Nuvolex Blog

Service Automation & Cloud Security: Foundational Elements of a Successful Cloud Service Provider

The world has seen 3 years’ worth of cloud adoption occur over the last 6 months. As a result, a majority of Managed Service Providers (“MSPs”) have had to rapidly evolve their business model to ensure that they can support a “cloud-first” customer base, and do so in a cost effective and secure manner. However, the ability to cost effectively and securely manage multiple customers, their end users and a variety of cloud applications, while providing a high-quality of service is proving to be quite a challenge.

Historically, MSPs have had access to well-established tool sets that allow them to manage their existing customers’ on-premises hardware and software, as well as end user mobile devices – think RMM. Unfortunately, these tools are not built to support this new class of cloud-based applications (“SaaS”). Because of this, an MSP’s transition to become a Cloud Service Provider (“CSP”) is not that straightforward and is causing many MSPs to completely rethink how they‘re going to deliver cloud managed services to their customer base.

The Disruption

For MSPs that want to evolve into a CSP and strive to deliver cloud managed services in a very cost-effective and secure way, Advanced Service Automation & Security both need to be at the forefront of any cloud services delivery model. 

Let us be clear, Covid-19 was the catalyst to this massive global shift across all organizations to a remote workforce, and subsequently, a much more aggressive pace of SaaS adoption. The problem is that this shift happened so quickly that many MSPs were not fully prepared to heavily transition their existing on-premises services delivery model to this new cloud centric services delivery model.  With Microsoft 365 and Azure being the most consumed cloud applications inside the MSP customer base, these cloud applications needed immediate administrative attention.

Microsoft 365 is a feature rich SaaS offering that includes several business-critical applications, all bundled into easily consumable subscriptions. It is a very powerful offering, but (unfortunately) it also comes with significant administration complexity. Microsoft does not provide a single Microsoft 365/Azure administration console for the MSP community to easily manage Microsoft 365 and Azure across their end customers. This resulting administrative inefficiency has overwhelmed most MSP Service Desks. Consequentially, it has slowed down service remediation which has caused senior IT staff to be on the receiving end of too many Microsoft cloud service escalations.

This not only has created a highly inefficient use of IT resources inside MSPs, it has also eroded MSP service margins by taking more time to complete common administrative tasks. This problem still exists today in a majority of MSPs.

Addressing Inefficiencies and Vulnerabilities

With Cloud Managed Services being the new business model for the MSP, how can one build and scale a profitable cloud services business while providing a secure environment for their customers’ data? The key – adopting a cloud management platform that combines extensive service automation and advanced security policies – think Cloud RMM.

To start with, any cloud management solution considered must have multi-tenant management capabilities at its core. This “Single Pane of Glass” administration console must allow for concurrent administration across all MSP end customers as well as the entire Microsoft cloud stack. In addition, the solution must enable MSPs to heavily automate the remediation of the most commonly recurring cloud service requests. More importantly, speedy remediation of these daily Microsoft 365 and Azure administrative tasks must occur at the Service Desk, removing the need for advanced knowledge of cloud administration portals and PowerShell scripting. Finally, such a solution must also include advanced Role Based Access Control (“RBAC”) capabilities.  Let’s explore the RBAC concept further.

Protecting Customer Data

Beyond inefficient administration that exists with the various Microsoft 365 administration portals, there are major security gaps as well. Today, every customer that an MSP Service Desk manages requires the MSP to hand out Global Administrator credentials to each Service Desk administrator. This must be done to administer any customer’s Microsoft 365 and Azure account.

Beyond that, if the customer has users still residing in an on-premises AD environment, then AD access credentials must also be passed on to the Service Desk administrator staff. Both processes provide unlimited access to customer data, presenting a significant security flaw within each MSP.  In 2019, over one third of all security breaches were caused by insider threats – administrator access to customer login credentials.

To protect against such threats, MSPs must implement a cloud management solution that not only offers extensive service automation, but also includes advanced RBAC capabilities. In doing so, MSPs are then able to restrict the access rights of any individual Service Desk administrator at a very granular level. This gives MSPs the ability to have full administrative control over their entire IT organization, ensuring that each administrator has access only to the tenants, users, and cloud administrative functions specific to their role inside the organization. MSPs cannot continue to hand out Global Administrator and AD Administrator credentials to each IT personnel if they make protection of customer data a high priority. Those unfettered access rights must be preserved for the most senior IT administrators on the MSP staff.

Time To Take Action

As MSPs transition to a cloud managed services business model, efficient and secure administration is imperative to the quality and efficiency of cloud services delivery. To provide a premium cloud service delivery to customers, especially with regards to the Microsoft cloud stack, MSPs must look to implement a cloud management solution that heavily automates provisioning, deprovisioning and daily administration across all Microsoft cloud workloads. Additionally, they must find a solution that also increases their security posture, in order to properly protect customer data.  In doing so, MSPs will be able to develop a scalable business model that drives profitability and superior cloud services delivery.

Cloud Managed Services is the future for MSPs, and the future is here!  The MSPs that fail to put in place the proper tools and procedures that include extensive service automation and advanced security – they will get left behind.

Share this post