Desktop Outsourcing - A Managed Service
Desktop outsourcing is the delegation of responsibility for the day-to-day management and support of end‑user (client) devices within an organisation to a third party under a multi-year managed service contract. We would expect this service to include support of the hardware, operating system, web browser, ‘office productivity’ software such as Microsoft Office and an agreed list of other PC software; plus the support of any peripherals associated with the end-user devices (e.g. scanners, external disk drives, monitors). In some cases it may be appropriate to include the support of local printers as part of this managed service, but there are some situations where we would recommend that this is excluded (see section below). Similarly, support for desk phones could be included as part of the ‘desktop’.
The outsourcing of Desktop support services can be particularly beneficial for organisations with locations distributed over a wide geographic area, where they may find it difficult to maintain a high level of service without the local deployment of skilled resources that will not be fully utilised. Instead this support can be provided by a specialist company with locations throughout the country from which resources can be shared across multiple customers.
The hours during which the Managed Desktop service is to be provided and the service levels to be achieved need to be specified in the contractual agreement, together with the governance and reporting arrangements. Any dependent responsibilities of the customer must also be included in the agreement.
Globally, the desktop outsourcing market is forecast to increase at a compound annual growth rate of 4.66% through to the end of 2015 (Technavio). This growth is being driven by a number of factors including the need to achieve reductions in operational time and cost, and the increasing impact of desktop virtualisation.
So why do organisations decide to outsource their desktop service provision? This is often based on a combination of factors, some general, others more specific to the organisation’s desktop estate; these include:
- Improving the service delivered to end-users
- Cost savings
- Access to specialist skills and management tools
- Implementation of major upgrades (e.g. Windows, Office) or formal hardware refresh programmes
- Innovation - such as desktop virtualisation or ‘Bring Your Own Device’
- Need to support a diverse workforce, including mobile workers, homeworkers and contracted third party partners.
It is estimated that globally a third of PCs are still running Windows XP, for which Microsoft will withdraw support from April 2014. This has prompted a number of predictions since Microsoft confirmed the end date, that there will be a sharp increase in the number of organisations opting for a Managed Desktop service over the next two years to help them to address this issue.
Scope of a Managed Desktop Service
A Managed Desktop service typically includes the following activities:
- Hardware break/fix support
- Operating system software support including the implementation of suppliers’ patches
- PC software support including the implementation of new releases
- Authentication and encryption support
- Device backup and recovery
- Anti-virus management
- New client ‘builds’
- Software packaging
- Software inventory and licence administration
- Device and peripheral procurement and disposal
- Joiners and leavers management (hardware and access management)
- Service management
Optionally the service could also provide a rolling programme of end-user device replacement, in line with criteria agreed with the customer (e.g. age of the device, its failure rate, software versions no longer supported). This has the advantage of eliminating the peaks of workload and capital expenditure associated with separate refresh projects, which may be difficult to schedule alongside other IT initiatives. The provider of the Managed Desktop service would also be expected to maintain a buffer stock of devices to act as replacements in the event of a failure or any other problem with a device.
Quantum Plus recommends that major software upgrades (e.g. to a new version of Microsoft Windows or Office) are handled as separate projects, to avoid any contention on support resources. However, they could be performed by the same organisation that provides the Managed Desktop service, ensuring the continuity of service from the old to the new versions. Similarly, the development of any new or updated client interfaces for major business applications will be undertaken by the organisation responsible for Application Management, but these should then be rolled-out to users as part of the Managed Desktop service.
The end-user devices included in the Managed Desktop service would typically be desktop PCs, laptops, notebooks, tablets, terminals and PDAs. Any ruggedised terminals can also be included in the service, but usually on a swap-out basis with the device being returned to its supplier for any repairs or upgrades. We would not normally expect EPOS terminals and other store or warehouse terminals to be included in a Managed Desktop service.
The question of whether printers should be included in an outsourced Desktop service is dependent on a number of factors:
- The density of local printers
- The volumes of printing involved
- The number of different types of printer deployed (laser, multi-functional devices, plotters, etc.)
