The Hedge Fund CTO’s Guide to Managed IT

By Nick Mancini, Chief Technology Officer

As someone responsible for your firm’s technology, the procurement of outsourced IT services is one of the most important decisions you can make. Selecting the right provider for your needs can yield a huge ROI.

When considering managed IT, some of the questions you may ask include:

  • What services do I need?
  • How do I know which service provider to choose and what questions should I be asking them?
  • How can I ensure institutional knowledge is retained in the outsource process?
  • With the evolution of service delivery models, such as cloud computing, how do I know what I buy now will last?

As a CTO, CIO or senior IT manager at an alternative investment firm, you know the financial space relates uniquely to IT provisioning. Firms can have very large revenues, require critical applications, and yet have a small physical IT footprint. This guide is written with you in mind.

A managed IT service provider specializing in alternative investment firms knows the intricacies of this environment and how to maintain uptime on your trading applications, secure your intellectual property and scale your IT capacity to meet your growth.

As you evaluate whether outsourcing IT is right for your firm, consider these four key principles:

  • Be Clear
    Outsourcing IT is all about value-add. When evaluating an IT partner, establish with them their specialty and how they can add value — and time — back to your day or department. As they handle security and proactive maintenance, you can get back to driving output.
  • Choose Your IT Provider Carefully
    Always do your due diligence before handing the reigns over to a provider. As you review a provider’s references and service charges, also evaluate how they deliver and measure their service.  Conduct an in-depth review of the provider’s financial standing , ask for client references and do a competitive analysis of their service charges.
  • Define Your Service Levels (And Credits)
    Focus on the areas critical to your business and apply any service credits to those areas. Don’t get sidetracked by meaningless metrics.
  • Have an Exit Strategy
    You need a clear plan up front about how you will disengage from your provider, and write it in the contract. This saves a lot of potential conflicts in the future.

 

A Timeline Of Managed IT Services

Past

Although IT outsourcing enjoys a higher profile today than ever before, the concept has been around for many years. Blue chip technology companies, such as IBM and DEC, were providing outsourced IT services in the 1980s, even in the form of hosted services.

At that time, the services were typically targeted at large corporations and very few SMBs were eligible. Historically, there were two categories of managed IT solutions available:

  • Application Managed Services
    The provision of a managed application, or suite of applications. The applications were usually aligned to a core function such as HR, or to a particular market segment, like hedge fund CRM software. In the trading world this type of offering is reasonably mature.
  • Infrastructure Managed Services
    The delivery of the underlying infrastructure that supports the application estate. This may cover all or part of the infrastructure environment, from network and data center through to the desktop and help desk.

Present

Over the past five years there have been many developments in the managed services space. Two of the most significant have been:

  • The acceptance of software as a service (SaaS) and platform as a service (PaaS) as a means of application delivery. These models have three key benefits:
    • Deployment lead times can be significantly reduced with the application already running somewhere else.
    • Licensing models are much less capital-oriented than traditional models; generally you pay a monthly subscription as opposed to a large upfront amount.
    • You don’t have to worry about building or managing the infrastructure, as it runs from the provider’s data center.
  • The growth of multi-tenant infrastructure management tools, which have had several effects:
    • IT managed services have become more accessible to a wider client base, including SMB organizations.
    • Smaller providers can deliver IT managed services because of new toolsets, which previously only enterprise providers could offer.
    • There is a wide variance in the quality of services delivered. New tools do not turn break/fix providers into managed service providers overnight.

In both cases, the Internet has become an acceptable channel for both managing infrastructure and delivering applications. However, the rapid growth of both services and service providers means the market is more disjointed now than ever.

Future

This is certain: IT outsourcing will continue to evolve. New delivery technologies are emerging, network bandwidth continues to become more accessible and innovative charging models are developing. The most significant development in recent years has been the growth of cloud computing.

While there is no single view of cloud computing, it’s obviously impacting the delivery of IT services significantly. There are three types of cloud solutions: private (dedicated to only your organization), public (shares between you and other organizations) and hybrid (a combination of both).

There are three main categories of cloud-based service:

  • Infrastructure as a Service (IaaS)
    This refers to the delivery of (usually) a virtual environment for the hosting of infrastructure functions or applications. This can range from a simple virtual server to a complex combination of hardware and software resources to deliver a complete application environment. These services usually follow pay-as-you-go pricing models. IaaS is useful for temporary or interim requirements, such as the provisioning of development and test environments or for replicated disaster recovery facilities.
  • Software as a Service (SaaS)
    Managed application services, most notably in the form of SaaS, have been a long established and successful mode of delivery for enterprise applications like risk management, CRM and market data. More recently, the market has expanded to all types of applications, and SaaS is now universally recognized as a smart way to deploy applications without having to invest in the underlying platform.
  • Platform as a Service (PaaS)
    PaaS caters to developers and infrastructure managers who need a remote environment for development and deployment of new applications and services. The cloud-based PaaS offers hardware and software tools, reducing the time to market and cost of entry for new applications or services. 

