Blog Series: Managed Services Study 2022
Thomas Ross | September 23, 2022

The Where Makes the Difference: Local Managed Services Providers Score with Data Security and Data Protection in the Cloud

When companies digitalize, the path today usually leads via cloud solutions. And since very few companies are implementing this transformation on their own, managed services providers (MSPs) are more important than ever. This is confirmed by the “Managed Services 2022” study, which NTT DATA Business Solutions Germany conducted together with the team from CIO Magazin, CSO online and COMPUTERWOCHE: 78 percent of respondents use additional services when moving to the cloud, and 79 percent additionally obtain (strategic) consulting services. But what about data security in the cloud?

Laptop, notebook and survey chart on a table represent the managed services study by NTT DATA Business Solutions

The study initiated by NTT DATA Business Solutions Germany identifies the most important success criteria for working with an MSP, the added value of outsourcing, and what the situation is with regard to data security and data protection in the context of managed services.

In addition to the assessments and experiences of the surveyed companies, we would like to present our view as a managed services provider. That is why we are supplementing the survey with a series of interviews – in the forth part with Thomas Ross, Account Manager at NTT DATA Business Solutions AG.

Bild von Thomas Ross, Account Manager Managed Services
"Most companies are rightly very sensitive about data protection and data security in the cloud. Some attach importance to their IT being operated exclusively in Germany - or at least within the EU. [...] There is a justified desire to protect one's own data against all eventualities, for example in terms of personal rights and against industrial espionage."

Thomas Ross Account Manager Managed Services

Mr. Ross, local managed services providers usually offer local hosting and managed cloud services. For data security and data protection, 60 percent of the companies surveyed preferred an MSP from Germany or the EU to one of the international hyperscalers. What is the truth of this assessment?

Thomas Ross: Most companies are rightly very sensitive about data protection and data security in the cloud. Some attach importance to their IT being operated exclusively in Germany – or at least within the EU. In this respect, the figures in the survey match our perception. There is a justified desire to protect one’s own data against all eventualities, for example in terms of personal rights and against industrial espionage.

How this goal is best achieved, however, must be evaluated on a case-by-case basis. For example, legal and regulatory requirements are often open to interpretation: Company A concludes that it may work with one of the major hyperscalers. After all, Microsoft Azure, Google Cloud Platform (GCP), and Amazon Web Services (AWS) have data centers in the EU – with certifications that prove they meet the required compliance specifications. So Company A outsources significant parts of its IT to the Azure cloud in Ireland. Company B has the same requirements, but rejects the Azure cloud because their own data protection requirements are not clearly applicable. In such cases, we are happy to advise and, if desired, can deliver our managed services exclusively from Germany. And if we work from abroad, we are still EU-DSGVO compliant.

What is the extra security benefit that a German provider like NTT DATA Business Solutions offers?

Thomas Ross: Hyperscaler means public cloud. For more protection, there is a private or provider cloud. As a provider, NTT DATA controls the entire stack: its own building, its own employees and servers. So we can take responsibility for everything. This security is provable. We have experience with critical infrastructure, for example, for automotive suppliers, pharmaceutical companies and other manufacturing companies, banks and insurance companies that want to protect valuable data from intrusion.

In principle, we also operate customer systems on the basis of hyperscalers, but secured in accordance with our high standards. As a partner and advisor to the customer, we ensure this security and have demonstrably high quality standards – even when we draw on global employee resources.

There are scenarios in which a hybrid architecture with components from the public and private cloud makes sense. What would be an example of this?

Thomas Ross: The applications and their requirements determine how we can combine the capabilities of the public cloud and classic, specialized environments. For example, our private cloud is optimized for SAP workloads. A frequently used hybrid scenario: Web applications and office applications run on the hyperscaler and the SAP systems in a private cloud or SAP public cloud. Ideally, a hybrid landscape combines the advantages of the different worlds. However, it can also complicate the overall structure: The more heterogeneous the landscape, the more important it becomes to secure it.

How does a managed services provider proceed to design a custom-fit architecture for a company?

Thomas Ross: First, we talk to the company about its legal and regulatory requirements, and also about the personal preferences of the managing directors and owners. What level of security is needed? What safety-critical information is stored in the systems, for example patents, recipes, design plans? Then the short- and long-term goals are determined: What should the company’s own IT be able to do, what should be outsourced, what is the overarching strategy? Consulting also includes creating a common understanding: What do we define private, public and hybrid cloud? How can we achieve compliance with the GDPR in Europe, Asia or globally? And finally, there is the comparison with the budget – because secure cloud computing is also a commercial and business decision. My experience here is that there is a growing awareness at decision-maker level that security can cost money.

When talking about money, there is a view that hyperscalers will always cost less than a private cloud.

Thomas Ross: Companies have to look closely here, because some cloud providers have complicated pricing models. It is worthwhile to precisely track the total price per month or per year. We have observed that many a customer is “blindsided” here. So don’t enter the public cloud naively, but examine and compare the price models.