Managed Services: The benefits, and a review of pitfalls for the unwary. Part 1 of 3 – A Taxonomy

August 9, 2022

A Taxonomy With Examples:

Managed services are essentially about saving time, effort and cash.[1] They are not new, neither are they likely to win anyone a Nobel prize, but they are essential to getting stuff done quicker and cheaper than the competition and focusing your efforts on alpha – the real essence of your business that marks you out from the competition. There are however risks attached. This is the first part of “The What, Why and How” of managed services. Here we introduce a taxonomy with examples so we know what we’re covering, and for each example what the benefits and risks are. In subsequent parts we will review why managed services can be considered A Good Thing, and finally how we should go about adopting them (or not), and suggest some steps you can take to mitigate the associated risks before adoption.

There are different categories of service. These have different levels of maturity and adoption, and differing use cases. The categories aren't necessarily better than one another, they're just different, largely in their degree of abstraction, their focus on technology or business processes, and the impact on staffing requirements.

 

So starting with the least abstract technological case and furthest from business processes:

1. Old school IaaS - Infrastructure as a Service. Essentially someone else is managing your tin for you. A third party provider owns the datacenter, the servers, the network connectivity, etc and gives you access to it. This is pure IaaS and has been around forever (at least for anyone that graduated this century). You could argue that this didn’t really begin until 2008 when AWS started up but Rackspace have been around since 1998 and they ticked most of the boxes to be considered IaaS early on. There are also more recent entrants that provide specific functionality in this space such as Pico or ICE who will deliver you collocation services that they host a cross-connect away from an exchange of your choosing and hosted in the same datacenter as the exchange’s endpoint

2. Moving one step more abstract we get abstracted virtualised instances. You get a reliable server image deployed, that can be repeatedly redeployed - pretty much PaaS (Platform as a Service) - nothing very new there. But I would also put microservices (lambdas) into this class because they're effectively lightweight virtualised processes that scale up and down more or less on demand. You Terraform your image and cookie-cutter as many instances as you want, then tear them down again when you're done. Plus you get all the benefits of IaaS thrown in. PaaS can be extended out to incorporate storage paradigms and messaging platforms. This is typically what today’s cloud providers deliver, so any of AWS, GCP or Azure will render something along these lines. It is the degree of abstraction that differentiates PaaS from IaaS. I would also be tempted to include Software Defined Wide Area Networks (SD-WANs) in this section[2]. Here you replace legacy heavy-lift point-to-point networking with:

    • Network Operations Centre (NOC) to provide optimisation of network throughput
    • Security Operations Centre (SOC) to provide optimisation of network throughput
  • 3. Independent managed services constitute independent services that you may choose to contract rather than build yourself. They can be considered outsourced individual technology services such as database support services, or authentication services. They may be generic services that you prefer not to resource inhouse, or specialised services that are uneconomical to resource internally, or that require specialised, hard to locate knowledge. Maybe you want a best of breed approach to provider selection, or you are not ready for a big bang wholesale hand off to a third party but you are prepared to pick and choose individual services that you consider low risk or team augmentation. Adding to the roll call of technology service providers we are starting to see financial service providers such as managed security mastering, execution service aggregation and consolidated market data delivery platforms, although arguably Bloomberg and LSEG (nee Refinitiv) have been providing this last one for years. It is possible to derive a tessellated set of services that take away several of the non-core elements of your business model enabling you to focus on the alpha-chasing parts but you are responsible for maintaining the interfaces between the services and an interlocking web of legal relationships – there is no guarantee that they will play nicely together. 

 

  1. 4. Managed technology services mean that essentially someone else looks after a significant portion of your estate so you have a reduced number of contracts to worry about because you're dealing with fewer vendors. They deliver a broad range of support across a support function and provide a consolidated support structure. They pick up support of potentially both your on-premise and in-cloud infrastructure taking responsibility for the continuous monitoring, support, and optimization of your IT infrastructure, or its parts covering elements including:
    • Network and security (LAN, VPN,SIEM, IAM, firewall, antivirus, etc).
    • And some enterprise solutions (ERP, Email, CRM, and your Intranet for example)
    • Servers (including OS).
    • Cloud environments
    • Data storage and databases (on-premise and cloud-based).