Cloud services will continue to grow rapidly over the next few years as portfolios expand, and although each of the above services may have a diverse application, they have a common set of benefits:

  • Reduction in ongoing capital expenditure due to economies of scale
  • Virtually unlimited capacity to scale
  • Services are charged on a utility basis

Cloud computing is, no doubt, a game-changer for the industry, but there is still a widespread degree of scepticism about its security. Your IT  should follow these three principles to ensure data security:

  • The data center should have the SSAE 16 and ISO 27002 security accreditations and independently-audited perimeter security measures.
  • The provider should use data loss prevention, information protection and control and identity management systems to monitor, encrypt and control the movement of your sensitive information.
  • There should be evidence of stringent data protection measures, such as encrypted backups and secure off-site tape handling.

 

The Top 7 Reasons to Outsource IT

It may seem comforting to hide behind the safety blanket of in-house, on-premises data management, but this design offers more risk than reward. Downtime, data loss and decreased productivity are expensive consequences of a poor IT infrastructure. These seven reasons highlight all you have to gain by switching to outsourced managed IT solutions.

1. Maintaining the Availability of Critical Systems and Applications
If your systems are not available, your business cannot function. Well designed architecture, proactive systems management and practical capacity planning are the most effective means of keeping your applications available.

2. Contingency Planning for Disaster Scenarios
It’s the CTO’s worst nightmare. Any number of potential scenarios could cause your business to stop functioning. The most common culprits are power or network outages to your primary data center, or the failure of a major system. Planning needs to consider all aspects of service, from facilities and technology to people and processes.

3. Maintaining Data Security
This is particularly relevant within the alternative investment segment. Order management data, investment ideas and trading applications are the lifeblood of any firm. Your data must be protected from unauthorized access, malicious attack, accidental loss and employee theft.

4. The Ability to Expand Quickly as the Business Grows
A primary firm objective is obviously to increase the value of assets under management. This has a direct impact on the provisioning of your IT services. If your IT function cannot flex, your growth potential could be prematurely restricted. This is less likely to be an issue for a good outsourcer who is proficient in the design, build and operation of new services.

5. Delivering Leveraged Services
Even large alternative investment firms struggle to resource all of the elements of an effective IT service. Outsource providers have the advantage of leveraged functions where the cost of delivering services is spread across multiple clients. As an example, the cost of building a 24×7 operation may be unsustainable for a single operation, but is perfectly viable when that cost is allocated across several clients.

6. Access to Experienced IT Resources
The recruitment and retention of skilled IT resources is always a challenge. Commercial service providers will generally have larger pools of resources with more in-depth technical skills than in-house teams. This is becuase specialist providers can offer greater career development and more opportunity for technical teams to apply their skills. That strength in depth also helps to reduce the impact of sick days, vacations and covering 24×7 shifts.

7. Reducing the Peaks of IT Service Expenditure
Outsourced IT services are, by their nature, more predictable in terms of financial profile. Depending on the cost model you adopt with your provider, an IT managed service should have a flat monthly charge to make IT expenditure more predictable.

 

Choosing the Right Provider

Once you have made the decision to move forward with an outsourced model, what should you look for in a service provider?

You need to be sure your provider can keep up your systems, protect your data and scale to your business growth. Quite simply, this means effective due diligence. And that due diligence needs to cover all the bases, like:

Help Desk Intelligence
The help desk your end users work with should actually be helpful. This includes being:

  • Knowledgeable about your industry and infrastructure
  • Courteous and professional
  • Efficient when resolving tickets
  • Flexible by offering either phone or web portal access to their services

Make sure they have taken no shortcuts in building an effective help desk. A good help desk needs skilled staff, comprehensive training and an investment in the right tools and technology.

Desktop Service Efficiency
Desktop management is one of the most expensive components of any IT service. Your provider should be able to deliver:

  • Quick provisioning of new desktop devices
  • A reduction in end-user problem tickets
  • Effective data loss prevention and security
  • A lower TCO through economies of scale and efficiencies

The key to achieving this is through standardization, tools and processes. This starts with the development of a streamlined build process for desktop devices, establishing baseline patch and security levels, agreeing user policies and profiles that meet specific business needs, building automated application deployment packs and using an effective desktop management toolset to maintain health of the desktop estate.

Highly Available Infrastructure and Application Environment
Not surprisingly, this is No. 1 on the list for most CTOs. An effective service provider will always focus primarily on the availability and performance of networks, systems and applications.

This can be achieved at a number of levels:

  • An operations bridge will provide 24×7 monitoring of system events, alerts, security logs, etc. Any events should be automatically logged and handled as problem tickets.
  • Proactive housekeeping will maintain operating system, database and application environments and avoid any unexpected capacity or performance issues.
  • Comprehensive patch management will maintain the reliability and security of systems.
  • Strong operational procedures and service processes will eliminate unnecessary mistakes and ensure that unavoidable problems are resolved clinically.
  • An effective data protection service will ensure that systems and application data are backed up regularly, stored securely and recovered quickly when required.

