Hi Frank, -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Frank Ress Subject: RE: [NTSysADM] On premise vs. hosted service
> Your point that we really have to fully recognize all costs and try to > compare apples and apples is well taken. > But I fear that over-simplifying the costs happens on both sides. You'll get no disagreement from me on any of the major points you've made in your post. However, I do not think that IT is somehow unique in many of the cases - maybe immature, but not unique. Large corps have been managing their property portfolios for a long time (think banks, supermarket chains) - there's huge complexity involved in deciding whether to own land/buildings, or sell and lease back (e.g. what happens when a competitor becomes your landlord and demands access to your books!). Many of the risk management and vendor management skill sets exist - maybe just not in the IT services space. > The big issue I have with outsourcing is that we don't recognize the overhead > or hidden costs there, either. IT services are FAR more > complex a "commodity" than electricity or water When you say "less complex" - are you talking about purchasing electricity? Of the actual production of an electricity service? The former is relatively simple, because the industry has evolved to develop a well understood service, with strictly defined inputs/outputs based around a large set of standards (plus plenty of regulation). What actually sits behind the scenes (the actual technology, business model etc.) is just as complex as any other industry. More and more IT services (starting from the bottom up), will become like electricity - well understood inputs/outputs, increasing levels of industry or government standards and so on. Purchasing will become simpler over time, though the backend may be complex. This is simply the process of commoditisation. It happened to much of IT hardware, and it will happen to software eventually. > Most people grok printing services. Almost anyone can become reasonably > proficient working with Kinkos, and > there are people engaged in the transaction who can exercise what little > judgment is required. With IT services > you're not talking an employee turning on a faucet or inserting a plug in an > outlet. You're talking someone using a > web app to submit an expense report, complete benefit selection, or submit a > purchase requisition. Those are > all complex activities, and you have to provide something that will meet the > requirements, including whatever > flexibility for unusual/little used variation you require. (The poorer it > does that, the better the customer support > should be, to supply that human component.) Printing is an IT service, and something that, today, is becoming commoditised. Time-sheeting (e.g. services like CA's Clarity), or payroll (ADP's Payroll Plus), or recruitment management (Taleo) are other services that seem, now, to be reasonably well understood, and able to cater for both simple and complex scenarios. Some others: Metro/WAN telco services can be highly standardised (with the option of highly bespoke options as well), end-user-computing warranty support services tend be reasonably easy to buy I agree that there is still a long way to go, but through ongoing evolution, more and more IT services will become commodity items that can be procured "off the shelf" > Is more hosted/cloud coming? Yes. Good reasons? Yes. Straightforward/easy > to do? > Not so much. And a real pain when management starts by looking at the cost > first, > and the requirements second. This goes back to my first post. When internal IT is *not* able to properly articulate costs (and all the associated services/benefits provided) then management doesn't understand all that "stuff" they are getting for their $xxx. And it thus becomes easier to overlook this when going to market. Internal IT needs to evolve to become more of a service provider if it wishes to compete in the "commodity" areas of the market. Otherwise it won't be able to compete with external providers that can provide a clearer view of cost/benefit. It has happened in other business functions - it is naïve to think it won't happen in IT. Internal IT will become a provider of those services that are hard to standardise, or hard to measure or highly bespoke - increasingly this will business-aligned software, not the typically infrastructure admin roles that a lot of us grew up in. Just to agree with your other points: > In addition, you won't outsource all your labor costs when you outsource IT > services. Someone (maybe > no longer an IT 'body') will still need to know something about the > requirements and how to get the > solution to implement them. No one's saying that requirements gathering/articulation is going away, Mature organisations tend to have rigorous requirements definition already - simply because they recognise the cost of rework (or they have rigorous agile development functions). If you don't do requirements gathering well today, you're stuffed either way. Using an in-house provider just allows you to recover easier, but it is effectively shuffling "costs" from requirements/architecture to BAU > And you'll have to manage your supplier. Exercise due diligence to know that > they'll provide reliable service > and stay in business. I've had one painful experience with a supplier who > was happy to take our money > until something failed, then said "I can't afford to fix it for what you're > paying - wanna give me more?" > And before you say we should have checked, let me note that the company had > changed hands about > 4 times in 3 years. What looked perfectly reasonable at the beginning of the > contract looked terrible in hindsight. Happens in other areas all the time - suppliers go broke, law firms/accounting firms/ISPs/whatever get bought out/merged/spun off. Vendor management exists in other areas today. It's something that IT departments may need to learn from. > And, BTW, "if you want to do that, you have to go with our 'dedicated > hosted', rather than 'multi-tenant' solution". > Oops. Monthly cost just doubled - but you just signed the 3 year contract > and didn't realize that would be a problem. Sure - no disagreement from me. You need to have mature IT practises to be able to manage/mitigate these risks (requirements, architecture, insist on