Where there is a high volume of printers or printing, or a broad spread of different types of printers, we would advise opting for a separate Managed Print service from a specialist supplier, who would take on total responsibility for the printing service, including the support and replacement of printers. However, for an organisation with small groups of users distributed across a substantial number of locations, it will usually not be cost effective to include these distributed printers in a Managed Print service, and they could instead be included in the Managed Desktop service. We have worked with a number of organisations who operate to this model: a Managed Print service for their head office and the printers at other locations supported under a Managed Desktop service.
The most cost effective approach for the management of printers can be established through a short review performed by a sourcing advisor such as Quantum Plus.
Following on from the virtualisation of servers, there has been a drive to virtualise the desktop - with the virtual desktop being stored on a central server rather than locally on the end-user device. In addition to the costs savings resulting from the better utilisation of IT resources and the deployment of lower specification end-user devices (‘thin clients’) with faster setup and reduced support costs, data integrity is improved through centralised backups and the application of more stringent security controls.
Desktop virtualisation is particularly suited to knowledge workers who predominantly use standard business application to fulfil their roles; it is less suited to users who require high resource usage for either processing or data transfer (e.g. for GIS or image-related activities). Some organisations have gained significant benefits from the ability to operate with multiple virtual desktops on a device, either to address varying business requirements, or to run different operating systems (Windows, Unix, Linux). It can also be very useful for employees who frequently move between different locations, allowing them to easily access their own desktop at any company location.
Caution needs to be exercised in the deployment of desktop virtualisation to users at distributed locations. If a major business application requires the frequent transfer of large amounts of data between the desktop and a central server, the performance of the application may be significantly diminished, adversely impacting productivity and job satisfaction.
Commonly used desktop virtualisation tools include Citrix XenDesktop, Microsoft Virtual PC, VMware Workstation and Parallels Desktop for Mac, but there are also a number of other products available, designed to address specific business, usage or mobility requirements, which should be considered in any selection process.
VMware recently announced a new generation of tools (VDI 2.0) to address some of the central workload and end-user performance issues associated with the virtual desktop and also committed to providing a set of software to support DaaS - Desktop as a Service, with a Cloud-based central server (see below).
Desktop virtualisation has been used extensively in the UK public sector as a means of providing information access to different groups of stakeholders (employees, patients, citizens, visitors, etc.) via low-cost thin devices. In the private sector, Cancer Research UK, the Co-operative Group, Land Securities, RBS and Waterstones are major users of desktop virtualisation.
With the growth of Cloud based services such as SaaS (Software as a Service) and IaaS (Infrastructure as a Service), the primary requirement for end-user devices shifts towards the web browser and having consistent internet connectivity regardless of location or device type. These factors will drive IT departments towards a need to vary their approach to the provisioning and support of devices to suit different models of user enablement; moving away from a standard ‘build’ per device to a number of different ones to meet the needs of diverse groups of users. This in turn will necessitate the use of more sophisticated management tools and processes - which could be provided as part of the Managed Desktop service.
Whilst the use of Cloud based services requires specific attention being given to maintaining security and managing data protection, the interfacing of Cloud based systems with in-house ones presents additional challenges that IT departments need to be address. In an outsourced desktop environment, the service provider can provide specialist expertise and assist the IT department to establish appropriate security processes, which the outsourced service provider will then enforce.
One of the most rapidly expanding Cloud services is for managed email, messaging and document management. This is available either through generic offerings such as Microsoft 365 and Gmail, or via company specific services provided by organisations such as Cobweb, Outsourcery and Zimbra. The UK government is a strong proponent of the use of Cloud based services in the public sector through its G‑Cloud initiative, which provides a catalogue of pre-approved services that can be quickly procured and linked together to meet an organisation’s requirements. There are over 300 services in this catalogue relating to ‘managed desktops’ - which could be utilised by private sector companies as well as by public sector organisations.
Organisations with extensive Cloud service programmes include ASOS, City of London Corporation, EDF Energy, Liontrust, Manchester Airports, Morrisons, PKF, Revlon, Royal Mail, Shell and Steinhoff.