Maintained Data Security and Integrity
This is another non-negotiable. A professional IT service provider will already have an effective IT security framework. This should cover all aspects of data security from the client device to the data center:

  • Central data loss prevention systems will ensure that users can only store and move data where your company policies permit. This is particularly important if and when you suspect an employee is about to “fly the nest”.
  • At the client level, anti-virus, personal firewall, media encryption and access control systems help to prevent accidental or malicious loss of data.
  • Identified management systems prevent unauthorized access to your systems and data.
  • Perimeter firewalls, Internet content control systems, anti-spam gateways and intrusion detection/prevention services ensure that your data is protected at the data center.

Defined, Predictable Service Costs
This is usually one of the key differentiators a mature service provider can deliver. A professional provider should offer a catalog of services, which will give you predictable pricing and shorter lead times. This catalog will generally be available as an online application and should be integrated with your procurement process.

Comprehensive Management Policies
In addition to robust operational procedures and processes, your service provider should have well-defined management policies to keep you both in the clear. These include:

  • Information Security Policy
    An effective information security policy sets the standards to which IT systems and networks should comply. This involves looking at all aspects of IT security, from Internet usage through to data protection, with a view to maintaining acceptable use of systems, preventing disruption to systems and avoiding potential data leakage.
  • Service Continuity & BCP/DR Plans
    Service continuity and BCP/DR are interdependent, though often misinterpreted. Service continuity is a process to ensure all aspects of your operating environment are maintained. Disaster recovery (DR) generally applies to the recovery of a primary operating facility (e.g. a data center) following a major incident. Business continuity planning (BCP) has a wider context and includes both service continuity and DR to ensure your IT systems always run smoothly.
  • IT Risk Management Process
    It’s essential to identify, assess and manage risks against the delivery of IT services. This is primarily to remove or mitigate circumstances that could cause a potential service disruption or failure. This is an integral part of the overall business Risk Management plan.
  • Exit Management Plans
    Exit management is often one of the most overlooked aspects of an outsourced IT service. No matter how good your service provider is, there is always the potential you will need to services handled in-house because of an organizational change, merger or takeover. An effective exit plan will outline all aspects of the IT service, including assets, people and procedures, and document how these would be transferred in the event of an exit event.

Informative Service Reporting
The success of any service can usually be measured at two levels: popular user perception and service metrics.

IT outsourcing should not be intrusive. Systems should stay up, applications should meet performance benchmarks and changes should be processed efficiently. You can really only know how your provider is performing against each of these elements through your service reporting framework. A well-structured report will cover a number of components:

  • A summary of service highlights and lowlights
  • Performance against service levels such as ticket resolution, infrastructure availability and application performance
  • Details of any major incidents or problems and steps to avoid reoccurrence
  • Changes to the service
  • Capacity planning information
  • Status of any ongoing projects being delivered

 

Is Outsourcing Right for Me?

Deciding what to outsource and to whom can be just as daunting as deciding it’s time to switch for an off-site managed IT service.

There is no rule of thumb to define if you should outsource. However, it’s worth remembering that you want to be in the trading business, not the IT business.

The decision to outsource can often be aligned to other operational areas of your business. For example, if you need to outsource your HR and payroll function, then chances are you need to do the same for your IT. Of course, there may be other factors involved, such as an increased demand that has grown too large for your existing infrastructure.

When delivered well, an IT outsourced service will allow you to focus on your core business without the headache and cost of managing technical systems, technical problems and technical people.

When to Outsource
There may be any number of drivers to outsourcing your IT, but in many cases it comes down to a number of common factors around your internal IT function:

  • Consistent failure to deliver the service levels you require
  • Inability to meet the growing requirements of the business
  • A lack of market knowledge around new IT initiatives
  • Constant resourcing issues around covering rotations, sickness/vacations and the delivery of new projects
  • A failure to retain skilled staff
  • Headcount limitations around the recruitment of new permanent staff members

Any of these factors can have a significant impact on your ability to grow your business. If you choose your provider carefully, these issues can be addressed quickly.

What to Outsource
Outsourcing your managed IT can be as extensive or as limited as you want it to be. A common approach is to start by outsourcing standard IT services such as help desk, desktop, infrastructure and data center management. When you gain more confidence in your provider, you can always increase the scope of services they provide.

Next Steps When Choosing Managed IT

We hope this guide didn’t scare you off. Yes, outsourcing can be complex, but you’re a CTO at an alternative investment firm — you can handle anything. Especially when that “anything” involves a little bit of research in exchange for a high ROI and a potential promotion when your CEO sees how successful the outsourcing becomes.

Of course, choosing the right partner is the linchpin of getting your boss’s praise. We want you to make the right choice, which is why we wrote this guide.

As you consider prospective vendors, we hope you’ll add Agio’s name to the list. Our background in financial services will make us stand head-and-shoulders above the pack, and that’s on top of our glowing references and above-and-beyond service mentality.

If you ever have questions about choosing an IT vendor and want to talk tech, CTO to CTO, I’m here for that, too. Contact me or anyone from Agio’s team and we’ll be able to help you understand why Agio is the best choice for your business.