vital Inspiration for the modern business Volume 3 : Issue 5 : May / June 2010
Broadcast standard IT The world’s biggest broadcaster’s IT strategy
A perfect storm Securing the IT estate
Doing more with less IT in a tough economic climate
VISIT VitAL ONLINE AT: WWW.VITAL-MAG.NET
Cherwell. The service desk solution that covers all your ‘vITIL’ areas
So this is the software I can easily customise and configure. Let’s look at the product videos on their website...
The complete IT Service Management solution Cherwell is the ITIL solution that covers every angle – more powerful, more customisable, more scalable and more cost effective than other systems. Fast and easy to deploy, simple to manage, offering ITIL best practice ‘out-of-the-box’. Available as a traditional ‘On Premise’ installation or via a fully hosted SaaS solution, the choice is yours and with our unique CBAT technology, Cherwell delivers a truly powerful, scalable solution without ever stripping your budget.
Don’t leave yourself exposed, contact us today on 01793 858181 or visit www.cherwellsoftware.com
Innovative Technology Built on Yesterday’s Values
LeADeR
Security in an uncertain world Leader I
T’S ALL most of us really want isn’t it, security: physical security for ourselves and our nearest and dearest, job security and course security for our information and personal and financial details. In the IT world this subject is rarely if ever out of the spotlight. The latest organisation to have issues in this area is Facebook which recently had to shut down its chat system after it emerged that private conversations were visible to other users. And Harry Raduege, former director at the Pentagon agency responsible for computer networks, this week said that cyber attacks were growing in intensity and sophistication and that Governments that fail to protect their networks could face devastating attacks. so security is at the top of the agenda. And while we are on the subject, I had a whistle stop visit to the Infosecurity show at earl’s Court at the end of April, while I was visiting the collocated service Desk & IT support show in the same building. It struck me that there was an awful lot of floor space and standage devoted to IT security products and services, certainly more than there was on the IT services side, although clearly there is a large degree of crossover. Indeed, we have a fair old percentage of stories on a security theme in this issue, including stories about subjects like the security challenges of an increasingly mobile hardware estate; the challenges of IT security jargon; and the issues of securing the data centre. Clearly, we live in uncertain times. Many of the things we once relied upon are changing. Perhaps it has always been like this. If the companies at Infosec are to be believed there is a challenge and the IT world is rising to it and taking on the hackers and cyber criminals in ever more ingenious and effective ways. On the subject of uncertainty and change, was it just last issue that I predicted a hung parliament? And lo and behold as we go to press that is what the British electorate has voted for. whoever has control after all the horse trading is certainly going to be relying heavily on the IT crowd to deliver big budget savings. Anyway, hung parliament, remember where you heard it first! Until next time
service management training in particular, becomes vitally
important in tough economic times
because it will be
those operations that
can adapt quickest to changing circumstances Matt Bailey, Editor
that will be strong enough to survive, and even thrive, under the present economic
If you have any thoughts, feedback, or suggestions on how we can improve VitAL Magazine, please feel free to email me matthew.bailey@31media.co.uk
climate.
www.vital-mag.net
May / June 2010 : VitAL 1
Subscribe FREE to the most VitAL source of information VitAL : Inspiration for the modern business
vital
Inspira tion for the moder n busine ss Volume 3 : Issue 5 : May / June 2010
Broadcast standard IT
The world’s biggest broadcaster’s
IT strategy
Volume 3 : Issue 5 : May/June 2010
A perfect storm Securing the IT estate
Doing more with less IT in a tough economic climate
VISIT VitAL ONLINE AT: WWW.V ITAL-MAG.NET
News, Views, Strategy, Management, Case Studies and Opinion Pieces
vital Inspiration for the modern business
www.vital-mag.net/subscribe 31 Media will keep you up to date with our own products and offers including VitAL Magazine. If you do not wish to receive this information please write to the Circulation Manager at the address given.
COnTenTs
vital Inspiration for the modern business
Contents 6 News
vital Inspiration for the modern business Volume 3 : Issue 5 : May / June 2010
THE VitAL COVER STORY
10 Broadcast standard IT
Broadcast standard IT
MATT BAILEY The BBC is changing from a traditional engineering environment to an ITbased organisation in both its frontline broadcasting services and its back office infrastructure. VitAL speaks to the corporation’s chief information officer Tiffany Hall.
The world’s biggest broadcaster’s IT strategy
A perfect storm Securing the IT estate
Doing more with less IT in a tough economic climate
VISIT VitAL ONLINE AT: WWW.VITAL-MAG.NET
editor Matthew Bailey matthew.bailey@31media.co.uk Tel: +44 (0)203 056 4599 To advertise contact: Grant Farrell grant.farrell@31media.co.uk Tel: +44 (0)203 056 4598 Production & Design Toni Barrington toni.barrington@31media.co.uk Dean Cook dean.cook@31media.co.uk editorial & Advertising enquiries 31 Media Limited, Media House, 16 Rippolson Road, London se18 1ns Tel: +44 (0) 870 863 6930 Fax: +44 (0) 870 085 8837 email: info@31media.co.uk web: www.vital-mag.net Printed by Pensord, Tram Road, Pontllanfraith, Blackwood. nP12 2yA © 2010 31 Media Limited. All rights reserved. VitAL Magazine is edited, designed, and published by 31 Media Limited. no part of VitAL Magazine may be reproduced, transmitted, stored electronically, distributed, or copied, in whole or part without the prior written consent of the publisher. A reprint service is available. Opinions expressed in this journal do not necessarily reflect those of the editor or VitAL Magazine or its publisher, 31 Media Limited. Issn 1755-6465 Published by:
VitAL SIGNS – LIfE IN A WORLD WITH IT
13 How will your system fall off the cliff? STEVE WHITE Steve White is seeing connections between problems with a commodity trading application and a yeast infection at a bottling plant.
VitAL MANAGEMENT
14 Laissez faire demand management ADAM GRUMMIT UKCMG chairman and distinguished engineer at Metron, Adam Grummitt discusses how to avoid bad practice rather than chasing good – let alone best – practice.
18 Do you speak geek? SEAN GLYNN If Spanish is the new French where does that leave the language of the Geek? Sean Glynn explains the latest IT security lingo.
22 A perfect storm for IT security STEpHEN MIDGELY The increasingly mobile nature of data has resulted in growing pressures on IT departments. With the ubiquitous use of laptops and handheld devices, a secure physical environment, while still required, is no longer sufficient. Stephen Midgley reports.
26 Securing the data centre
VitAL Magazine, Proud to be the UKCMG’s Official Publication ITIL® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.s. Patent and Trademark Office.
STUART BONELL data centres are some of the biggest IT investments that businesses ever make. ‘How much of this should be spent on security and should end-users do it themselves or entrust some areas to outsourcing?’ asks Stuart Bonell.
SUBSCRIBING TO VitAL MAGAZINE VitAL Magazine is published six times per year for directors, department heads, and managers who are looking to improve the impact that IT implementation has on their customers and business. For a FREE annual subscription to VitAL Magazine please visit: www.vital-mag.net/subscribe May / June 2010 : VitAL 3
COntents
Contents 29 Windows 7: How should you get there? JIM DOCHERTY Isn’t it time you thought about migrating to Windows 7? Jim Docherty offers a roadmap to help you on your way.
48 Learning to do more with less paul evans IT has had to adapt to the changing economic climate and customer demands, focusing on what it can deliver and how to do more work with less resources and tighter budgets. Paul Evans reports.
52 Growing your own talent RON MCLAREN Some IT organisations are in a vicious circle: never enough time to do the job properly, never enough time to invest in skills development, never enough time to get better. Ron McLaren says it’s time to grow your own talent.
32 I TIL: after two decades of use and abuse, what next? BRIAN JOHNSON Brian Johnson, one of the original architects of ITIL, charts its history, takes stock of its impact and wonders where it will go next.
VitAL eyes on
35 Spring cleaning your client database Jonathan Westlake With the onset of warmer weather, Jonathan Westlake is taking a virtual feather duster to his electronic records.
VitAL drive – IT hits the fairway
55 Sales fatigue at the souk
VitAL processes
GERAINT LEWIS For PGA IT manager Geraint Lewis, the arrival of spring brings the circling salesmen, sniffing out a freshly sprouted IT budget.
36 What makes good IT support training? NOEL BRUTON Having trained hundreds of IT support staff and managers, Noel Bruton asserts that the ITIL ‘Foundation Course’ as it is currently designed and taught is too often the absolute opposite of what good IT staff training should be.
VitAL planet
VitAL profile
40 Chaos to value: the IT Service Management journey
56 The green advantage MURRAY SHERWOOD New legislation is forcing many companies to look more carefully at their energy usage. Yet as Murray Sherwood explains, a wellimplemented green IT strategy can help to drive cost savings as well as enhancing green credentials.
PATRICK BOLGER Patrick Bolger explains the initial stages of the ITSM maturity journey, starting with the ‘chaotic’ first steps and explaining how the adoption of ITIL can provide fast benefit, setting the stage for further maturity.
42 Scrap the certification scam
JULIAN HOLMES The idea that anyone could be a ‘certified’ master of anything after spending a couple of days listening to someone in a classroom is completely absurd says Julian Holmes.
44 Professionalism and the importance of standards-based certification steve philp Unless certifications are developed and standardised so they reflect real-world experience they will fail to help boost professionalism. Steve Philp addresses some of the burning issues surrounding IT certification.
59 Virtualisation – the catalyst for green data centres SEAN MCCARRY Sean McCarry explains how virtualisation technologies can enhance green efforts, but says that management is essential for real success
64 Secret of my success This issue we ask Gareth Davies, managing director of schools learning platform solutions company Frog, to divulge the secret of his success May / June 2010 : VitAL 5
news
The IT services industry gets a focus vitAL Focus Groups, Tuesday 21st June 2011, Park Inn Hotel, Heathrow
T
He vitAL Focus Groups is a not to be missed event for anyone with an interest in IT service management. Taking place at the Park Inn Hotel, Heathrow on Tuesday 21st June 2011, the event is specially designed and targeted at senior IT managers as a forum for them to discuss and debate some of the industry’s current hot topics in an informal setting where they can be sure to pick up specific information to help them at a time when IT has never been more crucial to the business. Key expert industry suppliers are supporting the event including Pink elephant, Infravision, Kepner Tragoe, Cherwell software and wardown Consulting. “It is clear that as the role of IT expands in business, senior decision makers need a forum to discuss their challenges in a structured
vital focus groups
manner with a view to finding solutions to what are often complex issues,” comments Matt Bailey, editor of VitAL magazine. “And suppliers to the industry, who are naturally keen to meet these professionals, need to identify how they can help them to focus on the business benefits of IT. This logic coupled with VitAL Magazine’s consistent desire to drive the market forward lead us to launch the VitAL Focus Groups for 2011.” The VitAL Focus Groups will consist of fifteen syndicate rooms, each a forum to discuss a
TOUGH fINES fOR THOSE THAT DON’T TAkE DATA SECURITY SERIOUSLY
U
NdeR LAWS that came into place recently, the Information C o m m i s s i o n e r ’s o f f i c e ( I C o) can now fine businesses up to £500,000 if they are found in breach of the data Protection Act (dPA). The legal requirement to follow the dPA combined with the very real threat of a hefty fine and negative publicity should now make information security a clearly defined business risk and a key focus for all IT managers. In response to the legislation, the BsI says it will continue to work with industry and government to develop a series of standards and targeted training courses. These initiatives are designed to help UK businesses, regardless of their size and sector, develop and implement effective information security management activities. Two standards which help organisations achieve this are IsO 27001 (information security management) and Bs 10012 (data protection). These standards are supported by respective training
6 VitAL : May / June 2010
courses to help organisations understand the risks associated with information security breaches. “Data protection could refer to the transfer of information to a third party, failure to hold information securely or simply the neglect of legal obligations,” explains Mike Bailey, director for BsI Training. “employees need to consider the risks when they make a phone call or open their laptop on the train; do they really know that the person sat next to them is not a competitor? The security of sensitive company data must be at the top of every business agenda; particularly in the current climate where measures such as management system standards, can be put in place to minimise the risks.” Loss of data is one of the biggest threats facing modern organisations today but Bailey believes that there are a number of positive steps that an organisation can take to minimise the risk against data security breaches. “Once all of these areas have been identified and actioned it is important for businesses to manage any threats against these areas, for example, locking filing cabinets after use, backing up data or reviewing access control policies. Producing a framework for continual improvement is essential to ensure that any changes in business practices do not affect the ongoing security improvement programme,” concludes Bailey.
specialist subject for IT managers. with some of the industry’s leading minds on hand to help facilitate and steer each session, we predict that they will quickly become a ‘must-attend’ event for anyone serious about IT in the modern environment. In addition there will be plenty of networking opportunities available at break and lunch time as well as a small exhibition area, offering a fabulous chance for delegates to interact with their peers, source the latest products and services, developing meaningful relationships in an informal yet professional setting. The VitAL Focus Groups are open to all professionals within the IT industry although complimentary places are limited to 120 and are offered to managers, directors, and board executives on a first come first served basis. www.vitalfocusgroups.com
Plugging the data leaks A
N INdePeNdeNT survey of IT decision makers into the market penetration of data leak prevention (dLP) technologies has highlighted that endpoint data leak prevention is still a major problem for IT managers The key finding is that more than one in three of respondents are still failing to deploy any form of data leak prevention, whether that be device control, endpoint DLP or DLP appliances. Amongst small to medium sized business this figure increases to over half of organisations. The survey also revealed that even those managers that are deploying technology solutions to prevent data leakage from within their organisations the majority are failing to protect all the possible channels where data leakage can occur. In spite of the rapidly growing use of personal smartphones and PDAs within business environments, less than half of all respondents who had deployed a DLP solution reported that they controlled the data synchronisations between employees’ computers and their smartphones. Furthermore only a quarter of respondents that use DLP solutions are able to control the content of documents printed from corporate computers. This is despite the fact that a recent study published by the Ponemon Institute concluded that the document printing channel was found to be the most often used for stealing corporate data.
www.vital-mag.net
news
Broadband policy creates rural/urban digital divide W
hile the Government’s focus was on the election, the chaos in digital policies was highlighted by the story of how Lyddington, a village in Rutland, raised £37,000 itself to ensure 40mbps broadband and provide businesses and residents access to what many in cities take for granted such as online video conferencing and access to social sites such as Youtube etc. “The Government’s attitude to high speed broadband to rural areas is ridiculous when you consider over a third of the country will suffer, and it is simply not good enough to push the burden to fall back on to businesses – in effect causing a rural/urban digital divide which is strange for a Government preaching equality!” seethed Mark Seemann, product strategy and development director at leading
cloud-based and unified communications specialists Outsourcery. “Many SMEs, which are the engine of the British economy, are based in rural areas and through the Government’s current policy will be excluded from the benefits of superfast broadband. This will have serious implications not just for the recovery but also the future of Britain in a global economy.” The Labour Government pledged to offer all homes a minimum speed of 2Mbps by 2012. But critics say these speeds are far too slow for the ever-increasing demands of web users. “What is now required is a carefully thought out strategy by the next Government to encompass both the short and long term plan to make the UK’s broadband infrastructure competitive and fit for purpose,” said Seemann. “Due to the
timescales required to roll-out high speed 100mb broadband services to the UK (estimates from five to ten years are being quoted), a short term plan to give UK’s businesses superfast broadband is critical. The most effective method of delivering a short term plan is to establish a Broadband Grant system whereby businesses can receive government subsidised discounts for ordering fibre optic private circuits from BT, Virgin and other independent service providers. These private circuits are available now but the cost of installation and on-going rental usually place these out of the reach of small and medium sized businesses. A grant system would allow UK businesses to benefit from 100mb broadband now whilst the new national broadband infrastructure is being built.”
