banner-why-daymark.jpg

Information Technology Navigator

Tips, Advice & Insights from Technology Pros

Cost Justifying a Data Protection Service

Posted by Tom Jensen

Wed, Nov 30, 2016

Data Protection.jpg

To date, we’ve looked at making a compelling financial case for an investment in software and making the business case for a new disk array. In this last blog, I’ll talk about making an increasingly frequent IT decision, seeking the expertise of an IT Managed Service Provider.

Example:

  • The Situation: A business is struggling to manage their internal data protection service. They are constrained from a head count perspective and have come to rely on a parade of contractors and consultants to help them “fix” their environment only to have to repeat this process every 12 months. They are constantly missing their data protection SLAs but have not been able to convince management to invest in additional staff and updated technology. The business is looking to engage a Managed Service Provider to take over the management of their data protection environment.
  • The Technology Decision: In this example there is no real specific technology decision to make. The questions that need to be answered is which managed service provider has the expertise to meet the business’ needs and can the managed service provider deliver the required service levels at a lower TCO than the business itself.

“The questions that need to be answered is which managed service provider has the expertise to meet the business’ needs and can the managed service provider deliver the required service levels at a lower TCO than the business itself.”

  • The Financial Analysis:
    • A TCO analysis for both service models (internal services versus managed services) is needed to answer the question “How can we deliver these services in the most cost-effective manner?”
    • The TCO models need to be based on the multi-year costs of the hardware, software and staff needed to meet the data protection requirements of the business.
    • The cost of delivering data protection services should be driven by the recovery SLAs required by the business’ applications. These SLAs are typically defined in terms of Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs). These specifications dictate how many business transactions can be lost (RPO) and how quickly the data must be recovered (RTO). This in turn drives the architectural decisions needed to meet these objectives including: infrastructure technology, backup schedules, backup types, retention policies, application-specific technologies, etc.
    • This is often a challenging process because a service provider may not have enough information to accurately determine what the most cost-effective mechanism is for delivering the required services. Consequently, these service contracts tend to include, and for good reason, many caveats and stipulations around the cost of providing these services. It is a time-consuming and costly process to develop an inventory of the entire in-scope environment, understand the RPOs and RTOs of each application, assess what the most cost-effective technology is and then design an infrastructure and operational model that will meet those objectives over the life of the contract. And by the time this is completed, it will probably be obsolete! So, the providers need to stipulate things like: standard tiers (e.g. platinum, gold, silver) of data protection, cost per GB of protected data for each tier, maximum capacity allowed per tier, operational recovery RTOs/RPOs (i.e. normal business hours recovery) versus disaster recovery objectives (i.e. loss of a site), self-service recovery options versus full-service, migration of historical data to new media types, special data management events (e.g. legally mandated data discovery activities), who’s responsible for various hardware and software maintenance, upgrade and refresh activities. As you can see, unless there’s a clear definition of the scope, and requirements and responsibilities for providing the service, it can be quite a challenge to do a rational TCO comparison.

“One of the biggest mistakes business make when performing this TCO analysis is completely under estimating what it costs for them to internally provide the required services.”

  • Discussion Points:
    • One of the biggest mistakes business make when performing this TCO analysis is completely under estimating what it costs for them to internally provide the required services. A big reason for this is that the business is indeed NOT meeting their requirements, but either they don’t realize that or choose to ignore it. For example, if they have a goal to successfully complete 98% of their daily backup jobs, but never meet that goal, then they can’t use their current cost structure to compare their costs because they don’t meet their stated objectives. Comparing the costs of a Service Provider (who will guarantee to meet SLAs) against internal processes that are falling short is like comparing apples to oranges.
    • Businesses often compare their internal head count when doing TCO analysis for a managed service provider (especially if the service provider will have personnel on site at the business) and can’t understand why they only have two FTEs managing the environment and the service provider pricing includes four FTEs. The reality is that the current business model is understaffed and is one of the reasons why SLAs are not being met. Again, it’s an apples and oranges comparison.
    • Businesses need to take a hard look at how they compute the internal TCO of providing a service, especially when that analysis is being used to compare the cost of providing the services using another model (e.g. a Managed Service Provider). Building a TCO based on the cost of a service that does not meet SLAs is misleading. And there are often hidden costs that businesses fail to include in their TCO models (e.g. other personnel that perform related services that aren’t included and shared infrastructure costs).

“Comparing the costs of a Service Provider (who will guarantee to meet SLAs) against internal processes that are falling short is like comparing apples to oranges.”

Financial analysis of IT infrastructure investments are becoming a standard part of the decision making process today. TCO and ROI analyses should be leveraged to help business and IT leaders make investment decisions that deliver the greatest value. This is becoming critical as CIOs now have multiple methods, including the classic data center model, of delivering IT services to their business units. Need help determining the ROI and TCO of your next technology investment? We’ll be happy to help. Contact us today.