What is an IAM Managed Service?
Businesses are under pressure to increase agility which in turn increases IT complexity. IAM managed services help seamlessly manage identity’s security environments, allowing businesses to focus on innovation. It means the technology and infrastructure behind identity is no longer relevant to you. What you care about is the business requirement and how you link your processes to the overall identity model in your organisation. Federating with your partner is as easy as on-line shopping. You fill in a form and the magic happens without engaging your own resources.
IAM DIY…
I am a keen cyclist, so it naturally came to my mind to compare MSP and technology to this sport. Imagine an average Joe (like myself), riding his bike on a weekend. I carry a spare tube and a pump with me in case I ride over a nail. I am self sufficient, but it will probably take me 30 mins to get back on the road if the unfortunate happens. MTTR (Mean Time to Resolution) is sufficient but for an amateur athlete who is competing is simply not enough. So what do they do? They go technical and carry a little CO2 cylinder with sealant. They can be back on the road in few minutes, so the MTTR has decreased significantly. Let’s have a look at professionals. You’d think, they would have an integrated system that fixes the issue even faster, without the need to even get off the bike. Yet, they carry absolutely nothing. They have a car following them. That car has everything from spare wheels to whole bikes. Most importantly, inside that car you have a team of specialist bike mechanics who live and breathe fixing bikes. A professional cyclist focuses on the job at hand and what they are about – putting enough power through the cranks in order to win the race.
In business, it’s very similar. You really need to focus on what you are about. That being financial services, building, manufacturing – you name it, that’s what you do. Identity is incredibly important these days, it’s at the heart of security but at the same time it’s merely a tool to achieving your business goals. MSP is a tool to help you achieve your business goals. You’re less likely to introduce a weak points in your tech ecosystem if you utilise those who do it full time – all the time.
Why is there a market for MSP (Managed Service Provider)?
You may be wondering why big vendors need MSP partners? The answer follows the principle above. If you look closely, vendors are about the product. They want to get you on board, enable your operation, cut the umbilical quickly and move on. It’s also not just about sell, sell, sell. It’s about focusing their resources to grow the business and do what they are about. What is it ? Developing the product and growing their customer base! What is an MSP about? Enabling the business and taking the pain of managing identity away. A MSP is an extension of both vendor and the business.
What are the most common misconceptions and myths about Managed Service?
I have heard opinions from seasoned CTO’s and COO’s that a MSP is nothing more than a proxy to the vendor, which potentially can limit access to the right resources or even affect the time to execute or recover from an incident. After all only the vendor knows best about their product, they created it, right? Nothing could be further from the truth. Partners carry wealth of experience, after all they are the subject matter experts, spending most of their time in the weeds of the identity world.
The businesses want access to knowledge, pain-free deployments and what we really care about is getting high quality of service – fast.
The perception is changing, but we still have a long way to go. While ‘the ambitious’ choose to retain control and put effort into managing their stacks, ‘the pragmatists’ are taking the path of least resistance – they want to put as little effort as possible to get the best and quickest possible outcome. While MSP probably isn’t for everyone, there are more and more businesses shifting focus towards their goals rather than the technology needed to support them.
What are the downsides about MSP?
Level of control. Both for the infrastructure and processes. If your revenue is large, generally the contractual indemnity does’t cover potential regulatory penalties should a breach occur.
It takes time to develop the relationship and make the MSP team part of your own ecosystem, after all you are still third parties, doesn’t matter how agile you are always some teething problems in the beginning.
It takes a bit of effort to align security and operation standards with your own organisation. We are all different and while ITIL is ITIL and security is somewhat standardised, we may rely on some things more that on the other. For a financial company, making any changes (including the non-disruptive) during trading hours is way above the risk appetite and sometimes against regulatory requirements. This will not be the case for everyone, so a level of bespoke contractual agreement between the parties may be required.
From experience – it takes time to get everyone in the organisation aligned to make the step. Factor this in when planning a transformation to this model.
Making a business case for a IAM Managed Service
By using two important tools. Risk framework and TCO (Total Cost of Ownership). And when we think TCO, let’s not forget things that are difficult to quantify. It’s not just the cost of human resources, but all the things we normally forget about. Training, maintaining support teams, avoiding single points of failure, recovering from outages and lastly time to execute. Many projects fail, because they cannot be delivered in time.