The cloud has a silver lining
C
loud computing can help pull SMBs out of recession according to new research. In K2 Advisory’s report ‘Cloud Computing: A Step Change for IT Services’, which analyses the developing market for cloud services, the report’s author Dr Katy Ring, director, K2 Advisory says that the benefits of cloud computing can provide the business flexibility to help companies operate more effectively in the current economic climate. However, the report finds that adoption rates by smaller organisations of public cloud and software as a service (SaaS) from vendors such as Amazon and Google will outpace the adoption rate of enterprises by a factor of two. By 2015 for organisations below 1,000 employees, a third to half of IT spend is likely to be with public cloud providers. Commenting on the findings, Dr Ring said, “In five years’ time the provision of IT to mid-sized and smaller businesses (of less than 1,000 employees) will be quite distinct in terms of cloud adoption from enterprises. Indeed, it could be argued that small and mid-sized business use of cloud computing will enhance their agility and their ability to bounce back more quickly from the recession of 2009/10. Many Western enterprises, however, will continue to find that their IT systems are increasingly sclerotic, constrained by client-server ERP systems.” K2 Advisory’s report states that the biggest challenges for enterprise adoption of cloud computing lie with existing investment in legacy www.vital-mag.net
systems, and with the potential impact on the internal IT department. Ultimately CIOs suspect that the rise of cloud computing heralds the demise of retaining internal technological expertise. IT services will be delivered by external suppliers who will be managed with (yet to be) established procurement processes. As an increasing amount of an IT group’s effort is spent on external providers delivering systems integration and managed services, this can be seen as evidence that the traditional enterprise IT we’re familiar with is disappearing. In this world, a CIO is a vendor management officer, and most of the technology is taken care of by external suppliers. The report also suggested that public sector IT buyers do not want use of the proposed government G-Cloud to be mandatory, according to the report many public sector IT buyers think G-Cloud should be offered as an opt-in sourcing method, not a mandatory one, and are sceptical on both the savings and the carbon reduction claims. The majority of survey respondents (53 percent) did not believe that G-Cloud will deliver the anticipated billions of pounds worth of savings. However, a healthy minority (47 percent) thinks that G-Cloud will be successful in saving money for the provision of IT for the public sector. From this it might be surmised that there is a general belief that G-Cloud will yield cost-savings, but that the scale of those savings (as currently communicated) is not believed. May / June 2010 : VitAL 7
news
The remote working revolution A
survey released has revealed that 50 percent of enterprise level businesses positively encourage flexible and remote working and claim to have a well-developed technology platform in place to support it. Yet while more than half of the c-level IT decision maker respondents say that they have policies in place, only 18 percent are moving towards a fully integrated technology offering. The new findings reinforce the prediction made earlier in the year by Gartner, which believes that by 2012, 20 percent of businesses will own no IT assets, a trend that is in part being driven by the fact that more and more employees are operating personal desktops and notebook systems on corporate networks. The survey, which was carried out for Interactive Intelligence by independent specialists Vanson Bourne, also showed that 43 percent of organisations recognise higher
productivity as the key benefit to flexible working policies. Other advantages include retention of key staff and the ability to attract new and well-qualified employees; reduced office costs and even faster, more responsive customer services. “The findings confirm our belief that remote working should be a part of every business’s long-term strategy,” says Dave
Organisations embrace Windows 7
Paulding, regional sales director EMEA, Interactive Intelligence. “Flexible working is good for business, good for staff and good for the environment.” When asked about the perceived disadvantages of a flexible working system, only 16 percent of organisations saw the requirement to invest in new technologies as a barrier to implementing a flexible working solution. Other perceived disadvantages of flexible and remote working included limited interaction between key workers; a lack of management control over employees; concern about security and confidentiality of information; and a lack of perceived lack of staff visibility and the impact that may have on their promotion prospects. “There is no doubt that in order to address some of these concerns and reap the benefits, an effective technology solution is required to offer a fully integrated flexible working strategy,” concludes Paulding.
Volcano fall out foiled by UC
A
new survey shows that 87 percent of IT professionals now plan to deploy Windows 7. While concerns for software compatibility and migration costs remain high, this is a dramatic increase from a similar study released in April 2009, which revealed the majority of IT staff had no plans to upgrade existing systems to Windows 7 in the next year. This year’s study attributes increased confidence in performance, security and stability to the overwhelming change of heart. Further demonstrating affinity for the new OS, almost half the 900 respondents said they plan to deploy Windows 7 before the anticipated summer release of its first Service Pack (SP1). And for the first time since KACE initiated this research in November 2007, those considering alternative operating systems to avoid Windows decreased dramatically from 50 to 32 percent. “These results reinforce what we are hearing from the customers we talk to everyday,” said Rob Meinhardt, president, Dell KACE. “Productivity gains associated with working in two windows at the same time, having an OS that works with proprietary technology, powerful encryption to protect credit card numbers and employee data, and connecting PCs quickly and easily to wired and wireless networks are among the big wins over Windows XP most often cited by our customers.” According to Diane Hagglund, senior research analyst for Dimensional Research and the survey’s author, another driver for speedy Windows 7 adoption is the fact that XP is reaching its endof-life. “As Windows XP becomes out of date and more expensive to support and with Vista increasingly insignificant, IT leaders are embracing Windows 7,” she said. “Based on previous research, Windows 7 deployments are dramatically ahead of planned Vista deployments at a similar stage in the OS lifecycle with most respondents skipping Vista altogether.”
8 VitAL : May / June 2010
T
he fall out (literally) from the Icelandic volcano dust continues to ground all flights in the UK and Europe as VitAL goes to press, with the consequence that business travel has been severely affected due to flight cancellations. However, a growing number of technology savvy organisations which rely on hosted IT and communications solutions to enable their staff to work collaboratively and access information regardless of their location in the UK or around the world, have remained largely unaffected. Innovative unified communications (UC) solutions are proving the perfect antidote to the current travel issues as the technology removes the need for employees to meet with each other face-toface. UC brings together live meeting, presence functionality, group chat, remote desktop sharing and conferencing facilities on to a single platform accessed from a web-enabled PC or mobile device, providing businesses with a tool for more effective communication across their organisation. “This technology has proved vital for many SMEs as travel becomes increasingly difficult through a number of natural and weather related events, as well as more normal commuting congestion,” said Mark Seemann, product strategy & development director at Outsourcery. “With large numbers of staff having to work away from the office, when travel is disrupted businesses are finding that they need more innovative ways to stay in touch with their colleagues and clients. UC lets businesses of any size communicate and collaborate more efficiently. The current travel difficulties will only further underline how being able to connect with your colleagues whenever and wherever they are means an increase in productivity company-wide.”
www.vital-mag.net
Unbiased advice and bespoke IT Service Management solutions
ITIL v2-v3 Foundation and Managers Bridge ITIL v2 and v3 Foundation Certificate ITIL v3 Intermediate Certificate Public schedule and on-site options available. Visit our website www.wardownconsulting.co.uk for details.
Tel: 01582 488242 Fax: 01582 488343 E-mail: training@wardownconsulting.co.uk Website: www.wardownconsulting.co.uk Wardown Consulting Limited. Prudence Place, Proctor Way, Luton, Bedfordshire. LU2 9PE
IT Service Management Training & Consultancy
COVeR sTORy
Broadcast standard IT The BBC stands at a crossroads in its development, in transition from a traditional engineering environment to an IT-based organisation in both its frontline broadcasting services and its back office infrastructure. VitAL editor Matt Bailey speaks to the corporation’s chief information officer Tiffany Hall.
I
N THe world of broadcasting there can be few more celebrated names than the BBC. It is incredible really that the public service broadcaster of a relatively small country like the UK has grown to be the biggest broadcasting organisation in the world. And on this worldwide stage the BBC brand has become something of a hallmark of quality in what can often seem to be a business very short on this rare attribute. The BBC’s unique funding structure allows it to pursue projects other broadcasters would find hard to justify and finance, especially during a global recession. It is perhaps this public service broadcaster status and its unique funding arrangement that have caused so much controversy; that and the changing
10 VitAL : May / June 2010
nature of global broadcasting as a whole. The BBC has come in for a lot of flak lately and its funding arrangements are constantly under review. The irony of the family-owned Murdoch empire pointing out the dangers of one corporation holding so much influence doesn’t need restating, but it highlights the crossroads the BBC is at as a national broadcaster that has become a global brand.
The rise of IT Central to the success of the BBC has been its embracing of modern information technology techniques. IT has really come to the fore at the heart of the corporation in the last decade or so. For most of the corporation’s history it relied on teams of technical experts with traditional www.vital-mag.net
cover story
mechanical and electrical engineering skills, whereas now the emphasis is very much on the information technology professional. The BBC appointed Tiffany Hall as its chief information officer last October. Responsible for the strategic planning of the corporation’s IT infrastructure, information security systems and support for BBC business systems and professional services teams, she also oversees the newly combined Development & Delivery team at the corporation. Her role oversees the workings of a new open technology strategy instigated by BBC chief technology officer John Linwood, which was set up to allow the BBC’s technology suppliers more insight into the details and specifications the corporation requires, and was designed to make tender applications simpler and more efficient. “While I am responsible for IT infrastructure, security, strategy and project delivery, and all the technology used by BBC staff, my remit goes right into the broadcast area too,” explains Tiffany Hall. “Increasingly the two areas, broadcast engineering and IT are converging – IT is becoming the business. We’ve seen convergence between our traditional enterprise technologies such as backend office and business systems and the new media solutions. For example the success of BBC iPlayer has meant the systems it’s built on have needed to become much more robust and adopt the scalability and reliability principles of the business enterprise solutions. Conversely, the back office solutions have needed to become more open and modular as they are now playing an increasingly important role in providing data for some of the BBC’s audience facing services.” While Tiffany Hall deals with the strategic end of the IT spectrum, service is outsourced to the BBC’s ITSM partner Siemens Business Services, a relationship that has so far delivered excellent results. The Siemens contract was announced in 2004 and has so far been mutually beneficial. www.vital-mag.net
A technology backbone Tiffany Hall joined the BBC from Shell in 1995 and has held a number of senior positions with both national and regional briefs. She originally joined as an IT project manager but was soon appointed head of business systems in News where her role included managing internal and external service-level agreements and the rollout of an electronic news production system now used by 14,000 staff. From 2000 to 2005 she was head of technology for News, and major project responsibilities during this period included the early development of Jupiter, the tapeless, desktop production system which has since transformed the way BBC TV news is put together. In 2006 Hall became the technology controller for BBC Nations & Regions. During this period she was responsible for setting the technology strategy and continued to roll out tapeless broadcast environments with her work to launch BBC Northern Ireland’s Digital NI project. She then went on to head up the newly created Development & Delivery group in July 2009 a role she continues to cover until a replacement is found. At the start of the year the BBC’s Broadcast & Enterprise Technology Group (B&ETG) which is responsible for the technology backbone of the organisation, from desktop PCs and tapeless production to camera procurement and much more besides, published a document outlining the direction for technology activities within the corporation for the next two to five years. “The world has changed and technology is increasingly at the forefront of everything the corporation does,” explains Hall. “There has been a fundamental shift in the pace of change of both business with the advent of technologies like cloud computing and consumer technologies like iPhones; alongside this of course there has been a massive change in audience behaviour in line with these developments. We can’t rest on our laurels and
IT has really come to the fore at the heart of the corporation in the last decade or so. For most of the corporation’s history it relied on teams of technical experts with traditional mechanical and electrical engineering skills, whereas now the emphasis is very much on the information technology professional.
May / June 2010 : VitAL 11
cover story
our new direction is a response to these internal and external demands on the corporation. The shift to fully tapeless content production, filebased transfer for media and the production and delivery of high definition all put greater pressure and emphasis on technology. With growing demand we can see that we need to make efficient considered investments now to build an agile platform for the BBC’s technology activities over the coming years.”
The back office Focussing on the back-office, Hall admits that it’s an area that may have been neglected amid the enthusiasm to equip the broadcasting side with state-of-the-art solutions like the tapeless desk-top editing technology. “We may have actually underplayed the business systems side of what we do,” she admits. “But we are starting to address this issue now.” While technologies like cloud computing aren’t always practical for the rich-media applications often employed at the BBC because of the bandwidth required, VoIP telephony has been rolled out throughout the corporation and various virtualisation applications are under review for specific applications. “One of the things that makes our infrastructure really interesting is the need to deal with very large files,” says Hall, once this would have been an engineering challenge 12 VitAL : May / June 2010
with the information, sound and vision, stored on tape. “Stuff that was once engineering is now IT,” confirms Hall. “Now content is moved around the organisation digitally.” And clearly high definition images which are becoming the norm, are very bandwidth-hungry.
A four part plan A combination of all the different factors driving IT strategy at the BBC has culminated in an approach which focuses on four key areas. The core IT building blocks are of course key. Ensuring the BBC has sustainable networking, telephony, storage and other core services which are needed to support growing demand is crucial. “We also need to be connected and collaborative,” says Hall. “We have to break down the technology barriers to allow our partners to easily work with us and support flexible and remote working.” Innovation has to be at the core of the operation too. “Embracing the growing capabilities of consumer devices for professional use and ensuring that innovative technology is able to be developed and grown at the BBC is a vital part of our approach,” says Hall. And of course in an organisation funded by a license fee from the public, value must be at the top of the IT agenda. “Minimising customisation across technology, driving standardisation and use of commercial off the shelf products as much
“Technology is at the heart of what the BBC does, how we interact with the public and how we make our programmes. Technology has also affected the way we interact with the rest of the organisation. It is once again the age of the engineer perhaps, but now the age of the software engineer. “ www.vital-mag.net
VitAL SIGNS: LIFe In THe wORLD wITH IT
How will your system fall off the cliff? This issue Steve White is seeing connections between problems with commodity trading application and a yeast infection at a bottling plant.
as possible will help us to reduce our cost base,” states Tiffany Hall. These focus areas are underpinned by a set of principles which the corporation says will guide its technology decisions from now on and represent a first step to developing a fully detailed approach to IT.
