For over two decades, we’ve been hearing “<something> as a service” concept… When I was a part of corporate America, I saw a lot of different variations of these offerings under different names. From ‘pools of your own’ to ‘provisioning portals’. At the end of the day, organizations end up paying the same amount (may be more to fix the issues), by dedicating more man hours and losing a lot of service levels during these exercises.
Actually, this is a perfect concept to take Information Technologies heat, off of board of directors. Let’s face it. Information technology departments are always being an expense centers. As much as corporates do not want to admit, “IT” is their backbone and a mandate for their operations and success.
But, as a member who’s been wearing the IT badge for years, I have to admit that, we are the spoiled kids, which always ask a bit more, every time we’ve received a request from the business side of the house. We lost the edge during Y2K as a fact. That friction created a cold war in between corporate verticals, after blue chip companies were blown out in 2001.
Let me show you a snapshot of this perspective, (If you didn’t already realize). After Y2K, all IT departments relocated to the basement level with no windows! Why most of the companies put their “spinning disk and blinking lights” (we call it Data Centers) to their basements? This is the painful outcome of “IT”’s passive resistance and fear driven policies against other business verticals within the enterprise. With this level of rat race approach, we’ve lost a lot of credibility and breath at all levels of corporate America, for the last fifteen years.
We’ve tried to warn every chair on the board. Putting a shield of resistance against “IT” is not a good idea and definitely is not a solution to their frustrations. We fell into deaf ears back then. We needed to keep the communication channels open. It didn’t go well. This was the biggest mistake in all ends. We lost our ability to protect the enterprise at decision making level. When we’ve tried to raise our concerns or recommendations for disaster recovery, we’ve been silenced right away without being heard. They called their decisions as “calculated risk”, with pride!
Well, we all saw the accuracy of their calculations during hurricane Irene at 2011 and hurricane Sandy at 2012. Most of the data centers in Manhattan, New Jersey, Long Island, and Connecticut became fish tanks for months. The other half of corporate data centers, which has been placed on higher floors, shared the same faith with the others. Well engineered UPS’s and diesel generators only lasted for less than an hour after the impact. Unfortunately, building management forgot their diesel pumps at the basements! Which was flooded in less than an hour. How hectic is that? Billions of dollars have been lost that day, along with lots of jobs.
Administration or Supervision of information systems came with a heavy responsibility of looking but not seeing the data. On the other hand, “somebody is watching us” is a scary thought, for the ones who are using corporate systems. They never understand that; their IT department is trying to protect them from themselves.
From “mergers and acquisitions” to “sales and marketing”, they have one common argument. “We are the ones who’s bring the money to this organization. Why are we controlled by the IT department, who is an expense center all across the board”? The willingness of taking over the control within the organizational structure, affected IT governance. IT Policies moved away from “policing the data” to “bring your own device” concept. Of course, this does not mean that CIO’s are willing to give up control of their corporate data. Corporate data is still the most important asset of an enterprise and should be protected within the cyber space.
Wow… Hold on one second! We do not want to deal with that. We have a lot on our plates already. “IT” this is your responsibility!
At this point, all demanding members of the board are stepping aside. Because, they do not want to get involved to the liability of a ticking bomb. Liability of current and unstructured data is more destructive than a nuclear blast on their career paths… What are they going to do about it? That is the million-dollar dilemma. Unfortunately, the fact of corporate retention policy is tying their hands. Retention policy mandates to keep corporate data for six years and the current year into it. Basically, all companies must live with this growing pain for seven long years. The elephant in the room says; “we don’t want to take the responsibility but, this is our skeleton in the closet. We have to protect it whatever it costs”! Now, the question changes its course to; “How shall we slide ourselves out of this spot light?”
Welcome to the biggest hamster wheel that’s ever been invented. Actually, the easiest choice is; to make it somebody else’s problem and start the blame game when something goes south.
We call it “outsourcing”! And, the story goes on asking these questions. Outsourcing? Which functions? Infrastructure, application’s, databases, disaster recovery sites, service desk, desktop support, reporting, information security, business intelligence, IT resources or all of the above…
Also, these are the bonus questions that comes with the package;
- What is going to be the impact on the business?
- Where is our data? Is it going to be safe to keep it out of our organization?
- If we outsource everything, who is going to take care of our day to day IT requests?
- How much is our cost avoidance by outsourcing these functions?
- By the way, which functions are going to be outsourced?
- Who is going to see my communications?
- Who is looking my data?
After all these questions, our foster child, the IT staff, was suddenly recognized as “ oh, they are one of us”.
Corporate management’s best concept is; “We’ve created the standards. We can change it”. You sure can but, this is the same semi circle that we have been travelling for the last fifteen years and we have ended up at the same point that we’ve started. Have you realized that?
Complete “outsourcing” approach has been struggling more than a decade, along with the cloud computing concept. Companies created new names for the old functions to market their products which is like putting “lipstick on a pig”. Public Cloud, Private cloud or managed hosted. if you don’t like these names, let’s mix all of it and call it the Hybrid Cloud. Whatever you want. Just give me the money.