standards, don't live on the bleeding edge, etc.) > And on the subject of due diligence, how many think to ask how they get their > data back when they end the hosting relationship? Again, comes down to maturity. If you have a good data/information architecture practise, then you'd be understanding these issues already. Even when you have the data internally, there are costs to inject/transform this to a new solution. Mature orgs understand the value of their data/info/knowledge and apply practises around that (whether it's backup/recovery, security protection, storage standards) - getting your info back from a provider is an extension of existing issues. Cheers Ken Oh, and want to synch identity so we don't need another set of creds for some hosted app? You might need an on-prem server for THAT (I say as I'm in the process of building one of those for the afore-mentioned solution). Is more hosted/cloud coming? Yes. Good reasons? Yes. Straightforward/easy to do? Not so much. And a real pain when management starts by looking at the cost first, and the requirements second. Maybe it's not that we're dinosaurs who can't change. Maybe it's 25 or 30 years of experience saying "Wait a minute, you're not looking at the whole problem." Frank Ress P.S. <my turn to rant>Would someone please tell the dinosaurs who keep creating case-sensitive #@%& that we DON'T need that any more. Only passwords should be case-sensitive.</rant> ;-) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Wednesday, July 23, 2014 1:57 AM To: [email protected] Subject: RE: [NTSysADM] I'm sure you've heard already... OK - fair enough: A service can be anything - electricity, water, a shop front, through to IT&T services - some very fundamental IT&T services would be application hosting, storage, printing, landline, email/mailbox. You can have more fancy "business IT services" like transaction processing or similar. Buy vs. lease is a common question that gets asked when you "buy a service" - do you buy or lease a property to provide a shop-front? Some companies buy and develop their own land. I'm guessing most small businesses choose the lease option. Even with utility services like electricity, there'd be some organisations that that choose to provide electricity using their own equipment, rather than outsourcing it to a utilities company. I'm guessing most are quite large, but there's also instances of very remote sites utilising their own solar or wind generation. So, what criteria does one use to determine whether to buy vs. lease? What criteria do you use when deciding when to have an internal capability vs. using an external provider? There's a whole bunch of other questions with their criteria as well - depending on what framework you want to use (have sent you the ITIL service strategy doc offline). There's nothing specific to it that I've come across that makes procuring an "IT service" or capability any different to any other type of service. You could buy a printing capability, or you can lease it. You can do it internally, or you can outsource it to a print house. You can buy a server, or lease it. You can manage it internally, or outsource it. And so on, and so forth. That decision (and in a larger org, you'd have a whole sourcing strategy to provide guidance on when to choose each option) is something the business should look at first. Way before any implementation details. This is what I call "hard question" - as opposed to your example (who has the encryption keys?), which I would call and details/implementation question. It's just my personal experience, but from what I've seen, a lot of orgs seem to struggle to generate good data to justify their sourcing decisions. The previous post from J-P is a classic example (IMHO) of not understanding the cost of providing an IT service. If providing a service was as simple and cheap as "adding another VM", then it would cost just as much to run 1 VM, as it does to run 100,000 VMs. And that certainly isn't true. The tricky part is working out how much an incremental VM actually costs (which means assigning/apportioning actual costs to services delivered). Then a meaningful analysis can be done on whether it should be hosted internally, or put somewhere else. Cheers Ken -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Susan Bradley Sent: Wednesday, 23 July 2014 4:09 PM To: [email protected] Subject: Re: [NTSysADM] I'm sure you've heard already... You use the phrase "how I want to buy a service" which is what I'm struggling over. I don't have departments in my firm and thus don't consider employing someone to do a task as "buying" the service which is I think where the misunderstanding is starting out from. For some items, like utilities, where it doesn't have a confidentiality issue, I buy the service in the manner that it's given to me and think nothing of it. For others, like legal services, in my firm we hire the Attorney and his reputation and sign an engagement letter. I'm not always "buying a service" in my mind. I engage another human being that I trust. It's not a commodity, it's still a relationship. In my personal space "how you want to buy a service" isn't the question I start with (and apologies as I that's what I'm stumbling over). For some small businesses the question is how cheap they can get a service for. For others, like mine, it's more of this fuzzy "am I comfortable in hiring someone that I don't have direct control over". It's not necessarily 'how to buy' but 'do we hire'? Neither one of us is talking rubbish, we just are coming with different backgrounds (and hopefully providing useful links or food for thought along the way). P.S. regarding the other point made in a different comment and provide a geek comment... If a vendor says they are SAS 70 certified, I'd ask them what it got replaced with because SAS 70 is the old wording http://www.csoonline.com/article/2126003/compliance/sas-70-replacement--ssae-16.html ________________________________ This communication is for the use of the intended recipient only. It may contain information that is privileged and confidential. If you are not the intended recipient of this communication, the disclosure, copying, distribution or use hereof is prohibited. If you have received this communication in error, please advise me by return e-mail or by telephone and then delete it immediately.
