It's now happened about a dozen times, maybe more.

In the meeting, we're hip-deep into discussions around SP business models (especially those that want to target enterprise IT organizations).  I start getting into differentiation and specialization, which inevitably leads to a core question: where and how do you want to play in the supply chain?

Supply chain?  Puzzled looks all around.

OK, back up the train.  Draw a big picture on the whiteboard, start filling in boxes, where do you see yourself?

Since it takes so long to draw these pictures, I've decided to whip up a sample slide for two reasons.

One, I'm essentially lazy at heart. 

And, two, there are about a dozen or more meaty SP strategy discussions I can drive off of this single chart.

If you track back all the different companies and specialists that were responsible for your meal, your car, your house, your iPad, your electric power, etc. -- you'll see at least a dozen or more specialized entities involved, sometimes many more.

That, in a nutshell, will get you thinking about a supply chain in a useful way. 

No one -- and I mean no one -- owns the end-to-end picture.  To try and do so is economic suicide.

Instead, each player focuses on one or more roles in the supply chain, creates their unique and defendable value, and passes on their value-add to the next player in the chain.

And there is no logical reason to believe that delivering IT services over a wire will be any different than any of the other bazillion supply chain ecosystem models in our world today.

The Definitive Answer?

If you're looking for the authoritative version of IT SP supply chain models, I don't think it exists yet. 

For one thing, the market is moving way too fast for things to settle down -- legacy SP models are quickly being replaced by newer forms.

That being said, even my lame attempt to represent the components and how they might interact in useful ways is better than nothing.  So far, it's been helpful with the SPs I work with.

Let's Begin Our Tour, Shall We?

The way I'm going to do this is simple. 

I'm going to build up the model, from right to left, filling in quick descriptions of the key components as I personally see them. 

I will not do a single one of these topics or entities any justice in this pass; each is worthy of an extended discussion individually.

Here's the starting point with nothing filled in. 

We have pictures of people on the right, giving way to abstract boxes in some logical arrangement.

Creating a productive SP business model involves being incredibly descriptive about each entity here: do you care, will you differentiate, or will you simply partner to get what you need? 

The more you think about this, the better the discussion becomes.

The Two Buyers

There are two broad classes of buyers who are in the market for IT services.

One is the "IT buyer".  He or she is responsible for aggregating IT services (whether sourced internally or externally), and delivering these services back to business (or organizational) users.

I know a lot about these folks, since EMC has built a very large and successful business in selling to IT buyers of all sizes, shapes and flavors.  Their job is not the easist one in the world.  More here soon.

The other important buyer is the "business buyer".  This is someone who needs to get something done, and needs some IT stuff to do it. 

They may either work with their IT organization to get what they need, or -- with increasing frequency -- go directly to a service provider of their choosing.

Do not assume that the interests of business buyer and IT buyer are always aligned.  Indeed, Salesforce.com built a spectacular SaaS model by targeting the business buyer, and completely bypassing the IT buyer -- and pissing off more than one IT director in the process.

This is not to mean that you have to choose one or the other.  Indeed, the most powerful SP value propositions are when there's something in it for both parties -- the classic "win-win".

The Trust Agents

It needs to be said again -- people buy from people they trust. 

So many IT vendors (products, services, etc.) don't really understand this simple and fundamental truth.

Becoming a "trusted advisor" to either an IT buyer or business buyer is not quick, easy or cheap. 

Good marketing strategies identify who is likely to have this trust relationship already established with your target buyer.

That might be a consultant, a trusted vendor or integrator, a member of their professional community, and so on.  Become trusted by the trust agents, and it becomes far easier to get your value proposition consumed by your target buyer.

So many people try to do it the hard way -- hiring expensive talent that has to work long and hard to establish that essential trust relationship.  Some business models demand doing this, others are better served by partnering for this key role in the supply chain.

The Domain Experts

Whether I'm a business buyer or an IT buyer, I'm not just buying a service, I'm buying domain expertise. 

