Mike Wardell, CEO, Giacom, and Brian Hamel, CEO, Nuvolex, explain why advanced service automation and security both need to be at the forefront of any MSP’s cloud services delivery model
The world has seen three years’ worth of cloud adoption occur over the last six months. As a result, a majority of Managed Service Providers (MSP) have had to rapidly evolve their business models to ensure that they can support a cloud-first customer base and do so in a cost effective and secure manner. However, the ability to do this while also supporting their end users and a variety of cloud applications, all while providing a high quality service is proving to be quite a challenge.
Historically, MSPs have had access to well-established tool sets that allow them to manage their existing customers’ on-premises hardware and software, as well as end user mobile devices – think RMM. Unfortunately, these tools are not built to support this new class of cloud-based applications. Because of this, an MSP’s transition to reselling cloud services to its customers is not that straightforward. This is causing many MSPs to completely rethink how they‘re going to deliver cloud-managed services to their customer base.
Covid-19 was the catalyst to a massive global shift across all organisations to a remote workforce, and subsequently, a much more aggressive pace of SaaS adoption. The problem is that this shift happened so quickly that many MSPs were not fully prepared to heavily transition their existing on-premises services delivery model to this new cloud centric services delivery model. They required immediate administrative attention and support.
Management of the Microsoft product suite was initially designed around the needs of the Enterprise – i.e. IT professionals managing hundreds or thousands of users in one organisation. As such, Microsoft does not provide a single Microsoft 365/Azure administration console for the MSP community to easily manage Microsoft 365 and Azure across their end customers. This resulting administrative inefficiency has overwhelmed most MSP Service Desks. Consequently, it has slowed down service remediation, which has caused senior IT staff to be on the receiving end of too many Microsoft cloud service escalations.
In addition, it has also eroded MSP service margins by taking more time to complete common administrative tasks. This problem still exists today in a majority of MSPs.
The reality is, management of the Microsoft product suite also extends to IT professionals supporting the channel, where they need to manage multi-tenants for several clients. With cloud-managed services being the new business model for the MSP, how can one build and scale a profitable cloud services business while providing a secure environment for its customers’ data? The key is adopting a cloud management platform that combines extensive service automation and advanced security policies – think Cloud RMM.
Such a platform must have multi-tenant management capabilities at its core. This ‘single pane of glass’ administration console must allow for concurrent administration across all MSP end customers as well as the entire Microsoft cloud stack. In addition, the solution must enable MSPs to heavily automate the remediation of the most commonly recurring cloud service requests. More importantly, speedy remediation of these daily Microsoft 365 and Azure administrative tasks must occur at the service desk, removing the need for advanced knowledge of cloud administration portals and PowerShell scripting. Finally, such a solution must also include advanced Role Based Access Control (RBAC) capabilities.
Protecting Customer Data
Beyond inefficient administration that exists with the various Microsoft 365 administration portals, there are major security gaps as well. Today, every customer that an MSP service desk manages requires the MSP to hand out global administrator credentials to each service desk administrator. This must be done to administer any customer’s Microsoft 365 and Azure account.
Beyond that, if the customer has users still residing in an on-premises AD environment, then AD access credentials must also be passed on to the Service Desk administrator staff. Both processes provide unlimited access to customer data, presenting a significant security flaw within each MSP. In 2019, over one-third of all security breaches were caused by insider threats – which could include exploiting administrator access to customer login credentials.
To protect against such threats, MSPs must implement a cloud management solution that not only offers extensive service automation, but also includes advanced RBAC capabilities. In doing so, MSPs are then able to restrict the access rights of any individual service desk administrator at a granular level. This gives MSPs the ability to have full administrative control over their entire IT organisation, ensuring that each administrator has access only to the tenants, users, and cloud administrative functions specific to their role. MSPs cannot continue to hand out global administrator and AD administrator credentials to each IT administrator if they make protection of customer data a high priority. Those unfettered access rights must be preserved for the most senior IT administrators on the MSP staff.
As MSPs transition to a cloud managed services business model, efficient and secure administration is imperative to the quality and efficiency of cloud services delivery. To provide a premium cloud service delivery to customers MSPs must look to implement a cloud management solution that heavily automates provisioning, de-provisioning and daily administration across all Microsoft cloud workloads. Additionally, they must find a solution that also increases their security posture, in order to properly protect customer data.
The MSPs that fail to put in place the proper tools and procedures that include extensive service automation and advanced security will get left behind.
Read the latest edition of PCR’s monthly magazine below:
Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.