Increasingly providers are becoming multifunctional and including an increasing selection of these services. A natural consequence of this approach is that your IT support services end up being substantially outsourced to a third-party. This is a function that may or may not incorporate other aspects of service provision such as the hosting we described earlier.

 

  1. Federated business services sit on top of  technology functions. So your technology functions are outsourced as a corollary of the outsourcing of some of your business functions. The challenge lies in determining how much of your business functions can and should be outsourced. As a general starting point consider which elements are core to your business, and alpha generating, and which are more commoditised or non-core. As an example Coremont provide a federated set of buy-side services that include all the Quant, Technology, Treasury, Compliance, Middle and Back Office capabilities that a firm would otherwise have to run themselves – ie non-core to alpha generation. Federated business service providers, like any other managed service providers, aim to offer preferential services based on their experience, including optimisation of their processes, mutualised model and capacity. The intention is therefore to offer a “better” service than a client can provide for themselves, where “better” may be aligned with one or more metrics such as faster, cheaper, more resilient, more experienced, having greater capacity, etc.

 

So each of the five categories present a different view of managed service provision but with the same pretext. Every firm requires:

  •  Accurate and timely market data
  • Effective analytics to derive insights from it
  • A reliable, connected infrastructure to run it all on that runs at a speed appropriate for the form of trading you're undertaking

Each managed service provider seeks to provide some facet of this model.

 

 

IaaS and PaaS: Hosted Market Infrastructure

Another scenario is the provision of hosted infrastructure. While the use of cloud compute is commonplace here we are extending that to cover more niche financial services-specific options. So effectively we are proposing drawing back the vendor's distribution point from the edge into a centralised service where your users connect directly to the vendor's hosted endpoint rather than connecting to locally hosted servers in your own datacenter. Benefits of this approach are:

  • Your setup time is quick.
  • Your hosting costs reflect the level of your usage rather than having the familiar high cost of entry.
  • You leverage the hosting firm’s commercial legal and commercial relationships reducing the complexity of your inter-firm relationships – they have already negotiated networking, cross-connects, and rack hosting  contracts for example, so you consolidate the exposure into one contract.
  • The cost of entry may be lower if you only need to provision a small footprint since the vendor will benefit from economies of scale and it’s not straightforward to provision space and comms for a couple of servers.

Drawbacks are:

  • You now connect across someone else’s network infrastructure and potentially rely on their patching cycle if you take PaaS over IaaS.
  • You probably pay more. That's the simple truth - it's probably cheaper and quicker to get into the market but you will pay a premium over time - managed service providers don't do this for free. There are however economies of scale involved so it may not be as much as you might expect, plus you don't have to pay for a full support engineer 24/7, plus another one for when they're on holiday.

 

 

Independent Managed Services: Hosted Market Data Services

Market data provision has always been a managed service, who runs their own sentiment polls or derives a market rate based purely on their own trading books and bilaterally scavenged quotes? Perhaps there is an argument for this kind of dataset creation in some corners of an illiquid credit market, and the marks being bilaterally quoted in the market have some relevance as is recognised by services like Bloomberg's MSG1 broker quote capture feed but even then there is a gap for axe and inventory publication platforms such as Neptune to fill. But where there is any notable degree of liquidity the market rates carry more weight. The simple fact is that financial Services participants use managed services throughout the market data provision chain from origination at an exchange or broker through the delivery channel to our servers and desktops.

However the recent difference has been in the hosting and delivery mechanism. There are a couple of paradigms. Firstly where a single vendor takes a function that we would historically have managed on-premise in an application or database, perhaps with our own skin across it, they are now hosting themselves and delivering over the wire on demand. An example would be a  hosted security master or a component thereof such as a matching engine, or the provision of hosted streaming infrastructure. The benefits to taking this route are that:

  • Your setup time is quicker.
  • Data quality rules may already be available, pre-written or templatized as a component of the platform.
  • The data schema will be prebuilt.
  • Interfaces are already documented and in place because the schema is well defined.
  • There are no local infrastructure provisioning costs.
  • Sourcing and cleansing may be carried out for you – never underestimate the effort involved in data curation. We provide this as a service to our clients and it is a far from trivial undertaking, you require quants to tell you what data is “good”, and “good” is highly contextual. You also need market data procurement specialists to advise on the most appropriate package and how much it should cost, technologists to tell you how to import and manage it, a legal team to manage the plethora of contracts you have to manage, an audit management team to deal with the inevitable and persistent vendor/broker/exchange auditing, and so on.