Tomorrow’s world Obviously in a public service organisation like the BBC value for money is crucial. The corporation has to demonstrate real value to the license payer, so technologies that drive out cost are key to the BBC’s future IT plans. so cloud and virtualisation technologies will be important where they are practical, in areas where large data files aren’t the norm such as the back office. “Technology is at the heart of what the BBC does, how we interact with the public and how we make our programmes. Technology has also affected the way we interact with the rest of the organisation. It is once again the age of the engineer perhaps, but now the age of the software engineer. “we have an obligation to make sure we stay in touch with the growing demands of the licence payer,” concludes Hall. “At the end of the day the BBC is here to inform, educate and entertain and technology is playing a more and more important role in maintaining this purpose.” VitAL www.vital-mag.net
R
eCeNTLY I was involved in an incident that did not involve computers at all, but the bottling of fruit juice in a drinks factory. There was a yeast infection, a common strain of yeast that’s present in the air and should not have been present within the sterile area of the filling machine, and we were called in to help investigate. The manufacturer of the plant was also on site – an expert in the installation and running of this piece of equipment about the size of a four bedroom detached house. The problem had taken a number of attempts to clear, and every retest of the system seemed to make the yeast problem worse – acceptable performance was one contaminated bottle in 10,000 and they were now reaching four percent. One of the contributing factors to the investigation duration was that since installation five years ago it had worked 24/7 pretty much ever since without a rigorous root cause analysis of occasional production problems. The culture in the factory was ‘get it working’. Incidents had been managed, but root causes had not necessarily been found, so the machine expert found out-ofspec subsystems and the machine needed a rebuild and blueprint first. Of the 22 possible causes, 20 were logically dismissed by hard evidence, it came down to two which were fixed and service was restored. However,
service restoration took 16 weeks and cost in hard cash at least £4M. I was also involved in an IT incident where a worldwide commodity trading application was simply running too slowly for the trades to process during the available time window. On working through the facts we characterised the problem well enough for the software supplier to raise his hands and say “we know what the problem is, your throughput has outgrown the capability of our product”, and then it all got sticky because the bottleneck had been fixed by re-architecting the core of the product in the next release – couldn’t be back-ported, they needed to work out a change plan for upgrading. while on the surface both of these incidents look different, there was a thread tying them together – the unclear failure mode of the production system when throughput exceeded design capacity – in the case of the bottler they flogged the hardware until it could no longer cope, in the case of the application they flogged the software until it could no longer cope, and in both cases there was no automatic trigger to alert them to impending trouble – they fell into an abyss without warning. How might we detect or flag to the operators that something is being overused, so that there is an equivalent to the helpful signs near cliff-tops “Danger, fatal drop ahead”? VitAL May / June 2010 : VitAL 13
VitAL MAnAGeMenT
Laissez faire demand management In an article written in the spirit of ‘Knot Not ITIL’, with due acknowledgements to Brian Johnson and Paul Wilkinson, UKCMG chairman and distinguished engineer at Metron, Adam Grummitt discusses how to avoid bad practice rather than chasing good, let alone best, practice.
A
Good capacity manager can do well for one dollar what any fool can do badly for ten (with apologies to Nevil Shute). The prime objective of capacity management is the provision of a consistent, acceptable service level at a known and controlled cost. This requires the control of two essential balances: supply versus demand and resources versus cost. These balances can be achieved by relating costs to levels of service provided and corresponding priorities for access to resources. Gap analyses of capacity management at many IT sites show huge variations in practice. Top sites not only adopt full process control of projects, applications and services at component, service and business levels but also measure KPIs of their own effectiveness,
14 VitAL : May / June 2010
including financial metrics. Many sites adopt good practice and apply some demand management to the resource requests for new projects and monitor their actual resource usage throughout the application life cycle. Many other sites don’t. This article considers some of the reasons why.
Demand management in theory Demand management is described in ITIL as “the control of resources and requests to meet specific levels of demand that the business is willing to support”. For example, user demand might have to be limited for a period if additional capacity cannot be purchased immediately. Or if there are known configuration problems, it may be possible to pre-define the services that can be sacrificed for short (or longer) periods. www.vital-mag.net
vital management
Demand management is commonly proposed as a way to understand and throttle demand from customers. It is important as requests for projects often outstrip the resource capabilities of service providers.
A typical management edict for IT is to ‘do more with less’. But often there are more requests for work than resources currently available. Demand management is commonly proposed as a way to understand and throttle demand from customers. It is important as requests for projects often outstrip the resource capabilities of service providers. Demand management is described as a capacity management activity within service delivery in ITIL v2 with a constrained view of its scope (focusing on degradation of service due to unexpected increases in demand or partial interruptions to service due to hardware or software faults and establishing the redistribution of capacity in order to minimize the impact on business critical services). In ITIL v3 it is allocated to service strategy with a wider view of its scope and links with capacity management identified, but still focused on patterns of business activity and user profiles. In this article it is treated as a capacity management related activity and is interpreted as most practitioners use the term including both of the above as well as establishing longer term practices to deal with handling requests for new services, avoiding un-necessary peaks in workload, provisioning of resources, setting service priorities and quotas, chargeback and related activities. The objective of demand management is to optimise and rationalise the demand for the allocation and use of IT resources. It covers the entire spectrum, from one extreme of overprovisioning without regard to cost to the other extreme of under-provisioning such that there is no headroom and hence capacity problems. Effective demand management and capacity management ensures the timely provisioning and efficient allocation of IT resources at three levels: www.vital-mag.net
1. Forecasting business demands; 2. Applying IT strategy and assessing service trends; 3. Assessing and controlling resource or component utilization levels.
Demand management as a process Demand management is “an IT governance process that enables IT and the business to optimise the investment in IT through factbased decisions”. It captures, evaluates, and prioritises all of the demands or requests placed on IT—from high-volume routine service requests to deploying changes across core applications. Demand management deals with the influx of requests for IT services, maintenance, and operational support - each varying in its level of importance to the organisation. These requests typically fall into four key categories: Strategic demand: requests for new projects that have major strategic impact on the company, such as implementation of a new ERP solution; Tactical demand: routine, day-to-day requests such as upgrading users to a new version of their software, etc; Operational demand: management of key IT assets that impact the company’s ability to conduct its core operations: improving network security and identity management capabilities, patch management etc; Application enhancements: requests for upgrades or revisions to existing applications and business processes. The overarching objective of demand management is to create and control a front door to IT so that all incoming requests are collected, prioritised, scheduled, and fulfilled based on objective, consistent criteria according to business priority. Essentially the May / June 2010 : VitAL 15
VitAL MAnAGeMenT
goal is to create a complete picture of all the requests made to IT - past, present, and future; tactical, operational, and strategic - so that IT can make better decisions and identify trends. sadly, in practice, demand management is often more of an order taking and service provisioning activity than a management process. It should identify relative needs for special support such as the degree of availability, continuity, integrity, security and performance rather than accept a blanket requirement across all demands.
Demand management activities Delivering effective capacity management requires forecasting business demands, applying IT strategy and assessing service trends, and evaluating utilisation of the current implementation. Key factors include: • Identifying which services are vital to the success of the business; • Ensuring that these services are available as the business needs them; • Improving efficiency by ensuring that resources are not over-provisioned. The key output is a capacity plan for IT resources that: • Facilitates successful management of IT assets; • Monitors and communicates key performance indicators (KPIs); • Is able to evolve as business demands change. If there is a chargeback mechanism in place where real money is involved, customers can be encouraged to move workloads away from peak periods by preferential rates. This applied traditionally to batch work on mainframes but can also be applied to any workload that is under customer control, such as management reports, backups or archiving. 16 VitAL : May / June 2010
If the operating system concerned supports workload identification and priorities, then in conjunction with chargeback even finer control by demand management is feasible. Demand management in that situation can be underpinned by modelling, which can show what level of demand can be supported for a given level of resources. This is essential in disaster recovery planning, showing what demand can be supported if a given component in the infrastructure fails. An important activity in demand management is to define quotas/limits on the use of services eg, a limit on the personal data for filing purposes, maximum size of mailboxes. These limits are then managed by sending warnings to the end-user or blocking use of the service when second level thresholds are breached.
Demand management in practice – laissez faire At an IT component level, most large organisations have adopted capacity management by monitoring capacity and performance from servers, storage, networks, and so on. They have also used modelling and trending tools to predict future requirements. Fewer have successfully shifted the emphasis from day-to-day needs to a more proactive, business-centric view of future requirements. effective capacity management must factor in future business developments, including step changes in demand that may arise from longer-term business initiatives or advances in technology. The future plans for the business in terms of growth or change are key to this. It is not always readily available outside the board room and so often some simple rules of thumb need to be applied by the CMT, such as “if the current demand is X and the performance is y, then
The overarching objective of demand management is to create and control a front door to IT so that all incoming requests are collected, prioritised, scheduled, and fulfilled based on objective, consistent criteria according to business priority.
www.vital-mag.net
VitAL MAnAGeMenT
the service needs to cater for 2X and the worst performance acceptable is 2y”. However, in practice, many sites have installed separate, dedicated, wintel configurations for every new project over the years, without consolidating or retiring any. The net result of this laissez-faire policy is typically hundreds or thousands of servers all running at very low utilisation levels, that is, with a huge over-investment in unused spare capacity. It may be suggested that this is an acceptable approach as hardware is cheap, but when the money wasted in buying, licensing, implementing, maintaining and supporting under-utilised equipment amounts to millions of dollars, then it is time to take note. Virtualisation provides an excellent vehicle to make more use of hardware by driving utilisation levels up. It offers partitioning, isolation, encapsulation and hardware independence. It provides dynamic resource scheduling (using VMotion), high availability and consolidated back-up. some sites feel they have found a lifeboat with VMware, even though the cost of providing all these features may be overkill for some of the applications involved. Again this may seem a low price to pay for all the advantages of a virtualised environment, but it can easily amount to large sums on a large project and lead to spending over ten thousand dollars per VM. sadly, rather than changing their regime in any way, low-end sites approach VMware as a major new project expenditure merely to virtualise hundreds of servers on to a new platform as a ‘Good Thing’ and claim notional savings in carbon footprint and licence costs. It may be that few of the old servers are actually decommissioned but rather cascaded and typically more licences are needed in the end www.vital-mag.net
to support all the VMs and their extra layer of software. Thus more money can be spent and the total carbon footprint can be increased. Furthermore, many of the support options chosen in a ‘one size fits all’ approach may cost more than the service merits. such sites may call in a consultant to review the gaps in their process and recommend a simple process for vital capacity management activities. Rather than debate the intricacies of where a new process should lie within a v2 or v3 ITsM framework, such sites need to make a few key decisions to establish a baseline for control. A simple edict such as ‘no new hardware will be bought for a new project while any server is under 30 percent utilised’ could act as a major incentive to consolidate like applications on like machines. A second edict that the number of servers (including both physical and virtual) is capped at the current value could act to encourage the retirement of moribund applications. A third edict would be to ensure that projects justify the level of service requested by identifying tiers of service and associated incremental ongoing costs. However, such edicts are rare. More typical is the approach of adopting VMware as a new project requiring a major investment but one which it is hoped will initiate a move towards some control of the applications. sadly it can frequently result in a faster VM sprawl than the previous server spread, as provisioning for new applications can be done all the faster. In conclusion, the traditional disciplines within capacity management apply to virtualised solutions as to any other and should be pruned and tuned to address the key needs of the enterprise rather than totally eschewed.
Virtualisation provides an excellent vehicle to make more use of hardware by driving utilisation levels up. It offers partitioning, isolation, encapsulation and hardware independence. It provides dynamic resource scheduling (using VMotion), high availability and consolidated back-up.
VitAL
www.ukcmg.org.uk May / June 2010 : VitAL 17
VitAL MAnAGeMenT
Do you speak geek? If Spanish is the new French where does that leave Geek? Sean Glynn, vP marketing at Credant Technologies explains the latest IT security lingo.
T
He IT industry loves its acronyms, why is anyone’s guess – maybe it’s a speed thing, perhaps it’s the whole idea of writing code or overcome language barriers, I’ve even heard “it’s to do with saving bandwidth”, whatever! What I do know is it’s confusing for those on the outside to keep up when the IT crowd are in full flow – a typical discussion would be ‘what’s the difference between Sed and Fde and which is better?’ If you found you reworded the question to ‘what is’ then read on – I’m going to give you a sneak peek inside the mind of a geek. Today, every business utilises technology in some form. However, this miracle of science has a split personality – a silent evil slashing an enterprises’ artery and 18 VitAL : May / June 2010
haemorrhaging sensitive data, while the other is white knight reversing the tide and stemming the flow of bad blood generated with each data breach.
WIIDWID? so let’s begin with IT security and why it is doing what it’s doing. First is the realisation that it’s not alone in its penchant for acronyms, regulators have affection for them too, resulting in a common ground between the board room and the IT domain with compliance a significant driver to both: DpA – The Data Protection Act 1998 is a UK Act of Parliament and the main piece of legislation that governs the control and protection of personal data. pCI DSS – The Payment Card Industry Data www.vital-mag.net
vital management
Security Standard is a worldwide information security standard created to prevent credit card fraud through increased controls around data and its exposure to compromise. HIPAA – The Health Insurance Portability and Accountability Act of 1996 is a set of US federal standards that requires healthcare organisations to implement security standards that protect (and keep up to date) patient data and to standardise on electronic data interchange. SOX – The Sarbanes-Oxley Act of 2002 is a US federal law. The bill was enacted as a reaction to major corporate and accounting scandals. It covers issues such as auditor independence, corporate governance, internal control assessment and enhanced financial disclosure.
