Chuck's Blog

Context

IT service providers come in many flavors and colors.  As IT gets more and more complex, there’s increasing interest in consuming IT as a service, rather than as a product stack.

Whether it’s SaaS (software as a service), outsourcing, or many other variations – there’s a certain persistent attractiveness in the various alternatives that service providers can provide.

The Information Management Service Provider (IMSP) opportunity?

I’ve written before about IT will have to take a new responsibility for corporate-wide information management in the near future – the informationist perspective.

And we also know that many organizations won’t have the skills, budgets or perhaps the appetite to sign up for large-scale information management projects that they'll be virtually forced to do.

Will IT know how to classify information?  Protect and preserve it appropriately?  Unlock the value of it in new ways for new uses: collaboration, knowledge management, enterprise search, and so on?

Some groups will, some groups won’t.

And for those that want new forms of information management, using an IMSP might be a potentially attractive future option.

The IMSP business model

The first phase of an IMSP business model is convincing the customer to automatically send their data off-site to the IMSP facility. 

Whether it’s remote backup, or email archiving in the financial community, or outsourcing collaboration infrastructure, I think the first “sell” is a service to get the information out of the hands of the customer, and into the hands of the IMSP.

In the physical world, this was Iron Mountain trucks with boxes of paper (or tapes!).

What’s important is the second phase: selling the customer’s information back to them, hopefully with some value added.  In the physical world, these would be the charges you’d incur if you ever needed something back from Iron Mountain.

In the informationist world, this takes a different twist.  We’re not talking about simply letting you recover your files or emails from the service provider, we’re talking potentially important value-added services that are very differentiated.

Imagine an enterprise search capability over a company’s historical data records. 

Or an e-Discovery service that helps you cut legal costs dramatically. 

Or a service that identifies “sensitive” documents, encrypts them in DRM, and audits who sees them and why.

Or can archive an entire development product, marketing campaign or other massive project, and keep it around for future use.

The business model possibilities for potential IMSPs can be quite substantial.  And, when we talk about “sticky business relationships”, hey – they’ve got all of your data. 

We’re talking real Velcro here.

Recent technology developments make IMSPs even more likely than before.

Most IMSP models will need to start with something pragmatic, like remote backup.  Historically, this has been a bit of a challenge on several levels, not the least of which is the need for substantial bandwidth between service provider and client.

Moreover, it’s hard to do useful things with traditional backup images, other than store them and recover them if needed.

As an example, EMC’s Avamar does two useful things here.  First, client-side data deduplication that not only dramatically cuts down the amount of data that needs to be sent, but of course requires far less bandwidth, making the economic proposition all that more attractive.

Second, it stores and presents the backed up images in a directly usable, mountable file system format.  It’s easy to repurpose the information, and do new things with it.

Another important technology development is a new wave of information classification and categorization tools.  Users don’t want to classify their information, besides – they’re no darn good at it.

Better is to have powerful tools that can crack an object, apply very sophisticated recognition technology, and make appropriate decisions.  EMC’s Infoscape is a good example of this technology, one that I’m enamored with.  EMC’s Documentum provides enterprise search, collaboration, workflow and portal uses of information, another interesting component.

I think enough of the technology pieces are in place that I don’t consider technology the barrier to a rich, vibrant IMSP marketplace.

So what’s holding the market back?

First, there’s a natural evolution in any market for service providers.  The biggest companies tend to have the biggest problems, as well as the biggest IT capabilities to go address the problem.  They don’t need service providers, unless it’s all about cost reduction, hence mature.  That’s what’s happening today.

The market demand for capabilities has to grow to the point where there is enough unmet need in enough good-sized organizations that a potential service provider can find a repeatable solution with enough traction to make a go of it. 

There’s some good activity with service providers in backup/recovery and a bit of email archiving.  Indeed, some of Avamar’s early customers were service providers.  But it really hasn’t taken off yet as well as it could.  I would expect the opportunity – and the activity – to grow during 2007.

But there’s a nasty wild card out there – the corporate security officer.

As I talk to large customers, and more than a few service providers, there’s an interesting story that’s starting to repeat itself.

Company believes it is exposed to certain kinds of information risk. 

Company creates information security organization, headed by a very powerful individual to identify and remediate potential threats to information security. 

Said person discovers that the company’s most important asset – information – is being sent to some third party for use and re-use.

Service provider tries to desperately convince responsible executive that there’s no real threat, everything is fine, etc. -- and doesn’t make the sale. 

Service provider loses customer, IT implements in-house solution, and things move on.

It has happened more than a few times, and seems to be happening more often.

If this trend increases, there might be very few IMSPs who can find a viable niche – big enough customer to have a problem, but not big enough to force the model into an internal IT deployment.  That’s a significant limiting factor, in my mind.

What could make the difference

New approaches to information security could make the difference. 

If digital rights management technology was widely deployed for sensitive information (not the case today) and there was good key management and use auditing in widespread use today (again, not the case), our friend the security office wouldn’t have a logical leg to stand on, so to speak.

There’d still be the usual wrangling and fact-finding, but – ultimately – if information is secured properly (as opposed to infrastructure), there should be a real boon in the IMSP business model.

In the EMC portfolio, these technologies are RSA, Authentica and Documentum, plus a ton of integration work. 

But they (or their equivalents) need to be in widespread use, so there’s less of an overall concern of the wrong information getting into the wrong hands.

We’re probably a few years away from that scenario.

And that’s too bad.