The contract that we’ve signed says; “Dear signature owners, it is still your responsibility to handle if anything goes wrong”. So what is the catch? Avoiding hardware costs, licensing, configuration, patch management etc. Or, hide behind escalation process and make sure someone else will take the hit. This mentality brought us to this level of loosing credibility. Nothing else. I’ve been thinking about a solution on how to make this work for the last two and a half years. Not only for the enterprise level but, for the midrange and small scale companies as well.
Availability, reliability, and performance metrics. These are the fancy words that we’ve been hearing during the presentations. We’ve seen a lot of bar graphs along with it too. Let’s step back and simplify all these functions to all levels of company structures and associate them with the real need(s).
What do users want? Users want to accomplish their tasks without any interruption during business hours, by the speed that they have gotten used to. After business hours, the only thing that they want is to go home to their families. It is that simple.
What do the executives expect from their IT organizations? Executives would like to be notified, if anything goes wrong. Or, they’d like to receive information that they can take credit before anyone else. If the systems they sponsored and write the checks for are accomplishing these simple “functions” then, who dares to criticize or complain about “it”. (or we can translate it to “IT” with capital letters)
Keeping “core business functions” online 24/7 is the common denominator and the name of the game. What is associated with it? The answer is; “A lot of complex tasks behind the scenes”. But, no one would like to hear them as well. So, someone has to do it.
At the enterprise level the next step is; “Oh, by the way, I’d like to be in control of the decision making process and make sure, all is taken care of properly that I can justify.” Mid range and small scale companies are more result oriented, when it comes to their change management process.
Ok, we understand the basics. Where can we find an organization that can take the lead and manage my “core business functions”? instead of taking bits and pieces of my IT functions under different naming conventions. We don’t want to start a blame game workflow, if an issue rises or a problem occurs. It becomes too stressful and very unnecessary at this level.
Core business functions. What are they? There are two different production verticals that IT supports for the businesses. “Must haves” and “Nice to haves” We are focusing on “must have” topic with this article. Before we go any further on this major topic, let’s assign “core business function” tasks an acronym. Let’s call it “CBF”. (We love to abbreviate, don’t we?) CBF covers all disciplines from power to hardware, application, to monitoring, performance metrics to, availability and business continuity.
During the course of the business day, CBF application user’s want to work on a stable platform. All they care about is their system to be active and working, when they need to perform their tasks. Otherwise, you should be expecting a fast escalation of a “nasty-gram” email traffic right away.
Let’s peel the onion of CBF function layers.
- Solid and secure infrastructure
- Data integrity
These layers of support that I’ve mentioned, needs at least five full time subject matter expert employees to be achieved. Believe me, they are not easy to find. And these human assets are emotionally and financially hard to maintain. So, each core function comes with this kind of a package. The real question is, what is the ratio and the support model for these critical application cores? It varies according to the mission and vision of the enterprise. But, generally the ratio is; 1:2 to 1:1. If we accept an annual cost of $150k per layer as a blended rate, annual weight of one core application to the budget is approximately $750k for an enterprise.
Where did we find this blended rate? Each CBF layer comes with support, licensing, break and fix and logistics to the organization. I’d like to take the bare minimum numbers to do find blended rate to this sample calculation model. This can be more or less, depending on which OS, equipment, support model, disaster recovery solution or database that the organization chooses to work with.
So that’s great! What is the catch?
The catch is, if you have this platform and resources ready for these corporations, individuals or small businesses, the ratio goes from 1:1 to 1:5 up to 1:10. But, with this support model, all services should be well defined, reviewed and accepted by the owner and escalation levels should be strictly implemented before going into production. This model is not overriding the institutional knowledge or configuration model that owner of the application wants. Instead, this model gives the owner freedom of working on the platform, without thinking of day to day issues, licensing, performance etc. “IT” folks focus directly to their application deliverables. All other functions will be covered by the supplier company.
Demander of the service, cuts back at least one fifth (1/5) of their annual costs with this model. Also, companies will be increasing their service levels and up-time. As, this platform is strictly protected against “ad-hoc” changes. This choice is a complete win-win for “supply and demand” chain.
As I mentioned before, corporations are responsible for the data that they own. In order to retain data for seven years, this data needs to be archived properly. Also, operation efficiency, data integrity, performance and service issues are the biggest headaches of corporations. With the function support model, it’s all been elevated and transitioned properly to a group of people that will manage (operation aspect), maintain (the status quo), and implement on behalf of the organization to their “segregated” platforms. Segregation is a mandate by HIPAA regulations. All traffic is flowing through their dedicated IP addresses to their firewalls. I don’t want to go deeper than that on the technical diagrams on this article.
As a closing statement;
Global hosting companies are not willing to take the risk of your “business functions”. All they care about is your platform and modular components that they provide as a service. Instead of further playing the “finger pointing” sessions or conducting any “blame games”, jump on board. Focus on increasing your service levels. Build confidence within your organization and most importantly, save a lot of money with a better service. CBF support model is the growing trend. You’ll see the growth of these companies soon.