WATDIW? Okay, that’s why, so the natural progression is what are they doing it with? FIPS 140-2 – a U.S. government computer security standard used to accredit cryptographic modules. It defines four levels of security, simply named “Level 1” to “Level 4” however, it does not specify in detail what level of security is required by any particular application so it should not be considered as a guarantee that the product is secure. Common Criteria – is a framework in which users can specify their security functional and assurance requirements, vendors then implement and/or make claims about the security attributes of their products, and testing laboratories evaluate the products to determine if they actually meet the claims. As with FIPS, just because a product is Common Criteria certified, does not necessarily mean it’s completely secure. www.vital-mag.net
The Cloud – describes a new supplement, consumption and delivery model for IT services over the Internet. Keylogging – tracking the keys pressed on the keyboard in a covert manner to steal passwords, banking details, etc. Previously a piece of malware, there are now hardware instances – for example a keyboard that looks legitimate so this is a diversifying threat. DLP – data loss prevention refers to systems that identify, monitor, and protect data in use (eg, endpoint actions), data in motion (eg, network actions), and data at rest (eg, data storage) through deep content inspection, contextual security analysis of transaction and with a centralised management framework. Encryption – the conversion of data into a form that cannot be easily understood by unauthorised people. Decryption is the process of converting it back to its original form. FDE – Full Disk Encryption, does what it says on the tin, using disk encryption software to encrypt every bit of data that goes on a disk or disk volume (excepting the Master Boot Record, which most FDE solutions leave unencrypted) SED – a Self Encrypting Drive is a hard drive based on the Trusted Computing Group’s specifications, it can lock-down data automatically in less than a second and can be immediately and completely erased in milliseconds. SEDs are easily deployed and managed cost effectively and are interoperable across PC platform types. It is an emerging technology so watch this space to see if it delivers. BitLocker Drive Encryption – a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft’s Windows Vista and Windows 7 desktop operating
The IT industry loves its acronyms, why is anyone’s guess – maybe it’s a speed thing, perhaps it’s the whole idea of writing code or overcome language barriers, I’ve even heard “it’s to do with saving bandwidth”,
May / June 2010 : VitAL 19
VitAL MAnAGeMenT
systems, as well as the windows server 2008 and windows server 2008 R2 server platforms. It’s designed to protect data by providing encryption for entire volumes. U3 enabled – U3 smart Drives are regular UsB flash drives with a twist. Programs can be installed on them that launch independently of the machine it’s inserted into and the data from those programs travels on the device – leaving nothing behind. while beneficial in the fight against data leakage, it has a malicious persona – for example, if it’s preloaded with malware and plugged into a logged on PC it could inject a virus into the system that is untraceable. Black List – a list or register of items, for whatever reason, that are being denied a particular privilege, service, mobility, access or recognition. White List – similar to a black list but instead of denying, you stipulate which are accepted so it’s easier to build up from a security perspective than eliminating backwards. SAM Database – the security Accounts Manager database, used by windows (and possibly other Oss), manages user accounts. It’s implemented as a registry file that is locked for exclusive use while the Os is running. If its contents were discovered by subterfuge, the keys are encrypted with a one-way hash, making it difficult to break. some versions have a secondary key, locking the encryption to that copy of the Os. TpM – Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It includes capabilities such as remote attestation and sealed storage.
An industry ideosyncrasy
Acronyms may be confusing but are not designed to make the user sound superior, they’re just an industry idiosyncrasy, we all have them. However, the threat against data is serious and we mustn’t let language cause a misunderstanding that thwarts our efforts – after all, it’s not a necessity it’s a requirement.
Acronyms may be confusing but are not designed to make the user sound superior, they’re just an industry idiosyncrasy, we all have them. However, the threat against data is serious and we mustn’t let language cause a misunderstanding that thwarts our efforts – after all, it’s not a necessity it’s a requirement.
VITAL
www.credant.com
20 VitAL : May / June 2010
www.vital-mag.net
Transform Your Customers‘ In today’s highly connected world, Journey good customer support is just not enough; and one customer experience has the power to affect many others.
S e r v i c e va l u e M a n a g e M e n t
SM
Customer Service as a Profit Center Sm
Traditional Customer Support Profit Centers
Transform from traditional customer support to customer ser vice and from cost centers to profit centers.
Customer Service Cost Centers
At Kepner-Tregoe (KT), we take a holistic approach to creating business value by making service a direct, profound driver of revenue and profit. Service Value Management (SVM) is about transforming the customer experience. By staying engaged with you from the project start through to your value realisation, we aim to: • Maximise your customer loyalty • Increase your customer satisfaction • Decrease your support costs • Reduce your risks R A P I D R E S U L T S . L A S T I N G VA L U E .
To SEE how wE cAN IMPRoVE yoUR cUSToMERS joURNEy c A L L U S T o D Ay o N + 4 4 1 6 2 8 7 7 8 7 7 6 oR F o R M o R E I N F o R M A T I o N , V I S I T: w w w . K E P N E R - T R E G o E . c o M / S E R V I c E VA L U E /
VitAL MAnAGeMenT
A perfect storm for IT security The increasingly mobile nature of data has resulted in growing pressures on IT departments. There was a time, not too long ago, when data was secured primarily due to the physical security of the building where it was located. Now, with the ubiquitous use of laptops and handheld devices, a secure physical environment, while requisite, is no longer sufficient. Stephen Midgley, senior director at Absolute Software reports.
22 VitAL : May / June 2010
www.vital-mag.net
vital management
A
s we enter a new decade, IT departments are faced with a proverbial ‘perfect storm’ when it comes to securing data. Departments are dealing with reduced operating budgets resulting in them having to do more with less. There is a growing movement from various levels of government to regulate the security of data, such as the recent announcement by the UK Ministry of Justice that the Information Commissioner’s Office (ICO) would have the power to fine organisations up to £500,000 for serious breaches of data protection principles. The European Council has approved a data breach notification rule for Europe’s telecommunications firms. This amendment to an EU Directive will force telcos to inform customers if they lose their data. The growing enactment of regulatory legislation related to the securing of data will force the hand of corporations to establish necessary
www.vital-mag.net
processes to ensure the integrity of data. To not do so could result in them being subject to significant negative financial and reputational repercussions if a data breach were to occur. According to the Ponemon Institute, the average cost of a data breach to an organisation in the UK is £1.7 million, while in Germany it is e2.41 million. Along with reduced operating budgets and growing government legislation, the general public has become acutely aware (and concerned) about the security of their personal data as the instances of lapses in data security continue to increase. In fact, according to the ICO, the number of recorded data breaches in the UK increased by nearly 65 percent last year over the previous year. Then there is growing mobility of the workforce – from people travelling with their data to people telecommuting from their homes. According to the Ponemon Institute, over 3,500 laptops go missing every week in European airports. That’s one laptop every three minutes. While mobility creates business opportunities, it has accelerated the use of corporate owned devices outside of the traditional workplace. Especially as more and more employees work from “home offices”. The result is the creation of an information perimeter outside of the traditional enterprise perimeter.
Encryption This perfect storm therefore begs the perfect question for any IT department: How do you secure data that you cannot track? Encryption has, for some time, been the de facto standard in securing data and is one of the most important security tools in the defence of data. While it is an important part of any approach to data security, encryption alone is not enough. It does not enable IT to track the data and it does not provide any details as to what type of information was stored on the missing or stolen laptop. In fact when an encrypted laptop goes missing, all IT really knows is they have a laptop with potentially damaging information in the public domain
The growing enactment of regulatory legislation related to the securing of data will force the hand of corporations to establish necessary processes to ensure the integrity of data. To not do so could result in them being subject to significant negative financial and reputational repercussions if a data breach were to occur. According to the Ponemon Institute, the average cost of a data breach to an organisation in the UK is £1.7 million, while in Germany it is e2.41 million.
May / June 2010 : VitAL 23
vital management
with no means of retrieving the data. And, according to the latest research from the Ponemon Institute, there is no guarantee that encryption was set up properly on the device in question. Surveying non-IT business managers in the UK, it was found that 66 percent of them either wrote down their password on a private document, such as a post-it note or shared it with other individuals in case the password was forgotten. IT departments, in this mobile environment, require more than encryption to securely track manage and protect their data. What they need is a layered approach to security that enables them to track data on and off the local area network and provide them with various options to access the data in the case a laptop does go missing, instead of being left wondering if the encryption was disabled. In order to be effective, encryption requires organisations and users to take appropriate steps to make sure sensitive and confidential information is protected as much as possible
The human factor As shown in research conducted by the Ponemon Institute on The Human Factor in Laptop Encryption, a cultural divide exists between non-IT business managers and IT practitioners when it comes to security. Too often IT is being bypassed, losing control, yet they remain accountable to data security and ensuring performance, integrity, availability and compliance of that data. It was found that a high percentage of employees surveyed in business functions (referred to as business managers) were not taking such precautionary steps as using complex passwords, not sharing passwords, keeping their laptop physically safe when travelling or locking their laptops to their desks to protect sensitive and confidential data. Further, many respondents believe that encrypted solutions make it unnecessary to take other security measures. In contrast, their colleagues in IT and IT security functions (referred to as IT security practitioners) are diligent in taking all or most precautionary steps to safeguard the sensitive and confidential information on their laptops. They believe encryption is an important security tool, but believe it is critical to follow certain procedures to ensure that data is protected if a laptop is lost or stolen.
Key security findings The following are some of the most salient IT security findings from the Ponemon research: 24 VitAL : May / June 2010
IT departments, in this mobile environment, require more than encryption to securely track manage and protect their data. What they need is a layered approach to security that enables them to track data on and off the local area network and provide them with various options to access the data in the case a laptop does go missing, instead of being left wondering if the encryption was disabled. - 86 percent of IT security practitioners report that someone in their organisation has had a laptop lost or stolen and 61 percent report that it resulted in a data breach. Only 45 percent report that the organisation was able to prove the contents were encrypted. - 59 percent of business managers surveyed strongly agree and agree that encryption stops cyber criminals from stealing data on laptops versus 46 percent of IT security practitioners who strongly agree or agree. - 53 percent of business managers have disengaged their laptop’s encryption solution and 43 percent admit this is in violation of their company’s security policy. VitAL
www.absolute.com www.vital-mag.net
NetSupport Manager
‘Remote Support For Any Environment’ NetSupport Manager has been helping organisations optimise the delivery of their IT support services since 1989 and while the use of Remote Control software is now common place, unlike 20 years ago the diverse range of platforms, protocols and physical assets now in use provide PC Management and Remote Control Software solutions with the continuous challenge of being able to offer support to a variety of configurations. The success of NetSupport Manager lies in its ability to continually evolve to meet the needs of any environment. Combining comprehensive multi-platform support for Windows, Linux, MAC, Solaris, CE, Pocket PC and Windows Mobile systems with a range of PC Management tools designed to ensure that critical IT infrastructure is available when needed most, NetSupport Manager offers complete compatibility for today’s business environment. Planning for upgrades and the rollout of new technology is now even easier thanks to NetSupport Manager version 11’s restyled interface. Auto-Grouping of machines by operating system and platform provides an instant overview of your IT environment, you can even identify which laptops or desktop PCs are powered by Intel® vPro™ technology. Complete integration with Windows 7 introduces Touch Screen compatibility and enhanced Task Bar operations to NetSupport Manager’s toolkit.
Be among the first to see new NetSupport Manager v11 at the Service Desk & IT Support Show. See us at
Service Desk & IT Support Show 2010 - Stand 824 27 - 28 April 2010 - Earls Court, London
www.netsupportmanager.com
email: sales@netsupportsoftware.co.uk
telephone: 01778 382270
VitAL MAnAGeMenT
Securing the data centre data centres are some of the biggest investments in information technology that businesses make, with commissioning costs often in the tens of millions of pounds. How much of this should be spent on security and should end-users do it themselves or entrust some areas to outsourcing? Stuart Bonell, associate consultant with BroadGroup reports.
I
NFoRMATIoN ANd IT security has long suffered from being a ‘necessary evil’ for many businesses and an area that appears sometimes to have an unquenchable thirst for funding; as one threat is addressed, another layer of risk is uncovered or another threat grabs the headlines and demands attention. security and availability/resilience are the top two concerns for data centre users. we
26 VitAL : May / June 2010
found this both when asking end-users what they looked for in new data centre space and when asking service providers what were the most important decision criteria for their customers. The report also describes how a structured approach to managing security is essential. what lies behind this high ranking of security at a time when cost containment, green issues and cloud computing are also
garnering attention? One answer appears to be increasingly complex and demanding compliance requirements essential for doing business. Certainly we found that more data centres are going to market proudly displaying their certification “badges” (e.g. IsO 27001 and sAs 70 Type II). end-users also confirmed that compliance is a big factor in moving security projects from discussion to action. Compliance needs such www.vital-mag.net
vital management
We found evidence that increased awareness of security in the boardroom and among customers is putting the spotlight on security. Stories of lost customer data and prominent cases of credit card data theft have made it difficult to argue that the threats are hypothetical. as PCI for credit card processors are now not open to debate when ranked alongside other business demands. At the same time, we found evidence that increased awareness of security in the boardroom and among customers is putting the spotlight on security. Stories of lost customer data and prominent cases of credit card data theft have made it difficult to argue that the threats are hypothetical.
Bastions of security Data centres need to be bastions of security helping businesses to meet these challenges. It is perhaps no surprise then that security and availability rank highly for end-users seeking data centre space. What about organisations who choose to or must keep data centres in-house? How can they ensure that they achieve value for money from security? The flipside of boardroom attention to security can be security spending lacking in focus. In the UK, laptop encryption for example became a ‘must have’ for some companies in the wake of stories of laptop and data losses in the media. But what priority did addressing this risk have alongside other risks including those which affect the data centre (where much larger sources of valuable data reside)? Data centre security is a vast topic and the range of potential measures which can be applied when one considers physical, network, application and data security appear limitless. Any approach to implementing or improving security which does not include a way to prioritise spending in a structured and justifiable manner might be considered negligent. ISO 27001 is an international standard for information security management systems which requires a structured approach based on assessing actual risk levels. Although ISO 27001 is undoubtedly gaining traction with data centre providers and some end-users (about www.vital-mag.net
50 percent of our end user respondents are certified or currently progressing certification), many end-users still choose to assess data centre security themselves rather than seeking evidence of independent certification backed up by regular audits. ISO 27001 appears to suffer from an image problem. Some service providers and endusers told us that they wished to avoid the administrative overhead that certification would create. It is difficult to assess how many of those who claimed to be following ISO 27001like approaches without certifying were doing this effectively, but there has to be a suspicion that it is not just the overhead of certification that they are avoiding, but some of the security management costs as well. There is also another side to the argument. What is the cost of not having effective security management when investing in the data centre? Unwarranted cost can arise firstly because spending may be addressing an area which is not a significant risk for the business at that point or by addressing it too well. To take a micro-level example, British Loss Prevention Certification Board, standards classify physical security according to attack resistance at 1, 3, 5, 10 and 20 minutes. There can be a big cost difference between levels. Which does your data centre need for each door, grill and lock? This is just one micro-area of data centre security, but the point is that without assessing risk, many poor choices can be made and security may cost more than needed or worse leave important areas starved of funds. Secondly, consider an example where new detection technology is deployed on a data centre network, but then a flood of alerts overwhelms the security team. A management system calls for measurement to be put in place to ensure that security controls are effective - or put another way, delivering value for money. May / June 2010 : VitAL 27
vital management
ISO 27001 appears to suffer from an image problem. Some service providers and end-users told us that they wished to avoid the administrative overhead that certification would create. It is difficult to assess how many of those who claimed to be following ISO 27001-like approaches without certifying were doing this effectively, but there has to be a suspicion that it is not just the overhead of certification that they are avoiding, but some of the security management costs as well.
