Is your cloud partner a certified cloud MSP?

Get a free Techzine subscription!

How does a company using a managed cloud environment know its managed service provider (MSP) has adequate knowledge of the cloud? Is the cloud partner capable of solving problems that arise? Can the MSP guarantee the SLA? Is your cloud MSP at all certified for AWS, Azure or Google?

Most companies opt for a multi-cloud strategy. It means that they no longer run their workloads exclusively on-premises but add one or more clouds to the picture. Some companies migrate to the cloud themselves. Many use an MSP that provides cloud services, including cloud management.

When businesses choose an MSP, many forget to check whether the MSP has enough knowledge of the cloud in question, if the cloud MSP is certified, and if the certification fits their IT strategy.

In principle, anyone can call themselves a managed service provider. The term is not regulated, and there are no requirements. Everyone can, in theory, be your MSP. Despite the latter being quite a stretch, there are tens of thousands, of smaller IT companies in Europe. Not all of them can offer the same quality, so it certainly can’t hurt to take a look at your current MSP. Or, if you still have to make the decision, ask some questions.

How does cloud certification work?

We discussed cloud certifications with Mirco Wienen, CTO Consulting at Sentia. The organization works on their certification throughout the year to ensure they keep their certification the following year. Obtaining cloud certifications is certainly not something you do overnight. There’s lots of work involved.

Individual cloud certification

To start, we need to separate two terms. On the one hand, you have cloud certifications that are obtainable as an individual. For example, a cloud architect or security specialist can take an exam offered by a cloud provider. If the person passes the exam, their knowledge of a particular technology or cloud service is deemed sufficient. The person receives a certificate in their name, valid for one or multiple years. After the certification’s expiration, the exam will have to be retaken to match the standard of that time. Cloud developments never stand still, and neither do the exams.

cloud training

The cloud MSP certification

On the other hand, AWS, Azure, and Google each offer their own cloud MSP programs. To participate as a company, you have to meet quite a few requirements. We asked Wienen how this works. Wienen says that Sentia is certified for two cloud MSP programs: Amazon Web Services (AWS) and Microsoft Azure.

Wienen explains that to be certified as a company for such a cloud MSP program, you must first go through an extensive process within your own company. Companies are required to document all projects properly. Thereby, they collect evidence to underscore specific skillsets. Eventually, an independent organization comes along to do an audit. The company shows all the evidence and demonstrates and explains various projects to the auditor. Eventually, all the evidence and projects should score enough points to qualify for the cloud MSP program.

Wienen explains that cloud providers each year make an extensive list of competencies. Each competency earns a certain amount of points. If you have enough points, you qualify for the cloud MSP program. In addition, there are knock-out criteria. If you can’t meet those, you don’t qualify at all.

What are knock-out criteria?

  • Number of people employed with individual cloud certifications;
  • Solution selling, delivering the project and solution as it was sold;
  • There are several knock-out criteria regarding security measures and best practices;
  • Having public customer references;
  • Transparant cloud compatible contracts with customers;
  • Providing cloud SLAs;

These are just a few of the most apparent knock-out criteria. Different clouds have different standards, and the list can vary from year to year. Together, the knock-out criteria form a threshold that guarantees customers of MSPs a degree of certainty.

cloud training

The point system

On top of that, there’s the point system. Wienen explains that there are hundreds of competencies, all of which are worth points. Some competencies suit one MSP better than the other. Ultimately, there is plenty to choose from.

Some factors are universally important. There must be documentation, a clear plan, quality templates, standards, adoption of security best practices, and a clear picture of the costs for every project. The actual list is even longer, says Wienen.

Wienen states the project itself should not be an on-demand construction. Instead, a thorough plan of action is to be made in advance. “In our organization, the complete environment is set out by an architect, based on the client’s wishes and requirements, and with our expertise. Ultimately, as a certified cloud MSP, we must explain exactly why we have set up an environment in a certain way, why we use certain services, how we arrived at the security policy and whether it has an acceptable price tag for the customer. Cost control is an important part of the objectives and therefore the project.”