The disadvantages are:

  • You will still need to analyse your use cases and current operational architecture to identify data producers and consumers. This is a function of your internal technology stack and not a cookie-cutter task that can be mutualised by a vendor.
  • You still have to plumb the datafeeds into your downstream systems. Vendors may provide adapters to common feeds and templates for file uploads but inevitably there will be some plumbing to do.
  • You may be concerned about the fact that you don't hold the data in your own on-premise bulk storage silo and are therefore subject to increased credit default risk should the vendor fail.[3]
  • You have to recognize that if you have a key, critical dependency on a particular service then if your vendor connectivity fails you are essentially crippled, whereas if you were locally hosted with something like a security master that ticks on a slow cadence you die very slowly if your vendor connectivity is down. That is not to suggest that risk mitigation is impossible, just that it is an additional concern.

Another example is an extension of the accepted vendor distribution network usage whereby data vendors are hosting their endpoints in cloud rather than providing an endpoint on a server in your datacenter. So instead of needing to lease a line from a data provider into our datacenter we are increasingly hosting in cloud, and the data vendors are delivering directly to a running service that can be collocated with our services. The benefits of such an approach are:

  • You incur limited on-premise costs. There is a requirement for at least one line into your cloud provider from wherever your desktops live unless they are virtualized and hosted by the same cloud provider

Disadvantages include:

  • Some of this delivery is a little nascent and only beginning to be widely productionised.
  • This paradigm is not well suited to low latency business lines where proximity to the execution venue is key.[4]

 

 

 

Federated Business Services: Buy-Side Servicing

As an example of a federate business service Coremont provide a soup to nuts set of buy-side services that include Quant, Technology, Treasury, Compliance, Middle and Back Office capabilities that a firm would otherwise have to run themselves - and just like any other managed service providers the service can be pitched at a competitive level because the firm have

  • a track record of continually refined and optimised processes to ensure that service levels are maintained and at an appropriate scale,
  • mutualised costs, so services can be delivered in a better, more cost-effective fashion that someone doing them all in a single entity silo.

Note that there is grandfathered exposure through utilisation of other managed services, notably heavy usage of third party data vendors and a global cloud provider (although these are exposures that most clients are likely to have already). The firm also outsource some aspects of execution, reconciliation, FIX infrastructure and CRM provision along with the usual telephony, internetworking, power supply and office cleaning services. So our usage is evolutionary rather than revolutionary.

 

Part 1 Conclusion: “What are managed services?”

We have introduced the notion of managed services by enumerating a taxonomy listing commonly observed categories of service along with examples of each. With each example we suggest benefits and risks. The categorization is derived through observation rather than science but is broad enough to cover the current state of the marketplace. In subsequent parts we will look at why managed services may be appropriate for a particular business model and things to consider during the evaluation and adoption process.

 

[1] But not necessarily in that order.

[2] Tempted but not guaranteed since there is an argument that it could equally fall into the next section. Imagine the case where the SD-WAN networking vendor provides engineers and optimisation advisory services. At this point it transcends the familiar notion of PaaS. I’m not claiming this is a perfect taxonomy but it gives us somewhere to start a discussion.

[3] In which case you probably haven’t yet committed to the whole managed services paradigm.

[4] The same argument can be used for any form of cloud where latency to the exchange is an important factor. Note that this is not necessarily a blanket ruling for systematic trading since not all systematic traders are latency bound.

 

And the picture at the start? It's what you get if you enter the text "Managed Services: The benefits, and a review of pitfalls for the unwary. Federated business services, independent services, and managed technology services." into Open.AI's DALL.E 2 generator. Feel free to comment on the signficance of it.... if you can find anything.