Does anyone really know what's going on?
Those of us in IT managed services operate, live and work in a world surrounded by huge — often cloud-based — third-party systems which, by their internal nature, are opaque to both users and to each other.
While these often unintegrated systems hold vast amounts of data, the UI, authentication, authorisation and logging of each varies wildly. We (generators of the data) and our clients (owners of the data) have little influence on how these systems integrate and little ability to apply business rules to the data. Yet, it is exactly this integration that is necessary to realise productivity efficiencies in the IT MSP industry, to provide opportunity for improved service outcomes to the end-customer.
The IT industry is trusted by customers — be they SMEs or corporates — to know what is going on with their technology. But, given what I’ve just outlined, we are mostly kidding ourselves if we think we can know or find out what is really going on via the various unconnected web UIs that proliferate the world of cloud-based third-party systems. For example, do the deliverables (and config) in the RMM and AV systems match the support contract and billing system for each customer of an IT MSP? And are all those systems configured in a way to produce a profit, given the price charged by RMM and AV vendors?
IT MSPs also need to contend with the threats of potential bad actors, including hackers or insiders, misusing information in the third-party systems with minimal risk of being discovered. Most cloud-based third-party systems lack the ability to log API/User access, let alone visualise historical access events.
User interfaces present their own set of challenges, as does the requirement for training new staff on each of the systems. Documenting day-to-day processes for consistency becomes complex and resource-intensive. Even minor customer name inconsistencies between CRM/RMM/ticketing and billing systems can cause havoc — at best, disrupting smooth operation and at worst, creating hidden problems within billing and reporting functions.
When a staff member leaves an IT MSP, the user account accessed by that staff member in each third-party system needs to be cleaned up. In some technical systems, this can wipe out the data creation and modification history, making it impossible to audit change history or data access events.
Small IT MSP companies face huge challenges. Consider a company that employs four staff. In this situation, it’s normal for most staff to have access to all third-party systems (except maybe the accounting system). As a minimum, this is likely to include: CRM, Ticketing, Account, RMM, AV and Documentation. There are likely to be more, but let’s assume for the purposes of this example that it is confined to these six.
Each staff member needs a username and password for each of the six systems, which means there could easily be more than 20 user accounts. For a small IT MSP, properly overseeing this, managing appropriate password controls and maintaining access levels is a lot of work. And that’s just one client.
To really have an understanding of what is going on, we need one single UI system to provide a god-like omnipresent view similar to a finely developed computer strategy game. Some vendors are moving down that path, likely leading to increased risk of vendor lock-in for the IT MSP.
On a positive note, most third-party systems provide an API that can be coded to form a glue layer between each system. Unfortunately, the quality of each API varies, increasing the skill set required in each of our IT MSPs.
Some third-party systems even allow user accounts to create their own API keys, without offering IT MSP leaders a method to oversee the process and ensure that API keys are provided to appropriate staff and regularly rotated.
Assuming an IT MSP has the expertise to overcome the challenges implementing the APIs, then comes the question of scope — does the IT MSP merely implement code to sync data between systems, and perhaps automate the collection of data into a regular report? Or does the IT MSP seek to create their own user interfaces so that IT staff can perform duties without needing to log in to each system?
Investing in API coding expertise can expose the IT MSP, as that knowledge can leave the business when staff move on, creating a significant skills gap that must be filled to maintain all the API glue.
Of course, there are no easy answers or quick fixes to these issues. But these challenges are something we experience every day with every client, so finding a solution is my passion... if only so I can say I know exactly what’s going on!
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
In light of the current situation in Ukraine, the ACSC is urging all Australian organisations to...
Attempting major IT changes late in the day — or week — can be a recipe for disaster.
Can Australia really be seen as a leader in technology and innovation without access to...