Think about it: I expect my taxi driver to know where I'm going, even if I don't.  That's part of what it means to offer a taxi service.

The same is true for any and all SP offerings -- as a buyer, I'm expecting expertise that I (a) need, (b) value, (c) trust and (d) have a hard time getting any other way.

If I'm an IT buyer, I'm looking for relevant IT expertise.  If I'm a business (or organizational) buyer, I'm looking for relevant business expertise.  And so on. 

Domain experts can often be trust agents as well (or can support the role of a trust agent).

Indeed, I see so many SP value propositions that bias excessively towards cost savings, when -- in reality -- they have killer expertise that isn't being properly promoted.

If you think about your personal life, you probably consume services from people with unique expertise: doctors, lawyers, plumbers, etc.  Sure, you want a fair price, but you're buying the services of someone who is better at what they do than you could ever be.

Not all SP business models require unique or specialized domain expertise that is customer-visible.  But -- somewhere in the supply chain between what you the SP does and what the final buyer wants -- it's a useful exercise to figure out where that expertise will come from.

User Visible Applications

Now we cross the line from people and roles, to pure service abstractions -- at least, in the model I'm using here.

The first stop in our journey is "stuff that people see", often called applications -- although that description can be painfully imprecise.  "User-visible applications", if you must.  Or "business process applications".

This can further broken down into horizontal applications (stuff that just about everyone uses) like email, calendaring, word processing, social management, etc. and vertical applications (things that appeal greatly to people with specialized roles and/or tasks at hand).

Just to be precise, there are bazillions of internal business processes implemented by groups of applications that -- technically speaking -- users don't interact with much.  But the "stuff that people see" abstraction keeps our attention focused on the bits people care about vs. all the supporting players.

Hint: our bet here is that the market for undifferentiated horizontal application services will rapidly commoditize even further.  However, there are still opportunities for differentiation by doing things that other providers can't. 

For example, not all email and collaboration providers can offer high levels of security, advanced spam control, integrated collaboration modes,compliant archiving, superior availability, etc.

And, if you're a heavy email user in a regulated industry, those things can be very appealing to both the business buyer and the IT buyer :)

But, generally speaking, I encourage SPs not to invest in creating these horizontal and undifferentiated offerings.  They can be part of your broader offering, but I would recommend leaving them to someone who, er, specializes in creating unspecialized offerings ...

Instead, the winning formula seems to be partnering with targeted application software vendors who'd like to make their offerings easier to consume. 

Think about the problem from their perspective: in order for application software vendor to have a happy customer, they're depending on an IT organization to acquire and stand up infrastructure, and not mess it up in any way. 

I have some friends who are in the enterprise application software business, and they continually moan about how when the customer's IT organization does something wrong, it's somehow their problem to go fix. 

Not only that, being able to stand up a killer app on-demand using a servicce provider's resources greatly accelerates their sales cycle.

It should also be pointed out that partnering with application software vendors also gives you access to both domain expertise and trust agents, as mentioned above.  A very attractive go-to-market indeed.

Application Platforms

This is basically the stuff you need to create the stuff that users see. 

Here we'll find a confusing menagerie of databases, middleware, development platforms, etc. etc.

Indeed, the whole activity of building new applications -- whether you're a small developer, or work for a Fortune 1000 company -- is one of those gotta-consider-it opportunities for SPs thinking about targeting enterprise IT organizations.

Not only are enterprises usually willing to externalize their software development platforms via SPs, but -- done right -- your SP model will have first crack at moving them through alpha, beta, pilot and ultimately production, and that's where the real money lies.

On the other side of the equation, just about every software vendor in this space is absolutely motivated to make their value proposition easier to consume via an SP model -- although not all of them have done much about it.

The expertise associated with making all this software platform stuff sing and dance is rather scarce and difficult to access to the vast majority of people who want to use it.  If you were looking to acquire (or perhaps partner) with critical, scarce talent -- you'll find many opportunities in this segment.

