NOTE: I'm changing the subject, since this thread has forked a couple of times from the original topic.
Ken, Your point that we really have to fully recognize all costs and try to compare apples and apples is well taken. But I fear that over-simplifying the costs happens on both sides. It may not cost much to spin up another VM, once you have the infrastructure in place, but the true cost of that VM should include part of that overhead (including staff time/expertise). I agree. The big issue I have with outsourcing is that we don't recognize the overhead or hidden costs there, either. IT services are FAR more complex a "commodity" than electricity or water, and even something like legal services or bookkeeping. The latter tend to have a large human component built in that can smooth out the 'special circumstances'; most outsourced IT solutions don't do that so well (and those that do are often noteworthy for their customer support). Most people grok printing services. Almost anyone can become reasonably proficient working with Kinkos, and there are people engaged in the transaction who can exercise what little judgment is required. With IT services you're not talking an employee turning on a faucet or inserting a plug in an outlet. You're talking someone using a web app to submit an expense report, complete benefit selection, or submit a purchase requisition. Those are all complex activities, and you have to provide something that will meet the requirements, including whatever flexibility for unusual/little used variation you require. (The poorer it does that, the better the customer support should be, to supply that human component.) If you're working in an organization that's fairly good at detailing what they need from a service (and we on this list should know how many ways things can go wrong), then the probability of making a good TECHNICAL decision is fair. And if you can do that, you're PROBABLY able to quantify the total costs of various hosting options to make a good financial decision, as well. But in my experience so far, the quality of the technical decision (i.e. are we identifying ALL our requirements, and how well the alternatives stack up in meeting them) is fair to poor. In that case, you're more likely to recognize more of the cost of the on-prem solution than the hosted one. I'll generalize, and say that IMO it's USUALLY easier to fix oversights and omissions in on-prem solutions. So the hosted solution looks like a lower TCO, except you're forgetting some of the things you need/want it to do. In addition, you won't outsource all your labor costs when you outsource IT services. Someone (maybe no longer an IT 'body') will still need to know something about the requirements and how to get the solution to implement them. Perhaps the 'departmental experts' famous for installing rogue systems, who can now install 'officially blessed' external service agreements. And you'll have to manage your supplier. Exercise due diligence to know that they'll provide reliable service and stay in business. I've had one painful experience with a supplier who was happy to take our money until something failed, then said "I can't afford to fix it for what you're paying - wanna give me more?" And before you say we should have checked, let me note that the company had changed hands about 4 times in 3 years. What looked perfectly reasonable at the beginning of the contract looked terrible in hindsight. Good luck getting a service contract that says "If your company changes hands, customer has the right to opt out." Not saying it isn't possible, just unlikely you'd think to ask unless you'd lived it once or twice. The other place where there are often large unrecognized costs are integration. The industry has gone through much controversy over "best of breed" vs. "suite" solutions. Better a system that's delivered fully integrated that meets 80-90% of my needs, than 6 systems that meet 100% but don't talk to one another. Been there, too. Some internal customers are unhappy with the results no matter which way you go. It's tough enough to stitch together disparate systems when they're on-prem. Even tougher when you have to do that across a public network. And, BTW, "if you want to do that, you have to go with our 'dedicated hosted', rather than 'multi-tenant' solution". Oops. Monthly cost just doubled - but you just signed the 3 year contract and didn't realize that would be a problem. And on the subject of due diligence, how many think to ask how they get their data back when they end the hosting relationship? I asked that of one hosted app vendor and their response was "We've retained 90+% of all our customers, and we never delete your data." Hmmm. What good is it to me if you keep it? And what if I don't WANT you to? But I'm IT. I brought it up. If the SMEs/decision makers who were present didn't pursue that issue or think it important enough to influence their decision, there's little more I can do. Oh, and want to synch identity so we don't need another set of creds for some hosted app? You might need an on-prem server for THAT (I say as I'm in the process of building one of those for the afore-mentioned solution). Is more hosted/cloud coming? Yes. Good reasons? Yes. Straightforward/easy to do? Not so much. And a real pain when management starts by looking at the cost first, and the requirements second. Maybe it's not that we're dinosaurs who can't change. Maybe it's 25 or 30 years of experience saying "Wait a minute, you're not looking at the whole problem." Frank Ress P.S. <my turn to rant>Would someone please tell the dinosaurs who keep creating case-sensitive #@%& that we DON'T need that any more. Only passwords should be case-sensitive.