Best practice Putting ISO 27001 to one side, what are the security measures which organisations are putting in place in the data centre? In our approach we looked for best practices from industry experts (at data centre providers, end-users, consultancies and product vendors) ensuring that we considered all of the categories set out within ISO/IEC 27001 and 2. This produced a long list of measures which can appear daunting until one remembers that they are areas to consider for specific risks at an organisation rather than a shopping list. Unsurprisingly, physical security remains critical at the data centre, but while a few sectors (eg Government) may be looking at increasing protection levels for threats such as ram-raiding and bomb attack, most service providers and end-users are focused on ensuring that their operations are working as they should. Often this costs little because it is about improving procedures and enforcing them rather than buying a new security gadget. Application security (and especially web applications) is an area which has matured over several years and appeared to gain wider acceptance in 2009 with easier to acquire solutions incorporated within mainstream security vendor products. A related emerging area is data security which seeks to directly protect data where it is held and accessed 28 VitAL : May / June 2010
rather than by protecting the network or applications. A lot of industry hype in 2009 was about data loss prevention (DLP) which (simplistically) focuses on end-point/client applications to prevent certain identifiable data such as credit card numbers being transferred (eg to an email). ‘Database Activity Monitoring’ vendors now offer solutions which both seek to discover data on a company network and then to identify any access to that data regardless of source. Amongst the claimed advantages are that these solutions detect and protect data which companies did not know about and avoiding the need to fit security measures to all applications. It remains to be seen whether this approach gains favour. This is a good example where organisations should apply risk-assessment thinking to determine how best to reduce their risk level; choosing measures for the specific risk within their own organisations rather than hyped solutions (regardless of how good they sound in isolation).
Revenge of the botnets Protection against Denial of Service (DoS) attacks is an area which has proven difficult to address. Distributed (DDoS) attacks (from so called botnets) are particularly challenging for end-users to mitigate because their networks can be overloaded before attack traffic reaches a protection measure. Some service providers
are now offering anti-DDoS services which combine their much greater network capacity with detection to remove attack traffic before it reaches an end-user’s infrastructure. With botnets increasing in number and size (making attacks larger), we believe end-users will increasingly turn to such service providers and that the prevalence of such attacks (which often involve extortion attempts) is probably currently underreported. Indeed, while we believe that organisations should decide on in-house versus outsourced on a case-by-case basis, there will be a growing willingness to outsource responsibility for some aspects of data centre security. Many aspects of security can in theory be handled better on a larger scale because items like physical security, security teams and even the above-mentioned DDoS mitigation are much more cost-effective at scale. Organisations should take care that whatever choices they make they do not outsource overall security management and accountability. Effective security management is critical to ensuring that good in/outsourcing choices are made and so that service providers may be effectively managed and audited. Endusers should review security offers critically and look for evidence of independent certification and even contract liability cover as the best ways to cut through competing marketing claims. VitAL www.broad-group.com www.vital-mag.net
VitAL MAnAGeMenT
Windows 7: How should you get there? Isn’t it time you thought about migrating to Windows 7? Jim Docherty Docherty, eMeA managing director of KACe offers a roadmap to help you on your way.
W
ITH THe release of Windows 7, Microsoft has made a new operating system available for both individuals and businesses to consider. Many IT managers are already thinking about when to make the move to Windows 7 and how to make the process as painless as possible. With sales of more than 90 million licenses so far, Windows 7 has been Microsoft’s fastest selling operating system release ever. According to Dimensional Research, around 58 percent of IT professionals are looking to deploy windows 7 during 2010. This is not a small project, as a windows 7 migration involves much more than just the deployment of a new Os. There are three phases that a company will go through during their migration: preparation, migration and maintenance.
www.vital-mag.net
Doing the ground work The preparation phase for a migration first involves getting an overview of what the organisation has in place, and involves building an inventory of the PC hardware that is installed and what assets are in place. Based on this data, you can see which systems can be moved over to windows 7 easily, and those that might require hardware upgrades or replacement. Building this inventory can also help show where software licenses are not being used, or where additional IT hardware has been implemented. It also helps to reduce the cost of migration: Gartner estimated that the cost to upgrade from XP to windows 7 amounted to between £620 and £1160 in migration costs per user. This makes it essential to optimise the migration process as much as possible in
with sales of more than 90 million licenses so far, windows 7 has been Microsoft’s fastest selling operating system release ever.
May / June 2010 : VitAL 29
vital management
One of the biggest issues to overcome is that Microsoft does not support direct upgrades of Windows XP to Windows 7. A clean installation of order to trim costs. If application licenses can be rationalised or re-assigned, then this can provide some additional cost savings as part of the project. The second part of preparation is testing the new operating system with existing applications, and then establishing a process for managing user data and settings. Dimensional Research’s findings showed that this is one of the biggest issues that IT managers foresee around deploying Windows 7, with around 86 percent of respondents listing application compatibility as a concern. Some applications may not support the new OS, leading to upgrade costs or new systems being required in the future. This can therefore be a substantial additional cost to be considered. One way around these problems is to use application virtualisation: instead of a traditional install, the application can be moved into a virtual package that is separate to the OS. This has an additional benefit in that different versions of the same application can be run side-by-side, which can be useful for testing purposes. Application virtualisation can also make the job of providing applications to users easier, as the work on preparing applications can be done centrally and then users simply click on a link in order to get their service. The third activity to undertake before any migration occurs is a full backup of all the files and settings that end-users have in place. One of the biggest issues to overcome is that Microsoft does not support direct upgrades of Windows XP to Windows 7. A clean installation of Windows 7 is required in order for the migration to take place, but getting the old system settings over requires more preparation. It’s therefore essential to make sure that users retain critical files and settings during the migration process in order to minimise end-user downtime. 30 VitAL : May / June 2010
Separating these user-specific files and settings and saving them centrally means that they can be deployed alongside the new operating system. Taking this approach can help users to get up and running again quickly, as they can build up familiarity with the new OS faster. It can also reduce the risk of losing critical information during the migration process.
Making the move Once you have carried out all this preparation, the next phase is the migration itself. Deploying the OS to individual machines can take a lot of time, so automating this where possible can reduce the amount of manual work required. Windows 7 does have some free tools to help here, but when you are looking at more than a handful of machines, the value of the time saved through automated deployment can justify the cost of an automation solution. Systems management tools can help in this rollout, as well as ensuring that each installation is carried out in the same way. Once the base Windows 7 implementation is in place, the next step is to distribute the application set and user settings to machines on the network. This is also the right time to think about patches and updates in the future. Since Windows 7 has entered the market, there have been several updates that are relevant for the new OS included in Microsoft’s Patch Tuesday. Even with the newest of operating systems, getting the right patch strategy in place will help to reduce the amount of time and effort that is spent on keeping systems up to date.
Windows 7 is required in order for the migration to take place, but getting the old system settings over requires more preparation. It’s therefore essential to make sure that users retain critical files and settings during the migration process in order to minimise enduser downtime.
Now you are here, what’s next? Following this migration, you should also look at how to keep the benefits that the move over to a new OS can provide for as long as www.vital-mag.net
VitAL MAnAGeMenT
Downtime is another cost that can potentially affect organisations in the midst of a migration. The need for additional hardware to support the new operating system can also be a potential cost, especially if you have not audited your estate prior to the move. possible. For example, many organisations still do not have an official asset management policy in place. A large project such as windows 7 migration can provide the impetus to reconsider how you manage assets: if you are engaging in a full-scale move to a new Os, then a list of everything that is installed across the organisation’s PCs is vital. Once the migration is completed, keeping this going should be easy, and the ability to report on licenses and software use can provide a longterm benefit in the future. Another consideration for the future is performance, which initially can be great. However, as updates are added and the number of files builds up, the operating system and applications can start slowing down. Taking the right approach to how you manage those systems, as well as the level of control you want to exercise around the applications that users can install, are therefore important considerations for the longer term. when going through a migration, there are several potential pitfalls that should be considered. For example, training users on the new operating system interface can be a significant overhead, particularly if you don’t update the user settings based on their previous workstation environments. Factoring www.vital-mag.net
in this training cost is one choice, while using systems management tools to replicate the look and feel of the previous desktop environment is another option. Downtime is another cost that can potentially affect organisations in the midst of a migration. The need for additional hardware to support the new operating system can also be a potential cost, especially if you have not audited your estate prior to the move. However, having the right process and tools in place can negate or minimise the risk.
However, having the right process and tools in place can negate or minimise the risk.
This is the end while windows XP continues to be popular with IT professionals, it is reaching its end of life. It is therefore essential that IT managers begin planning for an effective windows 7 migration today. This means understanding what preparation is required, and what steps can be taken to keep any new implementation delivering value. Cutting down on the manual intervention required during a migration and automating the deployment, patching and software packaging can really help to ensure that the organisation gets the most benefit from its move, as well as longer-term productivity gains for IT staff and end-users. VitAL www.kace.com May / June 2010 : VitAL 31
VitAL MAnAGeMenT
ITIL: after two decades of use and abuse, what next? Brian Johnson, one of the original architects of ITIL and worldwide practice manager for CA Services, charts the history of ITIL, takes stock of its impact and asks where to next?
I
T WAS back in 1986 that the Information Technology Infrastructure Library (ITIL), a concept that has now become one of the most widely accepted approaches to IT service management (ITSM) worldwide, was started in the UK by John Stewart. It was based on the idea that spending on IT infrastructure management in government was too high and that a method to establish best practice processes for IT service management would be of benefit. The underpinning concept was that people would become ‘portable’ in the sense that everyone would manage the infrastructure in the same way and streamline processes, thereby increasing efficiency and (eventually) driving down cost.
Where ITIL all began what is ironic is that a simple concept, that is now a multi billion pound industry, was initially pitched to HM Treasury and laughed straight out the room. By 1987, with the backing from Peter skinner, another believer in the concept, ITIL was piloted across a small number of government departments as the Government IT Infrastructure Management Method (GITTIM) wholly developed by John and his team at the Central Computer and Telecommunications Agency (CCTA). CCTA was eventually absorbed by the Office of Government Commerce (OGC) in 2000. The name of the method was changed from GITIMM to ITIL, on the basis that nobody would buy anything with the word ‘government’ in the title. The ITIL approach proved to be a success throughout the initial development work with the selected government departments, for example in support of the national savings Certificate automation programme. with a team of eight, including myself and John stewart, the programme director, the 32 VitAL : May / June 2010
www.vital-mag.net
vital management
CCTA set about developing a set of books (for some curious reason we called them ‘modules’ back then) to create a compendium of good IT management practices and eventually to create an ITIL user group. The innovative Dutch were the first, and are still the biggest champions of the ITIL concept, and it was the small vendors in Holland such as the original Pink Elephant and Quint, as well as the Examination Institute of the Netherlands (EXIN) that accelerated uptake. In the UK, thanks to companies such as Ultracomp and the growth of the users group driven in those days by people such as David Wheeldon, Mick Brown, Ivor Evans, Ivor Macfarlane and others, the realisation of the potential of ITIL spread, and one of the next big projects was the Ministry of Defence, which led one of the longest ever ITIL projects.
Creating an ITIL user group One of the defining moments in the history of ITIL was the creation of the user group, the IT Service Management Forum (itSMF), originally called the IT Infrastructure Management Forum, in 1991. For a few years only the UK and Dutch groups existed and over time other countries (in particular English speaking ones) began adopting the approach. By 1995, ITIL had already been adopted in around 40 countries; however, user representation through the itSMF user group was still based solely in the UK and Holland. Gradually itSMF became the name in which all the participants worked to and ITIL the underpinning method (even though, strictly speaking, ITIL did not really cover all of the issues in IT Service Management). The increasing world-wide recognition and use meant that eventually itSMF became an international professional body - currently represented in more than 50 countries and www.vital-mag.net
with sales across another 30-40 countries worldwide. In the US it is interesting to see that some ‘Local Interest Groups’ are bigger than some countrywide groups. Once a foothold was established in North America, ITIL became a worldwide phenomenon. Globally, the itSMF now boasts over 6,000 member organisations, blue chip enterprises and public sector bodies alike, covering in excess of 40,000 individuals spread over more than 50 groups. Each group is a separate legal entity and is largely autonomous.
Version 1 In 1989 the first book in Version 1 came out. Over the next eight to nine years the books came out at irregular intervals. This period for ITIL was much more about evolution than structure and design. It was a new concept to all the IT professionals involved and the publication of the new versions and the level of coherence across them tended to reflect this. By 1997 there were in excess of 50 ITIL books. This figure is dependent on what each individual perceives as an ‘ITIL book’, for example, the books published when EXIN led the project in the late nineties are included in that figure, as well as books in the Environmental Infrastructure set and the Business and IT excellence – all labelled ITIL and in my opinion quite correctly – but others may well disagree and it all comes down to opinion. The range of concepts covered seems bewildering sometimes, for example there is an ITIL book on Managing Acoustic Noise! It was in the late nineties that John Stewart agreed that there was a need for change. The programme had developed without an overall detailed structure – Charles Darwin could have based his Theory of Evolution of the Species on ITIL. A process model was needed to help IT
In 1989 the first book in Version 1 came out. Over the next eight to nine years the books came out at irregular intervals. This period for ITIL was much more about evolution than structure and design. It was a new concept to all the IT professionals involved and the publication of the new versions and the level of coherence across them tended to reflect this.
May / June 2010 : VitAL 33
VitAL MAnAGeMenT
professionals focus on the future development of the books and in particular how they fitted together to encourage understanding and ease of use; it was agreed that the CCTA and Pink elephant would work together on a joint venture to create a coalition of interested parties that would drive a refresh of ITIL. Ironically, it was never really a ‘Version 2’, the concept was and is that the body of knowledge would be expanded where appropriate and new materials be included.
Version 2 Despite what many people thought at the time, Version 2 was much more of a refresh, than a completely new approach. Version 2 came out between 2000 and 2006, and what was meant to be five comprehensive books ended up being nine. The books aimed to illustrate how the processes were connected (or often how they should have been connected) and to compile good practice guides about how the detailed Version 1 ‘modules’ had been used. Today you can find many organisations that continue to use the Version 1 books for detailed information. what eventually became ‘Version 2’ were the books focused on service support and service delivery. The service support book, otherwise known as the ‘Blue Book’, focused on incidents, problems, changes, configuration management and release management 34 VitAL : May / June 2010
effectively, ‘joining the dots’ of the individual processes discussed in the Version 1 books. The emphasis on continual improvement was also a feature of Version 2 with each book having an Appendix to cover the use of the Deming cycle in improvement. For IT service Delivery, the ‘Red book’ focused on business capacity management, business continuity, service level management, availability management and the financial aspects of ITsM – again it aimed to ’unify’ the books from Version 1. Version 2 was intended to shift focus to service delivery, to encourage organisations to focus on the ITIL support for the provision of services and move the focus away from fire fighting incidents in service support. The reality was that the majority of organisations continued to focus on service support and inevitably the ‘Blue Book’ was the big success from Version 2. It is more than likely that the Blue and Red Book sales exceeded the combined sales of the other seven – certainly large numbers of people are unaware that a total of nine books exist in that series.