The audit of the cloud MSP

During the audit, an independent company reviews all the documentation and projects. “Even then, we have intensive discussions to explain our work. The auditor looks at everything we deliver, determines whether we meet the knock-out criteria and calculates how many points we have achieved. Finally, the auditor communicates the result to the cloud provider.”

We wondered if that means that all customer data automatically ends up with cloud providers? Wienen assures us that is certainly not the case. In most projects, the customer names, applications and data are irrelevant. “What matters is how we configure the cloud infrastructure, what type of workloads we migrate, which procedures we follow and which security best practices we implement.”

There are also public references. The customer has agreed that Sentia can use their name and project as a public reference case. Sometimes permission is requested to present some aspects to an auditor before certification. Wienen adds that the auditor visits the aspirant cloud MSP in person, is presented with all the evidence, but ultimately takes nothing home, and is not allowed to copy anything either. The auditor’s role is to check and build up the scoring report. There’s a distinct separation between the customer, the MSP and the cloud provider.

Can anyone become a certified cloud MSP?

managed service provider

The big question is, of course, whether any company can pass such an audit. No, says Wienen. It isn’t possible for small companies. You have to have a certain degree of capacity to participate in a cloud MSP program effectively. He explains that Sentia now employs about 60 people who have various personal certifications for AWS. There are another 50 people certified for Azure.

Training and certifying all these people is not feasible for every company. An AWS Foundation or Azure Fundamentals certification is relatively easy to get. Passing for professional certificates is substantially more challenging. These exams are complicated and require training. At Sentia, training happens both during and after official working hours. The courses are paid for by Sentia, as the company benefits from staff obtaining their certifications. These certifications come with a price tag. Sentia invests heavily in increasing the number of cloud certified engineers. Not all companies have the resources to do that.

Annual planning to pass the audit

Furthermore, we wondered whether every project is suitable for the audit. If you do many of the same projects, it might lack diversity to get the certification? Wienen says Sentia employs an in-house compliance specialist that dedicates one day per week to keep an eye on the project balance. “A whole plan is made to ensure that we have enough points to meet the requirement by the end of the year. Every project from the past 12 to 18 months counts, so there’s overlap that can sometimes be taken advantage of.”

On paper

For some competencies, it is not mandatory to build the case around a customer. The certification can also be achieved by carrying out a project on paper and employing enough people certified in the used cloud technology. AWS, for example, has Direct Connect and Azure has Express Route. These are private, direct connections to the cloud data center. “Such projects are easy to work out on paper. We have plenty of experts for this as well. They can score the points on paper, independent of the availability of a customer. Of course, it does require some workarounds.”

What does Wienen think of the program?

Wienen says it’s good that the large cloud providers have set up an intensive certification program with clear, sometimes stringent requirements. It ensures that customers familiar with the cloud MSP programs and certifications get guarantees when choosing a partner. “If you are certified, a customer can assume that you can meet all requirements, have sufficient knowledge, and you will even keep an eye on the investment costs.”

On the other hand, Wienen states that the programs are not well known. The largest enterprise organizations are familiar with the MSP programs, but many medium and large businesses have never heard of them. As a result, they sometimes choose a non-certified partner and have a less than pleasant experience. It gives both certified and non-certified MSPs a bad reputation. Wienen wants to see more attention and awareness for cloud certifications and MSP programs.

Ultimately, Wienen says that it’s a significant investment for MSP’s to join these MSP programs and keep the certifications. Wienen would like to see more benefits, that you get the feeling it’s an investment you can earn back. As it stands, that expectation is not met. Cloud providers can do a lot more to make their programs better known or better tuned.

Finally, we asked Wienen about Google, which also has an MSP program. Wienen says Sentia has looked at the program. The company has several people specializing in and certified for Google Cloud. Nevertheless, the customer demand for Google Cloud is not yet sufficient enough for the company to take part in the program. Wienen says that Sentia will join if the demand increases and the number of specialists grows.