SSPs are Back and Better than Ever

By Mike Karp

(Back to article)

In the late 1990s at the height of the “dot-com era”, investors of all sorts (including many who should have known much, much better) were throwing money at any Internet-based opportunity they could find. A significant amount of that funding went to a category of Internet players that came to be known collectively as storage service providers (SSPs).

This group came into the marketplace, collected investors’ dollars, pounds, francs, and yen, stayed for a brief while and then, almost as suddenly as they appeared, began to fall by the wayside. By early 2001, these dot-coms evaporated into “dot-gones” and the investment portfolios of the venture capitalists and other investors who had backed them were left hemorrhaging red ink.

For the most part these SSPs died on the vine for the most legitimate of reasons—they were not providing a service the marketplace thought was particularly valuable. In many cases, what they offered was just added mass storage, located off-site and accessed either via the Internet or in extreme cases, via a leased line. In other words, these were essentially co-location sites offering little in the way of value-add services.

Co-los of course can be quite useful, particularly if they are set up as part of a disaster recovery (DR) strategy or increasingly the case nowadays when the primary data center has been maxed out in terms of available power or floor space.

Back in the Day

In the early part of this decade, however, while there certainly were some remote DR sites, few if any data centers were strapped when it came to power or space requirements. In any case, most of the dot-com storage providers offered nothing like that sort of value. They were simply businesses whose principal competency lay in an ability to build, lease or buy buildings efficiently, and then to provide those sites with adequate power and security.

After that, so the theory went, with enough customers they could buy storage systems by the boxcar and thus drive down their hardware prices. Their profit margins were covered, to a large degree, by the extent to which they could commoditize their storage purchases.

While most SSPs turned out to be little more than off-site storage with some limited storage management thrown in, there were of course some interesting exceptions. Storage networks and storability come easily to mind. Storage networks provided not only storage but sophisticated storage management as well. They cherry-picked the best from a number of vendors, threw their own management software on top of that, and offered a complete package well before any such coherent solution was available from most storage vendors.

Storability, as I recall, had a model that was the inverse of what everybody else was doing. They offered a Network operations center (NOC) that reached out and remotely managed their customers’ data centers. Storage networks ultimately crashed and burned, badly singeing all its investors. Storability was eventually purchased for pennies on the dollar by StorageTek, which of course was in turn acquired by Sun two years ago.

It's pretty clear that most of these early attempts at off-site storage were doomed from the start, but it's important to understand that the reasons for their failure often had nothing to do with either the technology or with the business value of the service they were providing. It was a combination of “data center sociology” and a turn-of-the-century sense of corporate governance that were the SSPs’ downfall.

First, the mindset of most IT managers had not advanced to the point where they could tolerate housing and servicing data off site. For them the SSP was more of a threat to their existing bailiwick than it was a help. For them, the SSP was a form of outsourcing; one that would potentially deploy jobs and budgets away from the data centers and out beyond the range of their control.

Just as significantly, senior corporate managers were loath to trust some unknown company whose physical location might have been just about anywhere over the horizon. For years, storage companies had been flooding them with messages about data being their company's most valuable asset, and obviously management at last, believed them, (at least to the extent that they weren't willing to trust this asset to some third party). And so, most of the original generation of SSPs disappeared from sight.

The Survivors

A few survived by creating a set of services that provided real value. Some began offering legitimate alternatives to what in-house IT teams were already doing by focusing on the services they could offer more efficiently. Other SSPs, noting shifts in market requirements, began offering services that in-house IT groups were just incapable of offering. And a third group began delivering a new set of fundamental services—particularly backup and recovery—to the SMB market, a segment which had been almost completely unaddressed until quite recently.

Many of the surviving SSPs achieved significant success. Consider Arsenal Digital, eVault, LiveVault, Zantaz, and a few others. While their competitors were dying, these companies reassessed business models, adapted, and moved successfully out into the brave new marketplaces that today are still evolving. Some of these companies were acquired, but some are still standing quite solidly on their own two corporate feet.

Marketplaces do not stand still, of course. This is why successful managers understand that strategies are not things but processes, and that those processes must be continuously re-examined and retuned as the sands of the marketplace shift beneath them. Learning this was useful for the vendors, but it's also a valuable lesson for IT manages planning their strategies.

Lessons from the Trenches

If you are an enterprise IT manager, consider just a part of your current set of worries. You are responsible (sometimes legally) for a set of services that may include e-discovery (in support of legal requirements) and all aspects of data security, disaster recovery, and business continuity. And then of course there is the whole issue of conformance to governmental regulations (HIPAA and Sarbanes-Oxley don't even begin to scratch the surface here; if you're reading this in Europe, neither does Basel 2).

Making matters worse, as often as not these expectations occur within the context of flattened budgets and “no build-out” mandates from senior corporate managers—who often seem remarkable in their ability to cap their financial support of IT while at the same time ratcheting up their levels of expectation of what your team ought to be delivering.

If you're reading this and you work for an SMB (small-to-medium business), your problems may be even worse. After all, most regulatory and legal requirements extend to your data as well. The only difference for an SMB is that while you still have to cope with the same problems as your larger competitors, you will have to do so with substantially less staff on hand to assist you.

Fortunately, the wheel of history continues to turn and today many off-site storage providers offer high-value services that most IT managers would be foolish not to consider. As a result, it no longer always makes sense for even very large organizations to provide all these services themselves.

Many of the new generation of SSPs offer services that are at least on a par with the ones enterprise IT departments can provide. Today, ensuring security, compliance, user privacy and data availability each requires its own increasingly specialized set of skills. While IT managers certainly have some of the needed expertise inside their organizations, it is likely that other pieces will be missing. SSP’s can often provide these pieces more economically from outside the data center.Two examples of SSP-delivered services stand out: Compliance and data protection. These related services offer easily-identified benefits, if only because such services would likely be expensive for a company to bring on line by itself and would likely incur heavy costs to maintain. For SMBs, lacking staff as they do but also needing all the data protection and other services as their large competitors have, turning to an outside provider often will prove to be a no-brainer.

In both cases an SSP, doing the same service for many clients, will often have significant competitive advantage, an advantage that should be passed along, at least in part, to its clients.

When choices about how to acquire services cease to be based on technology and become business decisions, managers will find that going with an SSP for a particular service becomes less an issue of in-sourcing versus outsourcing and more a question of which decision offers the greatest economic benefit to the organization.

How organizations define the benefits—time-to market, lower operational expenses—makes no difference. Managers rising above the IT equivalent of “not-invented-here” will find that savings pile up nicely. Figure out which decision makes the best business case and go with it. What you need is a defined level of service. All things being equal, you shouldn’t care where that service comes from.

Mike Karp is a senior analyst with Boulder, Colo.-based Enterprise Management Associates, an industry research firm focused on IT management. Mike can reached at mkarp@enterprisemanagement.com .