For some items, like utilities, where it doesn't have a confidentiality issue, I buy the service in the manner that it's given to me and think nothing of it. For others, like legal services, in my firm we hire the Attorney and his reputation and sign an engagement letter. I'm not always "buying a service" in my mind. I engage another human being that I trust. It's not a commodity, it's still a relationship.
In my personal space "how you want to buy a service" isn't the question I start with (and apologies as I that's what I'm stumbling over). For some small businesses the question is how cheap they can get a service for. For others, like mine, it's more of this fuzzy "am I comfortable in hiring someone that I don't have direct control over". It's not necessarily 'how to buy' but 'do we hire'?
Neither one of us is talking rubbish, we just are coming with different backgrounds (and hopefully providing useful links or food for thought along the way).
P.S. regarding the other point made in a different comment and provide a geek comment... If a vendor says they are SAS 70 certified, I'd ask them what it got replaced with because SAS 70 is the old wording
http://www.csoonline.com/article/2126003/compliance/sas-70-replacement--ssae-16.html On 7/22/2014 10:21 PM, Ken Schaefer wrote:
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Susan Bradley Sent: Wednesday, 23 July 2014 3:11 PM To: [email protected] Subject: Re: [NTSysADM] I'm sure you've heard already...You have an RFP, a contract. I have a eula I click through. I still say you have more negotiating power.None the less, we still have to ask the same question before buying. You can't get anything after you sign a contractWe print tax returns with potential identity theft information as well as potential sensitive business documents. For my firm, Kinkos is not even an option and honestly wouldn't even be considered in the analysis. We have one wifi printer for clients, we don't do wifi enabled printers in the lan, so the wifi standard hasn't really come up.I think you're missing the point - it's not about Kinkos or WiFi - that's was just an "illustrative example". Surely you do not need me to give you hundreds of examples until you find one that fits your personal circumstances? Either you agree or disagree with the wider point. How about having a discussion about that? If you think I'm talking rubbish, then just say so, and why, and I will stop wasting my breath. On 7/22/2014 10:01 PM, Ken Schaefer wrote:There's nothing you've written below that indicates that your space is any different to mine. We have to ask questions up-front as well - we don't get to change things once a contract's been signed either. How you want to buy a service is something you need to decide before you even go look at a EULA is my point. When you decide you need to produce some printed material, is the first thing you do "read a EULA"? Or is it decide whether to have a printer internally vs. using the local Kinkos/print house? I'd say that the latter question is far more important than worrying whether a printer supports your WiFi security standard. Cheers Ken -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Susan Bradley Sent: Wednesday, 23 July 2014 2:48 PM To: [email protected] Subject: Re: [NTSysADM] I'm sure you've heard already... In small business we click yes to a eula. We don't get the ability to set the requirements as the software vendors don't give us options so we must ask the questions from the get go because we don't get the right to change anything. We either buy or don't buy the software. It's just a different space is all. On 7/22/2014 8:07 PM, Ken Schaefer wrote:-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Susan Bradley Sent: Wednesday, 23 July 2014 12:49 PM To: [email protected] Subject: Re: [NTSysADM] I'm sure you've heard already...I just called up my cable company to reconfigure my ever increasing cable bill and renegotiated the costs. So the idea that cloud services has a defined cost structure I would debate on.I didn't say you couldn't negotiate, or that they don't have different service offerings. But you don't to work out what you're paying for their buildings, their network, their labour, their taxes, their advertising, their monitoring and so on, and so on. You pay $x/month, and you get a set of defined services (e.g. for a telco it might be 500 minutes,500 text messages, voicemail and 5GB of data - I don't really know what cable providers provide)As the vendors themselves stop developing premises based software - (and this is the key movement I see in the SMB space) - because it's cheaper for them (less support for us pesky desktops with lord knows how many versions of OS), easier for them to build the infrastructure where they want it, and better for them as they can plan on the revenue subscription model. As Rod said, it's the app model taking over.No, it's not the "app model" - it's "services". There is nothing particularly special about most IT - it's just services. Has the whole IT Service Management bandwagon passed this list by? Your company buys marketing services, legal services, property management services, utility services (gas, electricity, water), cleaning services, recruitment services and any other number of "services" today. Most of IT, except a continually evolving core that provides business differentiation, will also be bought as services. [1] It could be provided internally by an internal service provider (just like some companies have internal legal departments, and internal marketing departments), or it could be provided by an external service provider (outsourcer or cloud)Ask the hard questions of the vendors ... Ask who has the encryption keys, etc etcWho has the encryption keys is a details thing. First you need to know what service you want and how much it's worth to you and how you want to buy it - this is your service architecture. Implementation details are something you can work out in your detailed requirements phase. Working out /how/ you want to buy a service is much harder question than who has encryption keys. Cheers Ken [1] the whole network/systems/security admin jobs are disappearing theme that crops up here every so often is related to this, IMHO. Those types of roles aren't particularly necessary for a lot of in-house environments any more. Instead, they'll be provided as part of a service (again, by an internal SP, or external SP). There may be a few environments (e.g. we have some payments apps, that $1bn+/day pass through) which need dedicated infrastructure BAU people.
