IT Managed Services, as many would concur, is mostly preferred by organizations who:
A. wants to reduce their IT infrastructure management hassles
B. needs IT Specialists to handle their networks
Many organizations, during their life-span, start-off with smaller servers and their IT department grows along with the organization. A time comes when these organizations build their own server rooms. However, this IT infrastructure expansion also brings a host of other issues, viz. retaining the specialized man-power to handle the IT operations and the daily IT tasks.
It is at this stage that organizations start thinking in terms of outsourcing these IT tasks to vendors who provide managed services. Contracts are signed and expectations run high. These contracts are awarded to those organizations, which have an excellent presence and have resources to honor the commitments of the contract.
In order to tackle the daily issues related with management of Internet and WAN Links, server uptime and central management of resources, Managed Service Providers normally advise to shift the “server room” to a professionally managed Data Centers.
However one thing needs to be understood that access to data center is restricted to only those who manage the servers i.e. IT Partner, while others (Parent Organization) need permission / special access card.
Along-with this, the responsibilities of the Managed services partner are to ensure that business continuity is not hampered and they also have to provide resident engineers to assist the end-users to resolve their IT related issues.
All these tasks form a part of the contract. One un-foreseen factor is that the IT-users of Parent organization are used to certain IT ethics which might be abhorred by the Managed Services Partner. Smaller tasks which uptill now were being performed by the in-house IT engineers is now being managed by professionals. Over the years of working together, a certain bond is created between the employees, everyone knows everyone like the back of their hand and suddenly one day everything changes.
These aspects of human life are never taken into consideration while drafting / negotiating / finalizing a contract. Organization vying to migrate from self-service to managed service should take these aspects into considerations and ensure smooth migration, at all levels.
Interaction of Top-management and Middle-management with their employees, who incidentally form the 99%, is of utmost importance, as it instills confidence into the workforce, make them understand the basics of this migration, the problems they may face and how to overcome these issues.
However, things may go awry and when this happens, the Managed Service Partner may just refuse to handover the passwords and system access or may go to the extent of changing all the important passwords.
1: Parent organization looses control over its entire network including the servers.
2: Legal aspects will take precedence.
3: The very reason for out-sourcing i.e. ensuring Business Continuity, has suffered.
Technical Point of View:
1: Limited options for anyone to hack into the servers as physical access is restricted.
2: If laws are NOT meant to be broken then it would require ninja skills (forensics ability) to extract the required information i.e. passwords, without accessing the servers (Physical/Virtual) – as physical access is ruled out and virtual access would constitute breach of Cyber Laws, even though it is the Parent Organization which is conducting the hack to get into the system which belongs to them.
However, since management of these IT systems is done by the IT Partner, this is a classic conundrum for the third Party Data Center – who should be provided access is one question, which cannot be answered and over here comes the legal aspect – a Court order.
Business/Legal Point of View – for a safe future:
1: A team from the organization’s side, should always have 24×7 access and should be a part of the team to authorize password changes.
2: Legal Contracts should include, this above point.
3: Passwords and System to be treated as a property of parent organization and should be the de-facto right. The right to access the servers.
4: Irrespective of the issues – business continuity shouldn’t be hampered.
I will end today’s blog-post with an ancient saying “No Smoke without Fire”