For the upcoming IMN Data Center East Conference, I’ve been invited to speak on the panel called “Staying Ahead of the Curve on Services” about managed services for data center operators.
From my experience, two of the highest value managed services a data center operator can provide are backup and managed security services. I wrote about backup services in a previous post, so this one is about considerations for offering security services around cloud computing and colocation.
Hosted security as a managed service requires a much larger investment than backup services. Significant dedication and resources are required to achieve a solid security posture that coordinates a company’s people, processes, and technologies, but greatly increases value for clients.
Some technologies are easy security entry points. Antivirus, patch management, SSL certificates and managed firewall are good places to start. In my opinion, these services are table stakes to play in the cloud computing market and many colocation clients have come to expect the same set of options as managed services.
Offering an expanded set of services for strong security is a much harder business decision. The investment to deliver expanded security services such as two-factor authentication, log monitoring and review, file integrity monitoring, vulnerability scanning and web application firewalls requires additional expertise and ongoing support resources.
Often, it is the commitment to developing repeatable, reliable processes that truly begins to differentiate those with a thin layer of security “frosting” compared to those who are baking it in throughout the solution. This requires deliberation at the design level, rigorous testing at the implementation level, and expertise in standard frameworks that prioritize thorough change management, peer review, and often third party auditing. Strong services can take a significant investment that may not fit many it can take for a colocation provider to offer cloud computing and colocation providers’ business plans.
The benefits the client receives with managed security hosting is both direct and ongoing. For many clients, the cost to build the security skill set and bring the technology in-house is an order of magnitude higher than what they pay their hosting provider to deliver. The service provider can amortize the investment in technology, people and processes over thousands of clients, delivering a very cost effective approach to strong security.
For example, at Online Tech, we chose to implement a full PCI-DSS (Payment Card Industry – Data Security Standard) security suite based on the mid-market, security conscious market we serve. PCI-DSS requires one of the most comprehensive, prescriptive security suites of all of the compliance audits that we support, so we decided to base our security offering around these security requirements. We offer the PCI-DSS security suite as part of the PCI Compliant Cloud offering, but all of the security services can be added to environments even if they don’t have to protect cardholder data.
There are a number of managed services that data center operators can offer as win-win services for their clients. Services that the service provider can deliver more cost effectively than the clients can purchase or hire out themselves because service providers can deliver these services repeatedly and reliably across thousands of servers.
Backup and security are examples of two of the managed services that we see a high uptake from our client base, but with very different investment profiles. Of course, the managed services a data center operator provides needs to match the client base that a company is serving and be competitive in the market.
I’m sure we’ll be talking more about this at the IMN panel later this month.
IMN’s Spring Forum