Managed Infrastructure

All that software goodness needs to run somewhere.  Enter discussions of cloud and fully virtualized infrastructure.

This isn't just variable compute, network and storage -- it's also the higher level services like security, data protection, performance management, configuration management. 

Go beyond the simple components, and really dig into all the workflows and processes required to run all this IT stuff to get a full appreciation of what's going on here.

The trap here is focus on the cost of the ingredients vs. how good the meal was.

Not everyone wants the cheapest meal available.  Better ingredients can certainly help produce a better restaurant experience, but -- as anyone can attest to -- there's more involved than just that.

One of the reasons that pre-integrated converged infrastucture is becoming so popular here (think VCE Vblock) is that most of the heavy lifting is already done and ready to consume by the SP. 

As a result, any resources at the SP can now be focused on differentiation and customer-focused customizations vs. simply doing the usual chores around the data center.

Value-Added Control Planes For The IT Buyer

Going back to our original IT buyer, they can outsource the work, but never can give up accountability or responsibility.  When the phone rings, it's usually their problem to resolve.

This means that *any* IT buyer is strongly attracted to any service that lets them either monitor -- or preferably control -- how that service is delivered. 

Indeed, one of the more attractive R+D investment themes at EMC (and VMware, and RSA, and now Cisco) is externalizing these control planes from service provider on down the supply chain: either to another service provider, or -- ultimately -- the IT buyer.

Examples abound everywhere.  Security and GRC.  Data protection and availability.  Service delivery monitoring.  Granular resource consumption and governing by sub-tenant.  Configuration management.  Yadda, yadda, yadda.

Put simply, if it's a control process that enterprise IT organizations are willing to invest in for their own use, it makes sense for SPs to invest in those exact same control processes.

Indeed, I work with SPs who've taken this to an art.  They walk into an IT buyer and say something like "security is important, you probably suck at it, we can do this far better than you ever can". 

OK, maybe not so directly, but you get the idea.

Value-Added Communities For The Business Buyer

Going to the other side of the equation, the corresponding value-add is the notion of a community: people like me with interests like mine. 

If I'm an accounting professional, I'd like to have access to a community of other accounting professionals like me.  If I'm a radiologist, ditto.

One powerful differentiator that I've noticed in some SP models is that they use the fact that they generally serve the same sorts of customers to create a professional community.  Think about it: a thriving and relevant community that I can engage with online -- or perhaps travel for a meet-up -- is a powerful and compelling value proposition to many.

The art of forming and growing a community is not entirely obvious to many, though. 

Indeed, we worked at that particualr skill long and hard here at EMC (I was intimately involved), and -- frankly speaking -- there's still more work to do, although I'm pleased with our progress.

Even if you aren't going to invest in a business-focused community, identifying and joining existing ones can help with the trust agent and domain expertise roles raised above. 

And, yes, the art of joining an existing professional community is an art in itself :)

Infrastructure Ingredients

I'm not going to spend a lot of time here today, simply because each of these requries more than a few words to do each subtopic justice.

In a nutshell, delivering "managed infrastructure" (as described above) requires specific disciplines that, in turn, lead to SP specialization, especially in a supply-chain world view.

Of all the fundamental ingredients (network, compute, storage), the network-focused discussion leads the parade. 

Any serious use of IT as a service requires a purpose-built set of network services that aren't your usual fixed-pipe, fixed SLA variety.

Indeed, I'm meeting with network-focused SPs who are starting to realize that cloud, IT-as-a-service, whatever -- means that there's a brand-new opportunity forming for specialization, differentiation and partnering.

Of course, if you're going to do this, it makes sense to get a good understanding of the new requirements emerging upstream from you ...

Compute as a service (without integrated storage and/or network capabilities) is a niche market at best. 

There are pockets here and there to attack in selected industries, but it's essentially a highly verticalized play.

Storage as a service (without integrated compute and/or network capabilities) is likewise rather specialized -- think large repositories that are infrequently accessed, consumer-oriented offerings and the like.