Commercial contracts and further developments Increasingly the publisher of the ITIL books The stationery Office (TsO) had more influence over the creation and content of the books. when Version 3 was in the planning stages a number
Ultimately, whatever the future holds by prioritising business requirements ahead of technical considerations, ITIL enables organizations to provide IT services that are better understood, more easily maintained and more cost-effective.
www.vital-mag.net
VitAL EyES ON
Spring cleaning your client database of commercial contracts for contributions were secured. This change in tack could account for the increased commercial interest on the more recent editions in comparison to Version 2 which was amalgamated from voluntary contributions. Version 3 was first published in 2007 with the aim to focus on IT service design. The common perception and review of Version 3 was that it was very different from Version 1 and Version 2. In fact, Version 3 was roughly seventy percent the same as 1 and 2, but had refined, condensed and restructured the content to fit five books. Over the last twenty years ITIL has transformed IT service Management and IT service Delivery. Part of this transformation was the creation of an international standard for service management, the IsO 20000 standard that was based on the British standard (Bs15000) created in the mid 1990s. IsO 20000 is commonly accepted worldwide as the standard for IT service management. Although ITIL is not a standard, it is invaluable to organisations that set out to comply with IsO 20000, as it provides the guidance for putting the processes in place to meet the standard. If it was not for ITIL, no one would have bothered to create a standard – or been able to do so. Letters of thanks should go to John stewart! In 2010, CA was awarded the IsO 20000 standard for service management – a measure of the growth of ITIL and of the need to demonstrate excellence through standards.
What next for ITIL? Looking ahead for ITIL there will soon be a new edition of Version 3 that will address the teething issues. I think the biggest space to watch is ITIL’s development in foreign markets and how quickly new versions can be translated and provided to the ever expanding communities. Questions will also be raised about automation versus people versus processes. Furthermore, it is possible that IsO could soon become even more important than ITIL and become a central part of a well run IT organisation. Ultimately, whatever the future holds by prioritising business requirements ahead of technical considerations, ITIL enables organizations to provide IT services that are better understood, more easily maintained and more cost-effective. VitAL www.vital-mag.net
With onset of warmer weather, Jonathan Westlake’s mind is turning to a spot of spring cleaning and taking a virtual feather duster to his electronic records.
W
hen it comes to having a spring clean, client databases are my favourite target with websites a close second. Since the last spring clean all sorts of ‘dirt’ will have accumulated in the database. You can employ a professional data cleansing company to do the work but this column looks at what dIY steps you can take at low cost. what do you need to do this DIy task? Obviously you need access to the database; a phone; access to the internet; and preferably access to your staff that holds intelligence about the client’s details. A rudimentary knowledge of query language (sQL) can speed up the data cleansing process but a visual check of data can also do the job. My overriding goal is to improve the detail on the database. It is well documented that firms and individuals love a personal approach and for the detail of communications to be correct, after all first impressions count. I use client databases for a variety of support applications such as email campaigns. A little bit of data maintenance time can pay dividends in my experience. so armed with a strong cup of coffee I usually plan to set about my client databases with a set of criteria in mind So, what do I look for? A general check of the data with the aid of the internet and phone: some checks are more obvious than others and I do the easy obvious ones first and this includes: Getting names right, formatted consistently; incorrect addresses; duplicate records; main contact correct; telephone numbers; invalid
email/web addresses; missing elements; incomplete email addresses; miss-spelt domains. Any yellow sticky slips/scraps of paper with addresses on can be used to update the database contents. The design of the client database table’s structure including the formatting standards and validation rules for data entry: Review the address data and consider the best layout for label or envelope printing. Identify the different salutations across the tables and decide how these should be held. I often get post with a salutation of Professor, which I am not. For businesses check for standard abbreviations such as Ltd. Review the design to include columns such as Job Title and column flags for clients who have shown no activity. Possibly archive to an old client’s table. If they have done no business with you for a year or two then consider putting in the old table. In summary try and find some time for this task. The analogy is to clearing your wardrobe of clothes you have not worn for a few years. something you may not relish doing but worth the effort. you can adopt a spring cleaning approach to other aspects of your business; for example, freshen up your website which this column will cover at a future date. Useful references regarding database cleansing: One of my local bureaus, Synectics Solutions: www.synectics-solutions.com Direct Marketing Association: www.dma.org.uk/content/home.asp Data Management Group of British Computer Society: www.dmsg.bcs.org/web VitAL May / June 2010 : VitAL 35
VitAL PROCesses
What makes good IT support training Having trained hundreds of IT support staff and managers, Noel Bruton* asserts that the ITIL ‘Foundation Course’ as it is currently designed and taught is too often the absolute opposite of what good IT staff training should be.
A
S SoMe companies adopt the theories of the Information Technology Infrastructure Librar y (ITIL), they will be committing staff from affected IT departments to so-called ‘ITIL Foundation’ courses. Routinely, this is the only non-technical training some IT staff may get. And, having trained hundreds of IT support staff and managers, I would suggest that the ITIL ‘Foundation Course’ as it is currently designed and taught is too often the absolute opposite of what good IT staff training should be.
36 VitAL : May / June 2010
In order to be licensed to use the ITIL brand, training courses must be accredited by an appointed industry body. Accreditation insists that the course focus on teaching about ITIL’s complete content, even if, as is overwhelmingly likely, your company implements only a tiny fraction of it. There is virtually no doubt that all of your attendees on an ITIL Foundation will be compelled to sit through hours of content that is irrelevant to your business, to your ITIL implementation and to the practicality of their jobs, meaning that much of your ITIL training may waste your money and your staff’s time
and even breed resentment. what is more, the content is often likely to have been written by somebody other than the trainer and so delivered from a script rather than out of genuine field expertise. whether or not you have taken or plan to take the ‘ITIL route’, every minute of training you give your staff should enable them to do their job better, enjoy it more and give more of their talents to their customers and the company. A training seminar is a unique opportunity for your people to consider not just the method but also the underlying meaning of their work. www.vital-mag.net
vital processes
It should never be wasted. It must always be good, not just perfunctory. It must be about you, not somebody else’s theories. Five key areas that for me make the difference between effective and mediocre training are ‘purpose’, ‘relevance’, ‘argument’, ‘knowledge’ and ‘emotion’.
1. Purpose of change You’re not investing time and money in the hope that things will stay the same, but because they must change. You have goals of how IT services should deliver improved customer satisfaction, faster and more reliable responses to user enquiries, fewer repeat problems, flawless implementation of new IT and so on. Your staff training should help you achieve that. When they come out of their training it should be with skills they did not have before, increased confidence in their ability and a readiness and motivation to apply all this – noticeably different to how they were when they went in. So the training too must have a purpose of change, not just of re-education. If all your people have to show for three days’ attendance is a certificate saying they can recognise sixtyfive percent of the terminology of a theoretical framework, then they have not changed themselves, but merely survived an attempt at indoctrination. There is a simple reason why people fail to change – because they are comfortable in the niche they have carved for themselves and they will not risk being dislodged from it. The training must show them how and why to change and why there is no risk to them in rising from that niche.
2. Relevant and specific Training must be relevant. It must strike at ‘now’, not merely pertain to some theoretical ‘whenever’. It must raise issues the attendees readily recognise from their everyday and provide resolutions that can be put in place the day the training ends. This is where generic training often fails, for it is relevant to nothing in particular. Generic training cynically aspires to little more than the maximisation of its own profitability by attempting to appeal to the widest possible audience. And of course, the wider the spectrum of appeal, the less the impact anywhere on that spectrum. www.vital-mag.net
ITIL’s oft repeated, foot-shooting declaration that it is ‘non-prescriptive’ is its claim that it cannot tell a company how to run its business, so it refuses to try. Instead it offers generalisations that could theoretically apply anywhere, while expecting that these will be adapted to deal with the specifics of a given business. That’s all very well for strategists and process designers – but IT support managers and staff are line operatives, frontline workers who face cold, hard, hourly realities. They don’t need generality – they need method, practice, technique, prescription. Anything less is mere background. ITIL accreditation verifies only that the course covers ITIL. It is financially impractical and technically impossible to get accreditation for a course dealing specifically with your business. Therefore your ITIL staff training cannot be both accredited and specific. Either-or, not both – a stark and serious choice.
3. Structured argument Most IT support people are diagnosticians who, as a matter of instinct, training or experience, use logic to understand a situation or solve a problem. Having seen the challenge of A, and decided upon C as a desirable outcome, they will find a route via B. They seek mechanism and take satisfaction in identifying it. To engage them, any training must respect their developed intellect. This means that soft skills cannot be taught in isolation of a good reason why and how to use them. Take the simplistic cliché “Always smile while you’re on the telephone”. The response that often gets is “Why bother? The other party can’t see you. Besides, this caller doesn’t need somebody nice, he needs a professional problem solver.” But that doesn’t understand the other dimensions at play, the negotiation techniques that make the solution easier to accept and understand; the rapport that can give the caller confidence and provide more information to aid the diagnosis. Smiling on the phone is much more than a mere, bland courtesy, although it is sadly often taught as just that – it is part of a logical perspective that can be deployed as a tool to make the exchange more successful. But its logic must be explained and understood. So it is for everything on the course – not just what, but why.
Every minute of training you give your staff should enable them to do their job better, enjoy it more and give more of their talents to their customers and the company. A training seminar is a unique opportunity for your people to consider not just the method but also the underlying meaning of their work. It should never be wasted. It must always be good, not just perfunctory. It must be about you, not somebody else’s theories.
May / June 2010 : VitAL 37
vital processes
It seems we’re stuck with this crazy choice – relevance or accreditation but not both. Fortunately, there is nothing stopping real IT support experts from creating purposebuilt, to-the-point staff training that fits with your IT support improvement strategy, 4. Knowledgeable trainer Training should be delivered with credibility and confidence by somebody who has been where his attendees came from, who knows not just what happens but what causes it and how it feels. The trainer should know the real way to solve the snags and gotchas that crop up in candidates’ real lives. Without that, sooner or later, he’ll be found out. There will be a question from the floor that isn’t in the script. He must deal with it competently and knowledgeably, giving an answer of recognisable reality. If he waffles, the wolves will pounce and have his and the course’s credibility for dinner and your money for dessert.
5. Emotionally engaging Ever attended a training course where the course leader had no personal involvement in nor enthusiasm for what he was teaching? For the duration of the training intervention, he is an appointed leader – it is his professional duty to invest himself in what he is teaching, for that very investment is part of the lesson. It is a demonstration that the same is required of the training attendee who genuinely wishes to learn from what is being imparted. 38 VitAL : May / June 2010
All the good things about work success – enjoyment, enthusiasm, satisfaction, pride, motivation, drive, thoroughness, loyalty, even professionalism itself – are emotional factors. Any trainer who fails to appeal to these, risks his training being seen as mere dry instruction. The emotional involvement of the training’s recipient is crucial. The relevance of the course and structure of the argument will deal with the mind – but to turn that into real change requires heart.
Crazy choice Because of official insistence, it seems we’re stuck with this crazy choice – relevance or accreditation but not both. Fortunately, there is nothing stopping real IT support experts from creating purpose-built, to-the-point staff training that fits with your IT support improvement strategy, whether or not you use ITIL. Go bespoke – and choose your trainer as carefully as you choose your managers. VitAL www.noelbruton.com
whether or not you use ITIL. Go bespoke – and choose your trainer as carefully as you choose your managers.
*Noel Bruton is a long established, UK-based consultant and trainer specialising in IT support management and delivery. He is the bestselling author of ‘How to Manage the IT Helpdesk’ and ‘Managing the IT Services Process’.
www.vital-mag.net
VitAL PROFILe
Chaos to value: the IT Service Management journey A new paper from Hornbill examines the initial stages of the ITSM maturity journey, starting with the ‘chaotic’ initial steps and explaining how the adoption of ITIL can provide fast benefit, setting the stage for further maturity. Patrick Bolger, CMo of Hornbill, explains.
T
He JoURNeY of service improvement can take the IT organisation from the reactive and technology-centric focus characterised by the helpdesk, to a vision of business-centred services which drive value to the ultimate benefit of the organisation. The purpose of IT service Management (ITsM) is to integrate IT strategy and the delivery of IT services with the goals of the business, with an emphasis on providing benefit to customers. The ITsM journey demands a shift in focus and culture, from managing IT within separate technology silos, to managing the end-to-end delivery of services using guidance from best practice frameworks such as the IT Infrastructure Library (ITIL).
A service lifecycle approach The current version of ITIL (v3) advocates a service lifecycle approach, starting with service strategy and moving through service Design, service Transition and service Operations, with Continual service Improvement closing the loop and feeding back into service strategy.
40 VitAL : May / June 2010
Unlike a journey, which has a final destination, the service lifecycle is more like a round-theworld trip. The traveller spends time planning the journey and embarks with excitement and trepidation, visiting destinations where the culture at first seems alien. After a period of time they settle into the culture and once familiar with the territory, they move on. As soon as they have arrived back at their starting point, they start the journey again, but on this second trip, they view the journey differently. Countries that were once alien are now familiar, so they visit the areas that have the most to offer and take in some new destinations to broaden their cultural horizons. The ITsM journey also requires planning and involves taking in new cultures. One of the greatest mistakes made by adopters is to embark on a project to ‘implement ITIL’, without fully understanding the challenges they are trying to address, or setting measurable targets that enable them to identify when their goals have been achieved. ITsM programmes are initiated with high expectations of what can be
achieved but aspirations are often tempered by common barriers to adoption, such as lack of resources (time, people and budget), cultural resistance and lack of business sponsorship. For organisations adopting ITIL as the foundation for service improvement, the full framework is unfamiliar territory and can appear overwhelming. The paper ‘Chaos to Value: the IT service Management Journey’ examines the early stages of the ITsM journey, starting with the initial steps out of a ‘chaotic’ IT environment, with due consideration given to the IT organisation’s cultural readiness to adopt any given set of processes at every stage of growth and maturity. Using lessons learned from other adopters, the paper advocates a steady progression through the phases of the ITsM journey and explains how adoption of ITIL can provide fast benefit, capture management attention and set the stage for the next leg of the journey so that momentum is maintained. Download the full white paper at: www.hornbill.com/journey
www.vital-mag.net
vital profile
Case Study ASPIRE Academy for Sports Excellence in Qatar excels in service delivery using Hornbill’s Supportworks ITSM ASPIRE Academy for Sports Excellence is located in Doha, the capital of the state of Qatar, in the heart of the Arabian Gulf. The wish of ASPIRE Academy’s founder HH Sheikh Jassim Bin Hamad Al -Thani, was to create a world-class sports and educational institution which is able to develop elite champions who are highly educated leaders. The rapid growth of the organisation was a catalyst for the service functions to invest in new help desk software, to provide a customer-focused and single, streamlined support administration and IT service management to its 480 staff and students. “As an organisation, we want to operate on a world-class level and so it was important that our back-office services can support our business objectives. Hornbill’s solution has helped us to achieve our goal to create a corporate service desk that provides a single point of contact for all staff and student support services, ” said Ahmed Sharifai, senior IT services officer at ASPIRE. ASPIRE selected Hornbill’s Supportworks ITSM software to support its goal in providing a single point of contact for any enquiry to the separate business functions. In just three years the IT department has grown from six people to over 30, all of whom now use Supportworks ITSM customer service software to manage service requests. “Increasingly we found that our processes were preventing us from accurately measuring the quality or performance of our service from our IT help desk. We were not matching customers’ needs and the lack of clear communication on tracking and monitoring services was resulting in a poor service,” explained Sharifai. “In addition, we lacked management information to support our decision making, which meant that we couldn’t support or keep pace with change that we need to in order to be a global player.”
