Cloud Supply Chain Risk – is your MSP in control?
For some businesses, beyond getting homeworking up and running at a whole new scale, lockdown has brought IT strategy to a standstill. Those that do want to move forward can face delays from their Managed Service Provider (MSP) and the restrictions lockdown has placed on them to deliver new solutions into…
For some businesses, beyond getting homeworking up and running at a whole new scale, lockdown has brought IT strategy to a standstill. Those that do want to move forward can face delays from their Managed Service Provider (MSP) and the restrictions lockdown has placed on them to deliver new solutions into their clouds. While this is an immediate impact it has also exposed some of the risks that was already present for MSP’s & under the covers of their cloud services.
There is nothing like a change in circumstance to really test the viability of vendors and the contractual SLA’s you have in place, or would require should you become a customer. Lockdown is the extreme of change and has therefore produced some interesting insight.
Many MSP’s do not own the data centres their cloud is housed in, this can lead to the following issues:
The ability to gain access is often a step removed from the data centre owner to a third party contractor adding layers of supply chain between the end customer and access. This will often affect access when needed the most. Many engineers have sat with critical parts in hand waiting for hours to gain access tothird party data centres while systems were down. All because of this hidden supply chain. So, as far as risk security access is just the start.
Network Operations Center (NOC)
An MSP with their cloud in a third party data centre also needs to find a location for their NOC. This is where they will deliver support and management services from for their cloud. Often these are remote to the location of the cloud hardware, completely removed from the physical side of delivering a cloud infrastructure. Many data centres offer hands and eyes but these are usually only good for changing tapes or hitting the power button on a server. The risk here is more than just distance, most only have a single NOC without a backup for business continuity. This should be explored by businesses looking to move to the cloud and looking for an MSP to support them.
How is your MSP planning to deliver your project? Many use third party contractors and retain very few permanent staff. Transition to the cloud can be a long and complicated process, and occasionally it can take longer than anticipated or delays beyond anyone’s control can effect timescales. When this happens projects can be even impacted further when contractors move on to their next project. Leaving somebody else to pick things up from scratch. This is a huge risk to success of migration.
Software Defined Capabilities
Can your datacentre provider deliver mixed workloads IBM i, AIX, Microsoft & Linux based operating systems, processing, storage and networks as code? Deploying a whole interconnected infrastructure as well as networks can be hard if you don’t control the networking core of the datacentre. To build out this service takes time and investment in infrastructure and staff.
Not owning a data centre also restricts a hugely important aspect you want your MSP to control – investment. A cloud provider can have all the latest and greatest hardware within the rack they rent but if there is not investment in the facilities that house it, the uninterruptable power supplies (UPS), generators, aircon, and networks are at a huge risk from a vendor you have no direct influence over. If they have a power outage you may get service credits but how do you know it won’t happen again?
All of the above is relevant to business as usual but what about during lockdown?
An MSP with a third party data centre has no control over access in lockdown. Most non-critical access has been denied, so therefore new projects have been delayed to minimise staff risk. The MSP may not even be able to deliver new hardware for projects due to restricted access. Your MSP cannot deliver new customer solutions how viable is their business.
NOC – This risk is the same but even larger if you can’t get access to the data centre your cloud is in, the MSP has to do everything remotely.
Transition – If you don’t have control over your project staff during BAU, lockdown makes it worse. If you cannot deliver transition seamlessly and remotely via scripting and utilising a software defined environment you cannot deliver projects.
Software Defined Capabilities
In times of restricted access and risk to staff to physically attend site software defined capabilities are hugely important. These enable continued growth of existing cloud deployments and to continue ongoing new deployments as this can be facilitated by home workers.
Investment – Still out of MSP control
In addition even if your MSP does own a data centre for Primary production IT services what do they do for disaster recovery (DR) or high availability (HA)? If again they are utilising a 3rd party vendor for this all the above is still an issue. Even worse they may split production and DR/HA between two different datacentre providers compounding the risks.
Finally, if anything happens to your MSP and they go out of business or fail to pay their bills the third party data centre could just pull the plug on the cloud infrastructure. You have no control of this scenario.
So when you are looking to move your critical workloads into the cloud run through this checklist with the provider
– Do they own the Data Centre?
– How long does access to the data centre take?
– Where is their NOC located?
– Can they deliver everything as a script are they software defined?
– Who does the actual work (patching, implementations etc)?
Then ask what happens with the above under lockdown conditions.
In summary, you need to look for the MSP’s that have continued to deliver the full spectrum of services during lock down. Those that own their own data centres and utilise their own staff to support these services are truly in control.
Contact Blue Chip to find out how we remove these risks to deliver a Cloud Service that we fully control.