Indeed, the vast majority of IT workloads sort of demand that compute and storage be co-located.

These combinations of ingredients, in turn, usually reside in data centers, which as we all know, is supporting a thriving market of people who build and rent data center facilities -- but little else.

The skills and processes required to build, provision, monitor and support managed infrastructure are available -- yes -- as a service. 

A nice, focused market is showing up here -- either specialized remote management offerings, or full suites that involve just about every IT management discipline.

For more interesting examples, think "backup-as-service", but targeted at other service providers, instead of ultimate end-users.  Configuration management as a service.

Or security as a service, for that matter.

Sort of a "service provider for service providers" model.

On top of that, we're seeing newer players that are focusing on metering, rating and billing of resources and services consumed -- as a service. 

Whether they're doing this directly to the end consumer, or -- more frequently -- downstream to another entity -- it's turning out to be a fast-growth area of service provider specialization.

Just like in the phone or airline industry, the ability to flexibly price and broker capacity makes a market, and I wouldn't be surprised to see more growth in this area before long.

At EMC, we're betting that -- over time -- another specialized service will be required here as well, and that's the "trust authority" -- the impartial third party that vouches and verifies security and compliance.

And I'm sure that's not the end of the story ...

Where Does That Leave Us?

No easy or simple answers here for service providers trying to target traditional IT organizations. 

It's shaping up to be a complex and fast-moving ecosystem that's forming rapidly.

Certainly, there will be mega-players that attempt to build out the complete model end-to-end.  If you've got the money and the patience, it can be attempted. 

 But I don't think this will be the dominant model going forward -- for many the same reasons we don't see this in other supply-chain based models.

Instead, I have every reason to believe that the winners will be those who decide where to specialize, and where to partner. 

Those boundaries can -- and will - change over time.

That's how supply chains evolve. 

And that's how businesses evolve.

I hope you found all of this useful. 

Fair warning: I'll be coming back to this description frequently over the next few months.

Lots of great stuff in the EMC portfolio for service providers -- almost too much to talk about today, with more goodness coming along every day!

In this post, I'd like to stretch out a bit, and share how EMC's DPA -- Data Protection Advisor -- is creating an interesting cluster of new opportunities for a wide swath of service providers.  

Regardless of your SP model, there's probably something here that's worth a moment of your attention.

If you're offering any flavor of IT as a service, you'll probably need to deal with data protection, commonly called backup.  Fail to pay attention to this topic, and it's only a matter of time before you'll have a really bad day -- or, more precisely, your clients will.

There's no need to belabor the point -- losing a bunch of valuable data and not being able to recover it quickly is about as bad as it gets in the IT world.

The real question -- is backup just another irritant to deal with -- or, in fact, is it a wonderful opportunity for SPs to differentiate themselves and create valuable new revenue streams?

Not surprisingly, I would strongly argue the latter case:

• The amount of data that need to be protected is growing substantially year-over-year -- so the "market opportunity" is automatically and predictably getting larger just with the passage of time.
• For most enterprises, doing backup using internal resources doesn't really create any strategic value for the IT function, it's a "hygiene" function that simply has to be done and done well -- hence attractive to hand over to an SP professional.
• The general state of affairs regarding backup is usually quite poor in most enterprise IT environments -- it's not hard to be better than what they're doing today.
• Backup technology is undergoing a radical shift from tape to disk-based deduplication, meaning that IT customers will need to either invest big in refreshing their backup approach before long, or -- preferably -- contract with a service provider who has already done so.
• The costs associated with backup in an enterprise IT environment are usually pretty easy to get to, making it easy to present an economic case that's quite compelling.
• And -- let's be honest -- it ain't the sexiest thing going on in the IT world these days -- although a very nice business.

Billions and billions of dollars of backup technology are sold each and every year -- it's a wonderfully growing business for EMC and our partners.  More on that here.

What You Need To Know About Backup

It's actually quite simple.  

First, people need continual assurance that their data is protected, and can be recovered per agreement when needed.   "Protected" in this sense also means that it remains secure, compliant, etc.