ITIL best practice results in more efficient working Following a review of service management software solutions, the IT Team selected Hornbill’s Supportworks ITSM for its compatibility with ITIL best practice combined with the benefits to be gained from consolidating support for diverse business functions on the same service desk software platform. “We chose Hornbill’s Supportworks ITSM tech support software as it combines the business and technology focus that we required. As existing users of Supportworks helpdesk software prior to adopting ITIL, it was also a straightforward upgrade path for us,” said Sharifai Using Supportworks ITSM for Incident, Change and Problem management has enabled the IT team to improve efficiencies. The ability to monitor and report on all aspects of its service provision has resulted in faster problem resolution.
Improved efficiencies reduce operational costs “By using the single service desk software platform the IT team can handle incidents much more efficiently. Overall we have reduced our cost base as a result and we are able to report back to the business on specific performance criteria,” said Sharifai. “The business benefits have not only made us more efficient, we are more productive overall. The management reports have enabled us to become more proactive in our service delivery, which in turn has greatly improved our service. There is no doubt that Supportworks ITSM help desk software plays a significant part in our ability to meet our business objectives.”
www.vital-mag.net
May / June 2010 : VitAL 41
VitAL PROCesses
Scrap the certification scam The idea that anyone could be a ‘certified’ master of anything after spending a couple of days listening to someone in a classroom is completely absurd according to Julian Holmes, co-founder of UPMentors.
C
eRTIFICATIoN HAS recently become a dirty word in the world of software application development; fuelled in part, by the rising popularity of the Scrum Master certification (which appears to be escalating at a varied and alarming rate). While I am not disputing that the associated education undoubtedly adds value, the declaration that an individual (no matter how intelligent), could be a ‘certified’ master of anything after spending a couple of days listening to someone in a classroom, is completely absurd.
A simple commodity I believe, as many others do, that this ‘badge’ has to all intents and purposes, become a bit of a scam. surely no one in their right mind
42 VitAL : May / June 2010
would truly believe that such a certification is somehow equal to an official ‘qualification’? sure, it is a nice tag and one that is costeffective and relatively easy to obtain, but the idea that many HR professionals are citing it as a ‘must-have’ requirement in job applications/ criteria has left me quite bewildered. It is not a qualification and it doesn’t prove anything; it is a commodity and labelling the title as a ‘must-have’ has simply fuelled an industry that is focused on supplying, promoting and primarily making money from its existence. That said, I’m not suggesting that certification doesn’t have its place generally, but I believe it’s deceptive to those who are led to believe it is far more significant than it actually is. A certification scheme that insists on demonstrable experience and includes the
skills for successful project delivery would be a good step forward. But the potential issue also includes the credibility of the assessors themselves, who are they? How are they assessing and on what benchmark? That combined with more confusion caused by yet another certification scheme doesn’t really fill me with much confidence or enthusiasm. while I don’t claim to know all of the assessors for certifications of proven capability personally, I would imagine that they are highly credible, upstanding members of the community; however, not all certification schemes have the same level of maturity, and as such it will be incredibly tough for this certification type to stand apart from mediocrity.
www.vital-mag.net
vital processes
Keeping it in perspective In an era where many in the IT industry feel compelled to attach a ‘certified’ badge to their name at every opportunity, we have to ask ourselves why people feel they have a need for certification. Is it purely about differentiation in a difficult market? Is it to meet a certain criteria set out by their HR department or boss? Or, do they truly believe they won’t be considered for the job without it? Either way, people with any kind of certification would do well to keep such titles in perspective – I recently saw a job applicant with a PhD in computer science who listed his ‘Certified Scrum Master’ tag above his PhD credentials!
Consider certification claims with caution Some of this nonsensical behaviour unfortunately comes from how the recruitment process is conducted and how training budgets are spent (or wasted). All too often, and sadly for most, job applications are ranked by a certification as opposed to making the relevant checks to uncover the real experience and success demonstrated by a potential candidate. What also concerns me is that so many learning and development departments are setting targets for attendance at commodity training sessions where certification is immediately achieved – but is this really achieving anything worthwhile? I don’t believe so, but how you measure people, will ultimately determine how they behave. While I do agree with evidence-based certification where sensibly governed, I also believe that these worthier schemes will soon get lost in the haze of other less-credible ‘certification options’ if the rising popularity in commoditised training sessions is anything to go by. Until such a time as a new evidencebased certification has gained momentum and has proven with some gravitas, to be worth its weight, I believe we must continue to consider any certification ‘claims’ with extreme caution. VitAL www.upmentors.com www.vital-mag.net
I’m not suggesting that certification doesn’t have its place generally, but I believe it’s deceptive to those who are led to believe it is far more significant than it actually is. A certification scheme that insists on demonstrable experience and includes the skills for successful project delivery would be a good step forward.
May / June 2010 : VitAL 43
VitAL PROCesses
Professionalism and the importance of standards-based certification developments in technology such as cloud computing mean the certification of IT professionals is more important than ever. despite this, unless certifications are developed and standardised so they reflect real-world experience they will fail to help boost professionalism. Steve Philp, marketing director of The open Group’s ITAC and ITSC certification programmes, addresses some of the top issues surrounding IT certification today.
I
Accelerated learning experience
T CeRTIFICATIoNS promise numerous benefits, from bolstering Cvs to assisting in job retention. Although there’s debate over whether vendor-independent or vendor-specific programmes are best, there’s little doubt about the role they have to play in boosting professional standards within the IT sector. Given the pace of change and emergence of new technologies such as cloud computing there is today more than ever a need for IT professionals to be armed with not only the knowledge, but also the skills and expertise needed to drive change and improve efficiencies across the business. As a result, it’s crucial that IT certifications reflect real-world developments in order to prepare professionals for the challenges they will face in the workplace. IT executives that simply take tests after studying a book may have a wealth of knowledge but will find it difficult to achieve any real success in driving forward change at work.
The need for professionalism The european Commission (eC) recently warned of a potential 350,000-plus shortfall in IT practitioners in the region by 2015 and criticised the UK for failing to adequately promote professionalism in the industry. According to eC principal administrator André Richier, although europe has approximately four million IT practitioners, 50 percent are not IT degree qualified. 44 VitAL : May / June 2010
www.vital-mag.net
vital processes
While there’s a case to be had for ensuring IT practitioners have an appropriate education, more important is ensuring IT practitioners in the workplace are continually improving and developing their skills and capabilities – both as technical experts and as project managers. Developments in technology combined with the economic climate are having a profound impact on the day-to-day lives of IT professionals, forcing them to speak the language of business and ensure IT is closely linked to business objectives. Given such challenges it’s not surprising certification is being seen as more important than ever in the IT world. Organisations can’t afford to take risks with employees that aren’t fully prepared, and who don’t possess a certain sensibility about the business. It’s for this reason alone that MI5 recently announced it was ditching staff lacking the computing skills necessary today.
The importance of standards There are three main stakeholder groups concerned when it comes to IT certification: employers, individual IT professionals, and vendors. Bearing this in mind, what is the ultimate goal of standards-based certification? For businesses, standardised certification ensures that individuals meet the hiring criteria they require. Beyond possessing a standard base of knowledge proven by passing an exam, hiring managers are increasingly showing preference for talent whose actual skills and experience match globally accepted standards. For the individual, certification is about acquiring the skills necessary to be an attractive employee and prove it. For vendors, certification is about ensuring that their solution can be easily implemented and used by organisations to bring maximum benefit. Standards for certification need to be set not just by one technology vendor but also by the organisations that use technology to meet their business and infrastructure goals as well as independent third parties. Why? As business operations become more geographically dispersed, organisations across the world are faced with numerous IT challenges as they evolve to remain competitive, particularly in coming out of the current economic www.vital-mag.net
downturn. These pressures are, in turn, placed on IT professionals, forcing them to evolve their skills in order to remain competitive in the job market. This is why standards for certification are so important. Certifications (and hence the training) need to be relevant not just for the technology vendor but most importantly to the organisations that are hiring and the IT professionals themselves. The skills and experience IT professionals gain throughout their careers should be transferable across organisations and not just limited to one particular technology, product or skill set. In addition, one of the things we have learnt through interactions with our members is that, although technical skills are important, simply studying a book of technical specifications is not enough in the modern world. IT professionals must not only be able to show their ‘book smarts,’ but they also need to show that they have practical experience implementing those smarts ‘on the street’. Incidentally, this is also why a vendorneutral approach to certification is important; organisations and individuals need objectivity and a wider world view to effectively deliver a service to their stakeholders.
IT street smarts trump book smarts It’s crucial that IT certification programmes focus on demonstrating competence in actual engagements. Simply taking tests after studying a book does not fully prepare executives for the business challenges they’re expected to address through IT. In addition to real world experience, enterprise architects and IT specialists, for example, will of course have mastered skills specific to their disciplines. However, to be successful they also need to master skills borrowed from ‘other’ disciplines, and they need skills that allow them to work productively in a particular employer and client context. These so-called soft skills, including communication, listening, leadership and teamwork, cannot be learned in a book nor measured in an exam. The three most relevant disciplines with which enterprise architects and IT specialists share
It’s crucial that IT certifications reflect realworld developments in order to prepare professionals for the challenges they will face in the workplace. IT executives that simply take tests after studying a book may have a wealth of knowledge but will find it difficult to achieve any real success in driving forward change at work.
May / June 2010 : VitAL 45
vital processes
As enterprise cloud
skills are project and programme management, business strategy and consulting. These skills are important when you consider the pace of change within the business world and the need for IT investments to meet specific business goals. After all, without these additional skills, technical knowhow alone will not unlock the full potential of an organisation’s IT infrastructure. To draw an analogy, knowing how to build a bike (technical skills) does not mean that you can ride it, or indeed know if it is a cross-country bike or a road racer (business skills).
adoption matures, the standards and best practices being charted right now by industry
Certification and the cloud If we look at the nascent cloud category, this exemplifies many of the points made above. It is important that organisations hire IT professionals with the necessary qualifications and skills if businesses are to reap the cost saving and efficiency benefits cloud adoption promises. The big challenge with cloud right now, of course, is that the industry is still in the early stages of developing standards that address the technical as well as the business requirements for being successful in this environment. CIOs want to understand what the move to cloud computing could mean to them and what it’s going to do for them. Business leaders want to understand the business benefits and key organisational requirements for getting started. Enterprise architects need to have the technical know-how to make cloud computing a reality. However, these drivers cannot exist in isolation of each other. This means collaborating across the entire ecosystem and applying training street-smarts to ensure that cloud solutions are fit for purpose and that the IT professionals that have been trained in a manner that will allow them to deliver results. This is all the more important when you consider that what constitutes a cloud service is up for debate; it could be infrastructure or software as a service, or it could be point-of-service with advertising, or be extra processing power or secure environments for scaling up or testing. As enterprise cloud adoption matures, the standards and best practices being charted right now by industry consortia and working groups such as The Open Group and British Computer Society will be central to the effectiveness of cloud-focused certification programmes. 46 VitAL : May / June 2010
consortia and working groups such as The Open Group and British Computer Society will be central to the Towards a more professional approach to IT Certification can play a key role in improving the professionalism of the IT industry; but to have any real impact there must be standards that are relevant and useful to all the key stakeholders: IT professional, employers and technology vendors. What’s more, if certification programmes are to have any real role in advancing professionalism within the IT industry, they must show that IT professionals have real-life experience. Developments in technology such as cloud computing are forcing IT departments to speak the language of business and align their activities with an organisation’s key objectives. Those that don’t have the necessary skills and experience will struggle to keep up and risk undermining professionalism of the industry. At a time when IT has such an important role to play in driving efficiency and improving productivity no one can afford to underestimate the value of IT certifications that are based on globally accepted standards. VitAL www.opengroup.org
effectiveness of cloudfocused certification programmes.
www.vital-mag.net
advertisement
Experts in IT Skills Development Here’s the conundrum; your IT Department is planning to install some critical new IT infrastructure (i.e. hardware, software and applications) that has a significant skills impact on your IT Professionals. The skills gap has been identified so do you: • Provide the manuals and leave them to figure it out for themselves? • Send them on a 5 day training course? • Do nothing and hire the skills? • Provide them with a safe working environment to develop their skills while still supporting the organisation?
Classroom courses
Conventional classroom courses are the traditional way to ensure the effective transfer of new skills and they directly address the concerns arising from reading the manual – there are predictable outcomes, hardware and software is off-site, and best practice is deployed. However, there are cons as well: time off work is significant, it’s a high cost approach (especially if there are a number of people to
Course cancellations Expensive 5 day courses Inflexible course content Limited testing infrastructure Scheduling headaches Suppliers’ timetables Delayed ROI
Practice Labs Classroom courses On the job Do nothing
train) and the timing is not necessarily ideal.
Do nothing and hire the skills
Don’t laugh – this is a realistic alternative and is probably the approach that around half of the managers, faced with the conundrum, will take. There are two critical benefits from this approach – the solution is implemented quickly and it’s low risk. The problem is this is a high cost approach and ultimately the skills leave the organisation with either the hired contractor or service provider once the implementation is complete. This can also have an adverse effect on support services as external resources seldomly engage with them while delivering the solution.
Training Starts Training ends
9 8 7 6 5 4 3 2 1 0
and hello to...
• Low cost targeted hands on learning • Safe accessibility to new technologies • Available when you want it • Live risk free production environment • Green IT • No staff down time • Rapid ROI with full reporting
can be easily accessed from anywhere and at anytime and with no hardware, software and support costs (such as licensing and power) they are the ideal way to gain the practical experience you need on the technologies of today and tomorrow without having to invest in expensive equipment.
