Those things are buttoned up and tight.
With the challenges that have come from the Global Pandemic, many companies have decided to outsource Managed IT Services. We have continued to see digital adoption across many areas of business, even before COVID-19. Many companies are exploring outsourcing various aspects of their IT organizations – whether that be some parts of it or in its entirety. A recent survey conducted by TSIA found that 76% of Managed Service Provider respondents indicated that the Global Pandemic has accelerated demand for Managed IT Services. According to Jeff Connolly, Senior Director of Managed Services Research for TSIA, “customers are looking for solutions that are subscription-based, scalable, reliable, and expertly managed, to help them focus on their core business.”
Indeed, recent data has shown that we have catapulted five years forward in consumer and business digital adoption in a matter of around eight weeks. On this week’s episode of Whiteboard Wednesday, Brian and Mike discuss what the journey looks like when determining if an end user customer and enterprise is ripe for taking advantage of Managed IT.
The Strategic Direction of Managed IT Service
The journey starts at a high-level when looking at the strategic direction an organization would like to take. In many cases, that conversation is around the demands on the executive leadership in IT. As a result, we are seeing more and more, executive leadership trying to shift and be more strategically focused on what helps them grow the business or enable the business from a technology perspective, rather than supporting desktops and end users and devices across the landscape of the network. The strategic direction is really what drives the conversation and allows Managed IT Providers to nail down the right course of action.
Defining the Right Requirements for the Business As It Relates To IT Managed Services
Additionally, once a business has determined that it strategically makes sense to outsource some aspect of the management of IT functions, defining the right requirements is a critical next step. From there, this perspective of the MSP, it is critical to properly qualify, evaluate and assess if the client’s needs are the right fit for their business to effectively support. Done correctly, this process should work well for both parties – the MSP helps their client properly define their needs while defining the engagement. During the process, both parties will gain a good view of what the organization looks like on paper.
This includes questions like:
- How many branch offices does the organization have?
- How many employees does the organization have?
- What types of applications are you consuming?
- Where are those applications that are consumed hosted?
- Are they in the cloud? Are they on prem?
- What line of business applications are at play?
- How is the organization running its business?
- Sales and CRM
- Order Fulfillment or Service Fulfillment
Moreover, all of these questions will affect what the end user’s computing environment might look and feel like. The corporation may not be allowed to use the technology like a VPN and they may require a VDI or some type of secure hosting environment. From there, we need to understand kind of technology that is being used on a daily basis to gain a visual representation of that.
Those questions include:
- What does the network topology look like?
- What are the plans for changes or evolution of that technology through digital transformation?
- How is the organization currently consuming technology that helps them conduct business?
Furthermore, everything from the edge of the network, all the way to the desktop and the end user, and the productivity users are doing. At NETRIO, we have seen it be very common that the organization does not have a complete set of documentation, which is where we can add value. Outsourcing managed IT solutions forces the organization to go through that process of documenting what’s in place and make strategic decisions about why those systems are the way they are and where they want them to be future state
Consequently, this is one of the areas that NETRIO always finds deficiencies in, no matter how buttoned up an organization is. This is a hugely important step to an organization’s security posture for user onboarding and offboarding. There are tiers of permissions within applications. For security reasons, this step is crucial and one that needs to be done correctly. It’s an important aspect for offboarding, because you want to make sure that you close all those security holes that you opened during the onboarding process, to keep the organization’s security tightened up.
Patch Management and Managed IT Service
Next, patch management is the biggest outlier and organizations don’t normally have someone dedicated to this role. Usually, It’s a shared responsibility among multiple people. The process of updating operating systems and third-party software is not perfect on its own, so you really need to have some type of a software asset inventory tool that allows you to go out once you’ve deployed patches and verify that the patch has deployed.
This is one of the biggest differentiators that sets NETRIO apart. After we run our maintenance windows for patching the following day, we have our engineering team pull a patch evaluation report, and that goes out and assesses how successful that patch process was. This allows us to go back and make corrections for any systems that were missed or maybe offline. We make arrangements to get those systems up to the current patch levels and revisions as part of that process. From a security posture, the onboarding and offboarding takes care of a lot of the gaps that we see.
At NETRIO, we have a tool we use when we enter into engagement that provides a network and security assessment against the client’s environment. Essentially, this goes in and interrogates your directory service and provides a list of all the user accounts, all the security groups, and all of the systems. In some cases, you see passwords that are set to never expire. This can cause security problems long-term. It is important to have a good password policy in place. This requires passwords to expire frequently and have complexities. In a well-managed IT organization, these practices are buttoned up. NETRIO as a Managed IT Provider can help your organization fine-tune all of these processes to set you up for success.