Second, you need to be able to deliver that service at a competitive cost: capex and opex.  Both are undergoing dramatic year-over-year drops due to better technology and better management software.  Again, this creates an opportunity for an SP to profit from steadily declining costs-to-serve.

DPA absolutely nails the first requirement, and helps to accelerate the second one.  It's that simple.

A Focus On Reporting

You don't get credit for what you can't prove.

That was true back when I was a student, and it's certainly true today in the business world.  

DPA is the data protection management software that "proves" data is protected, whether directly accessed by your clients, or used to run your internal SP operations.

There's strong evidence starting to accumulate that SPs are increasingly measured on their ability to report back on what they're doing.  

Consider this survey from our friends at ESG.

Lots to consider here -- it's worth a close stare -- but notice the #1 priority on management and reporting.  

Backup Is A Major Pain For Most Enterprises

You don't know how truly nasty enterprise-scale backup can be until you've had to run it yourself.  

Thankfully, I haven't had to do that, but I meet plenty of people who do.

Rarely, if ever, are these environments architected.  Instead, they tend to grow up willy-nilly as different applications, products and technologies come wandering into the data center.

Applications change in importance, get combined with other applications in new ways, and -- sooner or later -- it becomes impossible to answer the core questions: am I adequately protected, and can I prove it?

EMC has a major business diving into these environments, untangling the spaghetti, making recommendations, and basically setting everything right.  In the process of doing so, we've continually been struck by the growing interest in using external service providers to help out in some way.

EMC Data Protection Advisor

The DPA pitch is really very simple: there's all this "stuff" that's involved in data protection -- servers, applications, backup software and services, replication, various storage devices, all sorts of networks -- backup touches just about everything.

DPA creates a management abstraction that (a) assures you that your stuff is adequately being protected, and (b) tells you what has to be changed if for some reason that's not the case.  

It does this for a breathtakingly wide range of technologies: EMC and non-EMC.  And it's a proven and mature technology that's been continually enhanced for many years now.  Not much in the way of head-to-head competition that we've seen so far.

Why Should SPs Care?

Two reasons: save money and make money.

The "save money" case is rather predictable -- as an SP, you'll probably have to provide some flavor of data protection behind your own services, and you'll want to do so as reliably and cost-effectively as possible.  Basically, the same pitch we make to enterprise IT organizations.

The "make money" case is far more interesting.

Take backup-as-a-service, for example.  The service provider has a natural advantage -- they're based in a remote facility -- hence separated by distance.  That's appealing, and very costly for an IT organization to do themselves, especially if they're a smaller one.

The more sophisticated flavor is replication-as-a-service.  Rather than periodic backups and potentially lengthy restores, the customer is looking for lightweight DR so they can run in your data center if they end up having a really bad day.  Once again, VMware has made providing this sort of service far more attractive than the old days.

Finally, there's an interesting opportunity to provide solely the monitoring services for data protection activities being done by the enterprise IT group -- one that's growingly popular.

Here's The Big Idea

Our SP partners have found that -- using DPA -- they can put their tenants directly in control.  Customers can see exactly what's being done, and how protected they are.  

That means that SPs can either choose to differentiate vs. all the other folks offering similar data protection services (but limited visibility or control), or charge more for the service.

One very enterprising SP told me a story about how they used DPA to price their data protection services at a premium.  The customer then asked "how much will you charge me to have someone watch the reports for me?".   I loved it!

Here's the other angle to consider: with one investment in technology and associated operational processes, you basically have FOUR distinct business models to pursue if you choose:

1. Offer normal hosting-type services, but with a customer-visible control plane for data protection
2. Offer remote backup as a service to enterprise IT applications, again with a tenant-in-control upsell option
3. Offer remote replication as a service to enterprise IT applications, again with a tenant-in-control upsell options
4. Offer remote monitoring of existing backup and/or replication environments.

