Managed services: What’s next?

When you ask telecom executives how they plan to shore up their companies’ sagging bottom lines, the answer is consistent: managed services.

In theory, that sounds great. Outsourcing is perennially popular with IT shops, and never more so than now, thanks to the economic downturn and continuing pressure on IT departments to cut costs while improving services. So managed services should be an attractive option for all parties: Telephone companies make more money and improve their margins, and IT execs save money and offer improved services to internal customers.

But there’s a catch. IT execs and telcos are worlds apart when it comes to defining managed services. If it’s not addressed upfront, that definition gap can lead to mutual unhappiness and disappointment.

What do I mean? IT executives are moving toward a shared-services delivery model. This means IT departments take responsibility for delivering not only the infrastructure but also the applications, and in some cases business functions that enable a particular business service.

In the old days, IT executives delivered a LAN-quipped PC to each user’s desktop and provided a network in good working order. Responsibility for transferring data over that network rested with the user (or more accurately, the line of business).

These days, IT takes responsibility for ensuring that critical networked applications function appropriately – meaning that a networked accounting application delivers necessary accounting information in a reliable and timely fashion. That involves a far better understanding of what data users need, how they’re planning to use that data, and where it’s stored.

Service providers are only just beginning to make the leap toward understanding this new definition of service. Most telco executives still think in terms of managing and monitoring devices on an end user’s network. That definition was current about 10 years ago when providing a managed frame-relay access device service was considered cutting edge, but it’s now obsolete.

Managed services of the 21st century encompass a lot more than devices. For example, a recent study conducted by my firm found that 100% of responding IT executives acknowledged externalizing at least some of their internal resources (databases, e-mail servers and other applications, even infrastructure). Disturbingly, these executives lacked a policy for determining which outsiders could gain access to what – let alone an effective implementation and audit trail for that policy.

A managed security service, therefore, should include creating and implementing effective authorization and authentication policies, providing encrypted access to externalized resources, and auditing that access to deliver a historical record of who saw what.

Fortunately, some service providers are showing signs of seeing the light. For example, managed-services provider Fiberlink recently announced a partnership with Neoteris (which makes appliances that provide management and control of Secure Sockets Layer-based VPNs) through which the service provider will deliver managed remote-access and third-party solutions.

What makes this offering potentially powerful is that Fiberlink has historically focused on offering bandwidth-independent services and is looking to leverage Neoteris’ strengths in policy-centric security to deliver next-generation managed services.

Stay tuned for similar partnerships in this market.