BYOD (Bring Your Own Device)
BYOD is a further extension of the proliferation of device types within an organisation, bringing with it additional benefits and challenges. It has advanced as a next step from employees working on emails and reviewing documents on their home PCs and been driven forward by the development of tablets and increasingly sophisticated smartphones. Executives now frequently use their personal tablets for note taking during meetings, presenting to small groups of colleagues and working whilst travelling.
Initially, BYOD adoptions by organisations included only tablets and smartphones, but we are aware that increasingly organisations are experiencing staff wanting to use their own notebooks or laptops for their regular work, especially where that work involves some travel to other sites or to customers/suppliers. However, it is estimated that no more than 5% of UK organisations currently have documented policies covering the use of personal devices for regular work activities and many have not even considered the implications for the business of the use of personal devices. A recent survey revealed that nearly 70% of smartphone owning professionals access corporate information using a personal smartphone. Quantum Plus consultants have also observed that even when corporate smartphones are provided to employees, many also carry a personal one and there is a degree of crossover in the usage of these two devices.
Whilst BYOD has the advantages of device and software familiarity, access ‘anywhere anytime’ and, potentially, lower provisioning costs, it raises new challenges including:
- security of information, both corporate and personal data
- access management
- malware control
- integration with corporate software, especially where collaborative working and the sharing information is required.
In order to address these and other issues, and to ensure that there is a clear understanding of an organisation’s approach to BYOD across all stakeholders, a specific policy should be developed setting out what is the acceptable use of personal devices for business purposes (if at all), what types of personal devices can and cannot be used, what information can be accessed and stored on these devices and the minimum security controls required. This policy also needs to include procedures covering the loss/ theft/repair of these devices, their usage by non-employees (family members, etc.) and connectivity from third party locations, and give the organisation a right to audit the content of any personal devices that are used for business purposes. It may also be necessary to prohibit the use of personal devices in certain parts of a business, or for specific functions or information types.
BOYD is not just an issue for the IT department; HR, Legal and senior executives should all be involved in determining the organisation’s approach to BYOD, what is acceptable usage and in agreeing the BYOD policy. As a part of this, there needs to be agreement as to whether the use of a personal device is additional to an allocated corporate device, or in place of it; if the latter, the policy needs to stipulate what happens if the personal device malfunctions or is broken.
A further issue relates to taxation: HMRC is reported to be currently considering its approach to BYOD, from both a corporate and a personal perspective. To date tablets and smartphones have been viewed by HMRC in a similar way to traditional mobile phones, but as these become increasingly powerful and more widely used for business purposes, it is possible that different rules will be applied with some aspects being viewed as a ‘benefit in kind’; for example, for the use of corporate software or lower corporate network tariffs.
Trying to formulate a BYOD policy has resulted in some organisations severely restricting or prohibiting the use of some personal devices. Within the UK, the advance of BYOD has been primarily in the private sector and CESG, the information security arm of GCHQ, has recently advised the UK government against permitting BYOD within the public sector.
Some organisations have limited the devices permitted in their BYOD programme in order to ensure that employees’ devices are appropriate to the roles being performed and to restrict the number of different types of device, and their associated software, that need to be accommodated. This approach allows BYOD to better fit within a Managed Desktop service without the cost of the service escalating and other benefits of scale being lost.
New software tools are appearing on the market to assist with the security and management of a hybrid environment resulting from BYOD and mobile access requirements, but where the proportion of ‘non-corporate’ devices is low, it may be difficult for the IT department to justify the purchase of these tools; however, it may be cost effective to acquire this capability as part of a Managed Desktop service. In many cases encryption may be necessary to protect corporate data being held on an employee’s own device; again this may be achieved in a more cost effective manner through a Managed Desktop service.
One approach for the more effective management of a BYOD environment is to create a secure, managed, virtualised space on the employee’s device in which all business-related activities occur; this is completely isolated from the device's native environment, which remains the user's personal domain. Solutions along these lines are starting to appear on the market (e.g. VMware’s Horizon Mobile), but a single product may not yet cover all the devices and operating systems in use by employees and may require the presence of other virtualisation tools in the customer’s IT environment. Again the skills needed for the implementation and management of this approach may be more easily acquired through a Managed Desktop service.