In particular, that last use case -- monitoring customers' environments on their behalf -- shows every sign of explosive growth going forward, so let's dive into that.

Overcoming Fear Of SPs

If you've ever tried to sell various flavors of IT as a service, you've realized that very often your competition isn't other SPs, it's the internal IT function itself.

You're essentially proposing a change in their roles and responsibilities.  Some will see this as a positive thing; many will not.

Let's face it -- data protection is one of those "core functions" that IT people are trained to own and love and protect.  They won't give it up easily unless there is a compelling reason to do so.

More than a few SPs have discovered that proposing remote monitoring services is a practical "baby step" in a larger play: the backup assets and processes remain firmly under control of the enterprise IT organization -- it's only the monitoring and reporting aspects that are externalized to the SP.

Needless to say, the SP has access to all the same reports that the enterprise customer is seeing, and notices that things aren't getting done well, assets are poorly utilized, there's poor compliance, etc. -- essentially gathering evidence for the next offer in the sequence.

Now that we've explored this unique aspect of DPA, let's get into the product itself for a moment.

Digging Into The Details

Lots to talk about "how it works", but let's start with what customers see: the reports and displays.

Not only are there a wealth of standardized reports and screens, but everything is very customizable.  

There's an interesting quirk in human nature here that's exploitable -- any time you put data in front of someone, the first thing they usually ask for is "more data".

Indeed, many SPs targeting larger enterprise IT organizations have done a nice bit of business extensively customizing outputs (with more data!) for different organizational requirements.

Of course, there's support for chargeback models -- but also more advanced compliance reports, hardware and software utilization reports -- just about anything you'd be interested in.  Or not -- as the case might be.

Pushing Assets Harder

Many enterprise IT organizations can afford to have extra capacity and bandwidth lying around for those big surprises or peak workloads.  

Well, most SPs have to run far more efficiently -- they can't afford to have a bunch of underutilized capacity sitting around and not earning its keep.

The harder you push assets, the more you need to understand how they're being used, and -- more importantly -- quickly identify areas where you might have pushed things a bit too much and need to back off a bit.

In addition to the usual "is the service level being met?" sort of stuff, administrators can drill down and figure out network utilization, backup server utilization, storage device utilization -- all the infrastructure components that go into delivering the data protection service.

Having this visibility + quick ability to spot problems = higher asset utilization rates.

Scale?  We Got Scale!

Since DPA isn't really doing any of the data protection work -- but simply reporting on effectiveness, utilization, etc. -- it scales quite nicely and doesn't require much of an infrastructure footprint.

A modest instance of DPA running in a VM can support tens of thousands of data protection clients and hundreds of administrative users -- a very large environment indeed.  

Scaling beyond that simply means more instances of DPA.  It's not unusually resource intensive -- CPU, memory, storage, network, etc.  It sort of does what it does without taxing the infrastructure.

And, of course, everything is inherently and flexibly multi-tenant.  Customers see what they want to, and nothing more.

 Partnership Opportunities?

Sure, we can simply sell you the software in a traditional sense, and be done with it.  

And, indeed, we've got a fair number of SPs who've found the existing offer enticing, and are in the market today with various flavors of these services.

But we think there's more we can do.

We're trying to figure out various variable consumption models where EMC gets paid when the SP gets paid.  Not 100% worked out yet, so we'd appreciate your input on these issues if you're interested.

The second thing we're working on is how best to help generate demand for SPs who are offering these services.  We talk to an awful lot of IT users and resellers about data protection topics, and many of them are very interested in consuming this stuff as a service vs. doing it the traditional way.  Again, we'd welcome your thoughts on this.

Bottom Line?

Data protection -- backup, replication, etc. -- is a growing headache for IT, and it's not going away any time soon.  As we talk with enterprise IT users, they're becoming more and more interested in using an external service provider vs. doing it themselves, and for all the right reasons.

As such, we remain convinced that more and more enterprising SPs will make the required strategic investment before long, and start offering data protection as a service to organizations large and small.

We'd like to help them do that :-)