</rant> ;-) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Wednesday, July 23, 2014 1:57 AM To: [email protected] Subject: RE: [NTSysADM] I'm sure you've heard already... OK - fair enough: A service can be anything - electricity, water, a shop front, through to IT&T services - some very fundamental IT&T services would be application hosting, storage, printing, landline, email/mailbox. You can have more fancy "business IT services" like transaction processing or similar. Buy vs. lease is a common question that gets asked when you "buy a service" - do you buy or lease a property to provide a shop-front? Some companies buy and develop their own land. I'm guessing most small businesses choose the lease option. Even with utility services like electricity, there'd be some organisations that that choose to provide electricity using their own equipment, rather than outsourcing it to a utilities company. I'm guessing most are quite large, but there's also instances of very remote sites utilising their own solar or wind generation. So, what criteria does one use to determine whether to buy vs. lease? What criteria do you use when deciding when to have an internal capability vs. using an external provider? There's a whole bunch of other questions with their criteria as well - depending on what framework you want to use (have sent you the ITIL service strategy doc offline). There's nothing specific to it that I've come across that makes procuring an "IT service" or capability any different to any other type of service. You could buy a printing capability, or you can lease it. You can do it internally, or you can outsource it to a print house. You can buy a server, or lease it. You can manage it internally, or outsource it. And so on, and so forth. That decision (and in a larger org, you'd have a whole sourcing strategy to provide guidance on when to choose each option) is something the business should look at first. Way before any implementation details. This is what I call "hard question" - as opposed to your example (who has the encryption keys?), which I would call and details/implementation question. It's just my personal experience, but from what I've seen, a lot of orgs seem to struggle to generate good data to justify their sourcing decisions. The previous post from J-P is a classic example (IMHO) of not understanding the cost of providing an IT service. If providing a service was as simple and cheap as "adding another VM", then it would cost just as much to run 1 VM, as it does to run 100,000 VMs. And that certainly isn't true. The tricky part is working out how much an incremental VM actually costs (which means assigning/apportioning actual costs to services delivered). Then a meaningful analysis can be done on whether it should be hosted internally, or put somewhere else. Cheers Ken -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Susan Bradley Sent: Wednesday, 23 July 2014 4:09 PM To: [email protected] Subject: Re: [NTSysADM] I'm sure you've heard already... You use the phrase "how I want to buy a service" which is what I'm struggling over. I don't have departments in my firm and thus don't consider employing someone to do a task as "buying" the service which is I think where the misunderstanding is starting out from. For some items, like utilities, where it doesn't have a confidentiality issue, I buy the service in the manner that it's given to me and think nothing of it. For others, like legal services, in my firm we hire the Attorney and his reputation and sign an engagement letter. I'm not always "buying a service" in my mind. I engage another human being that I trust. It's not a commodity, it's still a relationship. In my personal space "how you want to buy a service" isn't the question I start with (and apologies as I that's what I'm stumbling over). For some small businesses the question is how cheap they can get a service for. For others, like mine, it's more of this fuzzy "am I comfortable in hiring someone that I don't have direct control over". It's not necessarily 'how to buy' but 'do we hire'? Neither one of us is talking rubbish, we just are coming with different backgrounds (and hopefully providing useful links or food for thought along the way). P.S. regarding the other point made in a different comment and provide a geek comment... If a vendor says they are SAS 70 certified, I'd ask them what it got replaced with because SAS 70 is the old wording http://www.csoonline.com/article/2126003/compliance/sas-70-replacement--ssae-16.html ________________________________ This communication is for the use of the intended recipient only. It may contain information that is privileged and confidential. If you are not the intended recipient of this communication, the disclosure, copying, distribution or use hereof is prohibited. If you have received this communication in error, please advise me by return e-mail or by telephone and then delete it immediately.