The introduction of formal BYOD arrangements has been more prevalent in two groups of organisations: those requiring a substantial degree of mobility by its workforce, such as professional services, training and sales, and those providing tools to support BYOD environments, such as Acronis, BT, Cisco, Citrix and VMware. There has also been greater demand for BYOD from younger employees who have grown up in a much freer environment and resent the limitations of a corporate infrastructure; most universities operate BYOD regimes for general purpose IT, whilst providing devices to meet specialist requirements such as engineering and scientific.
One of the biggest adopters of a BYOD approach has been Shell, which plans to extend it to over 130,000 staff over the next 3 years, with Windows, iOS and Android as the key operating systems. This follows on from Shell’s implementation of a ‘Cloud first’ approach in 2011 - business applications will only be developed and/or run in-house if they are not available in the Cloud.
In 2012 Harvey Nichols implemented new networks with the aim of allowing customers, suppliers and its own staff to be able to communicate within its retail environment using a variety of different devices and applications. Marks and Spencer is also known to be keen to implement a BYOD approach, and is actively looking at how this might work for different groups of stakeholders.
In assessing whether a Managed Desktop service is appropriate and what should be included in the service, there are a number of aspects that need to be considered:
- With the growth of smart phones and the development of specialist business apps, there has been a shift recently to include the support of mobile phones as part of the Managed Desktop service rather than it being a component of a telecoms service. The development and updating of any corporate business apps remains the responsibility of the Application Management or Web Services group, but the interaction with end-users is part of the Managed Desktop service providing a single point of contact for all devices.
- In a distributed organisation, where users are located at a number of different locations, it is usually more effective to include the support of the LAN hardware at these locations in the Managed Desktop service, whilst leaving the LAN support for the Head Office as part of the telecoms service. Head Office based network specialists would be responsible for resolving any traffic or other ‘soft’ problems at the remote locations, using the Desktop service engineers as ‘local hands’ if necessary.
- If an organisation has users who require high specification PCs (e.g. for image and video management, or for scientific work), or specialist non-standard devices, these could be included as part of the Managed Desktop service. However, if the volume of such devices is sufficiently high and the relevant users are based at a small number of locations, we would recommend having a separate support agreement with a company that specialises in the support of these devices.
- Increasingly organisations are employing homeworkers or allowing staff to work from home at certain times and IT departments need to provide support to these users. In the past this support has often required the homeworker to travel to the nearest office, or a replacement device being couriered to their home, neither of which is time or cost effective. As the availability of an IT service is often critical to these users, consideration should be given to extending the Managed Desktop service to include homeworkers.
- Similarly, some organisations now have a significant number of staff who are effectively ‘mobile’ and who need to be able to sometimes operate away from fixed networking facilities, using cellular or satellite communications. Consideration needs to be given to whether the support of these users should be part of the telecoms service or the Desktop service; typically this is split with support of the physical device being part of the Managed Desktop service, and the communications and software components being handled by other support groups.
Where Desktop support is provided as part of a broader outsourced IT Infrastructure service, the market is dominated by large global providers such as Accenture, CSC, Fujitsu, HP and IBM. However, the Desktop component is often subcontracted by these providers to other, smaller companies that specialise in this area and who also provide a Managed Desktop service as a standalone offering. This subcontracting model is particularly used when the customer is distributed over a number of geographically separate locations, requiring a mobile support workforce. In the UK, such specialist Desktop support companies include BT, Computacenter, Phoenix IT, SCC and Wincor Nixdorf.
Indian based service providers, such as HCL, TCS and Wipro, appear to be mainly interested in the provision of Desktop services where there is a large user population in one or two locations, although this could change as virtual desktops become more prevalent and support can be provided on a remote basis more effectively.
Over the last 5 years Dell has been trying to enter the Desktop services market, but has been more successful in North America than in Europe, where it has not yet managed to obtain a significant foothold. Like the Indian providers, Dell has targeted organisations with users predominantly in one or two locations.
Across Europe, companies such as ATOS, Capgemini, Computacenter, Getronics, Steria and T‑Systems have a significant presence, although in some cases they also subcontract some of the Desktop support work to local companies, or ones with a mobile workforce.