Training Starts Training ends
But there are a number of concerns with this approach. “easy to use” can readily be translated into “hard to use well” and there are so many technical issues where a little knowledge is a dangerous thing! But the main issue is what hardware and software will they use to “try out” their learning experience – most IT managers will want to keep experimenters as far away from the live system as possible. The other concern, of course, is that the outcome is unpredictable.
• • • • • • •
Knowledge
Training Starts Training ends
IT Professionals are a resilient lot who prefer to dive in and figure new technology out for themselves - and that can be a realistic approach for some areas of IT. After all, that infamous phrase “easy to use” applies to so many IT subjects.
Training Starts Training ends
Read the manual
Say goodbye to...
Practice-IT
Time
What is needed, therefore, is a solution that continuously develops IT skills while keeping costs in check. This is where Practice-IT can help; we provide hands on technical solutions that improve IT skills through a combination of online live labs, customised content and bespoke face to face learning support. The result being your teams’ knowledge will always continue to grow compared to delegates who simply attend traditional courses, learn on the job or do nothing. Practice-Labs are the foundations of our approach to skills development and can be employed by the user to explore new technologies, resolve operational challenges and test new concepts in a safe working environment. As the labs are online they
In conjunction with the labs, we run scheduled skill enhancement days for your team and these can be technology workshops, new project training requirements or skills improvement and development workshops. These can all be on a group or 1: 1 basis and you cherry pick bespoke content to alleviate specific pain points you are currently experiencing or anticipating.
More Information
For more information on our solution or to learn more about how theirContinuous Learning Model can enhance the skills within yourorganisation visit: www.practice-it.co.uk Tel: 0207 631 3716 email: ricky.doyle@practice-it.co.uk
VitAL PROCesses
Learning to do more with less IT has had to adapt to the changing economic climate and customer demands, focusing on what it can deliver and how to do more work with less resources and tighter budgets; Redstor Md Paul Evans reports.
W
HAT CHALLeNGeS are businesses facing in IT right now? Business is all about how to make money and save money and the recent recession has had a drastic impact on how businesses go about doing this while ensuring ongoing customer loyalty and satisfaction. economists define a recession as six consecutive months of negative growth in gross domestic product (GdP). Whatever definition you use the economic results are always the same: job losses, a decline in real income, a slowdown in industrial production and manufacturing and a slump in consumer spending. This consequently has a significant effect on where businesses, large and small, focus their efforts. Recession forces businesses to look far more closely at their business models and question assumptions about whether they are in the right business, how they attract and retain customers, how they allocate their assets to improve profitability and service and whether or not they are as efficient as they can possibly be. In tougher economic times, business managers are forced to scrutinise their organisational structure and people to see whether or not they have the right team to address the changing and emerging landscape and to see how they can carry out work more efficiently while ensuring and improving customer satisfaction. Managers need to reappraise current ways of working in order to see if there are aspects which could be carried out better by a third party organisation, whether IT can be used to enhance the customer experience more cost effectively through increasing the productivity 48 VitAL : May / June 2010
of staff. Typically this will entail identifying areas where time can be saved through better processes and automation. It is important for business managers to look carefully at where staff resources and money is potentially being wasted or lost and ask the question “can I automate these tasks to save time and money as well as maintaining good customer service?� more often than not the answer is yes. Automating repetitive and mundane tasks frees up organisations to target and align their workforce more appropriately on important, front line customer facing responsibilities and ensuring day to day business standards are maintained and consistent. This allows higher level business goals to be achieved by ensuring staff are not distracted by unimportant yet urgent tasks.
What are the challenges? not only do organisations have to cope with the obvious implications of a recession, www.vital-mag.net
VitAL PROCesses
In tougher economic times, business managers are forced to scrutinise their organisational structure and people to see whether or not they have the right team to address the changing and emerging landscape and to see how they can carry out work more efficiently while ensuring and improving customer satisfaction. they also have to cope with the inevitable reduction in government spending and also the potential cost impact of new Government legislation. One such piece of legislation is the Carbon Reduction Commitment (CRC), a new Government-backed legislative carbon emissions trading scheme that came into effect on April 1. The CRC is a mandatory climate change and energy saving scheme in the UK and its aim is to improve energy efficiency and reduce the amount of carbon dioxide emitted in the UK. This is vital to achieving the Government’s targets of reducing greenhouse gas emissions by 2050 by at least 80 percent. Organisations that use a certain amount of electricity will be obliged to participate in the scheme and monitor their emissions. They will have to buy allowances from the Government for each tonne of CO2 they emit creating a significant incentive for organisations to reduce their emissions and in turn saving money by not wasting energy.
How are businesses tackling these issues? The best organisations confront the reality of the situation they see in front of them, adapt quickly and constantly look to refine and improve their recipe. They are always looking at ways to improve, satisfy their customers and become more efficient. They realise they have to do more, better with less. Many IT departments in large organisations, such as Local Authority education Bradford, are already realising this ongoing reality and are looking to technology to assist them. education Bradford wanted to ensure its teachers and IT technicians were not distracted www.vital-mag.net
by unimportant yet urgent tasks such as sIMs sQL upgrades, security patch deployments and device management all of which can be very time consuming. The LA thought it best to employ seRCO a business services company based in north Hampshire, which holds a 10 year contract with Bradford Metropolitan Council to manage and operate the local education authority. The LA needed seRCO to completely manage and maintain over 800 devices in 180 schools. seRCO in turn realised that it would need a device management technology to help it provide efficient services and save time by automating mundane and repetitive tasks. By implementing Centrastage, a technology which provides remote device management, the LA/ seRCO created an overall efficiency gain of 20 percent by offering schools the ability to turn off PCs and optimise power settings, giving education Bradford the potential to reduce its carbon emissions by up to 223 tonnes for the first year in line with the requirements of the CRC energy efficiency scheme. The LA has been using Centrastage for over 12 months and has calculated the annual cost savings to be over £55,000 per annum. It is now able to offer new services to schools without having to take on additional staff and has calculated that over 2,500 hours of school ICT ‘downtime’ has been avoided along with support call times reduced by 4.5 minutes on average, allowing staff to use their time more effectively and focus on teaching instead of monitoring and managing school technology.
What needs to change? One of the main areas for business has to May / June 2010 : VitAL 49
VitAL PROCesses
be getting better value for money from IT. For years the IT industry has been dominated by large organisations, with well known and trusted brand names, selling expensive kit and licenses to business customers that do not need them. Only now are organisations beginning to realise the amount of money that has been wasted over the years on idle equipment and unused licenses. Customers have of course realised this and with capital budgets being cut or frozen they are now looking at ‘pay as you go/grow’ services and solutions. IT service providers need to change their culture and realise that customers are no longer interested in being sold IT software and hardware but need an On Demand service backed by a good service level agreement (sLA). This demand is fuelling the growth of software as a service (saas) and allows end users to save money by only paying for services as and when they use them. The channel needs to be responsive to this and understand that their old ways of providing bespoke and unique services for each individual need of a customer is not sustainable and profitable in the long term. They need to offer excellent, on demand repeatable and scalable services backed by a strong sLA as CIOs are being far more scrupulous about the services and results they get for their money.
IT service providers need to change their culture and realise that customers are no longer interested in being sold IT software and hardware but need an On Demand service backed by a good service level
Prepared for change The IT channel must be prepared for this change in customer demands by being more versatile. Channel partners offering siloed services will struggle to compete as the economic recovery brings aggressive competition. To stand out in this supplier saturated market IT service providers must filter out this noise on behalf of their customers and position themselves as a one stop, on demand shop for end users. The ‘value add’ is crucial in securing longevity as a service provider and it’s important to offer direct support as well as a substantial return on investment to be able to compete with larger organisations. VitAL www.redstor.com 50 VitAL : May / June 2010
agreement (sLA).
www.vital-mag.net
Properly equipped for the job? In the current climate every organisation is balancing the need to reduce risk and costs, but at the same time maintain or increase service levels. Headcount freezes are becoming the norm, but the IT organisation is still expected to deliver the same, if not better service to its customers. When most companies need additional or temporary resource the first port of call is the preferred recruitment agency, who will perform a word matching exercise in their CV database, then send you a stack of CVs. With a Pink Elephant resource you get much more than a body – you get people who: • Are cost competitive • Are highly skilled in their field and have a very high aptitude for delivering ‘Service’, not simply ‘Techies’
• Understand ITIL and IT Service Management • Will transfer their knowledge to your staff • Have the backing of the world’s leading niche player in Service Management behind them – with the ability to call on their colleagues for help and support And finally, you will be using an organisation that really understands IT Service Management and can help you to reduce risk and costs, and increase customer satisfaction.
• Understand how good process can deliver benefits to the organisation, and will look to improve at any opportunity
To speak to us about our resourcing solutions and the quality of personnel we provide;
phone us on: + 44 (0) 118 903 6824 email us at: info.europe@pinkelephant.com or visit our website: www.pinkelephant.com
Pink Elephant – Leading the way in IT Service Management Best Practices © Pink Elephant 2008. These contents are protected by copyright and cannot be reproduced in any manner. Pink Elephant and its logo, PinkVERIFY, PinkSCAN, PinkATLAS, PinkSELECT, and PinkREADY are either trademarks or registered trademarks of Pink Elephant Inc. ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.
VitAL PROCesses
Growing your own talent organisations that have the right skilled people in the right place at the right time tend to prosper. Some IT organisations are in a vicious circle: never enough time to do the job properly, never enough time to invest in skills development, never enough time to get better. Ron McLaren* says it’s time to grow your own talent.
e
-SKILLS UK – the Sector Skills Council for IT – reports that “despite the recession and a reduction in advertised vacancies, a lack of applicants for technology posts with the required skills, qualifications or experience is still a problem for many employers.” They go on to say that “110,500 new people will need to be brought in to the technology professional workforce every year until 2013.” In that sort of climate it’s important to grow your own talent! 52 VitAL : May / June 2010
Insight, innovation and professionalism should characterise the application of IT; architectures for enterprise, infrastructure and applications should provide a forward-looking platform to support business strategies. These are some of the things that crucially depend on a high level of competency. If an organisation is not in this happy state, it is unlikely to get there by stealth or by the actions of individual enthusiasts. nothing short of top-level commitment and enforcement will cause the change. However, given that commitment, www.vital-mag.net
vital processes
the organisation can build a consistent way of doing things, supported by a common language of skills, that encourages a sense of community and best practice, and that is a tool for the management of individuals and for the top-level management of skilled resources.
The Capability Management Cycle The management of individual capability can be seen as a cycle: - Human resources are acquired, either by recruitment, merger or re-organisation; - People are deployed on projects or longer term assignments; - Their performance is assessed; - Development plans are produced and carried out; - At some point in time decisions are made about reward; - The overall resource management process plans for the future, and sets and enforces policies. Integrating these processes into an effective scheme for skills management depends on the existence of a common set of definitions that represent the organisation’s common language of capability. Having a unit of capability – a competence – means having the appropriate behavioural characteristics supported by professional skills and knowledge. Experience is also needed, both to consolidate the fundamentals and as evidence that the competence is real; it can be validated by qualifications such as the CompTIA qualifications, university degrees, Chartered status, and so on. The knowledge could be of technologies, products, techniques, methods, internal systems, corporate processes, and so on. Most organisations have their established way of looking at behavioural competencies – assertiveness, business awareness, communication, etc. For a resource providing the professional skills we need look no further than the Skills Framework for the Information Age – SFIA – that has become a worldwide phenomenon. So we can prepare definitions of the competencies required (or acquired) by our people. But how will we use those definitions? Most of the stages in the cycle require detailed www.vital-mag.net
information about a person’s capabilities – either those currently possessed or those that must be developed. The traditional approach would be to put those definitions into job descriptions. Typically, organisations have a large number of different job descriptions. They can be used as sources of information when recruiting, selecting people for projects, assessing them and making their development plans. But for someone trying to plan the organisation’s overall resourcing profile over the next year or two there is just far too much detail. Fundamentally, job descriptions exist to describe the liability – the work that has to be carried out. Resource planning is about managing the asset – the skilled people who will carry out that work. What is needed is an asset register of the skilled resources. To achieve that it helps to go a step beyond job descriptions – towards professional profiles.
Professional profiles Professional profiles define a relatively small number of categories of IT Professional. It is a simple idea: we all recognise some simple terms, such as software engineer, service manager, architect, service technician, etc. Of course, the organisation probably has job descriptions with names of that sort, but we are not talking about jobs now; we are talking about people and their capabilities. We are talking about pegs, not holes. The professional profile for, say, a service manager does not describe a specific service management job. It is a simple summary of the essential capabilities of any service manager, the key words being summary and simple. This is not meant to be a list of all the things a service manager should be able to do. It is something brief that captures the essence of service management. It probably describes more than one level of service manager, either by name (service manager, senior service manager, service director etc) or number (SM/1, SM/2, SM/3 etc). The profile contains a simple statement of the raison d’être of service managers and lists the core SFIA skills, knowledge areas and behavioural competencies required at different levels. This is then a standard, commonly understood throughout the organisation. We can now have an asset register, telling us how many people
Insight, innovation and professionalism should characterise the application of IT; architectures for enterprise, infrastructure and applications should provide a forwardlooking platform to support business strategies. These are some of the things that crucially depend on a high level of competency.
May / June 2010 : VitAL 53
vital processes
The Service practice might contain service managers, service technicians and service administrators. That group becomes the repository of the organisation’s collective wisdom on how to manage services, how to develop service people and how, for example, the roles in ITIL map on to the professional profiles. we have at each level of each profile. It is in those terms that we express future needs, and plan future resources.
Communities The professional profiles effectively define communities. These could simply be informal arrangements through which people of the same professional profile share experiences and ideas about best practice and skills development. Alternatively, those groupings can be building blocks of an organisation formed of communities of practice. In such a case, one practice is likely to contain people in more than one profile. For example, the Service practice might contain service managers, service technicians and service administrators. That group becomes the repository of the organisation’s collective wisdom on how to manage services, how to develop service people and how, for example, the roles in ITIL map on to the professional profiles.
Individual Capability When recruiting people the professional profile forms the basis of the requirement, qualified by some specific needs, such as “with experience of retail finance” or “with in-depth knowledge of distributed databases”. If the recruitment agency has copies of the profiles, they can do a more accurate job of selecting candidates for interview. Internal deployment in an assignment-based system is rather like recruitment. The need is 54 VitAL : May / June 2010
expressed in terms of a professional profile with certain specific characteristics. What is not always exploited is the fact that deployment decisions are probably also the most important developmental decisions. An organisation based on communities of practice can provide the management focus that ensures the individual’s and the organisation’s need for capability development are to some extent taken into account: it’s not just a question of finding the right person for the assignment: whether it is the right job for the person is also relevant. When assessing individuals we need to have the full details: they can be compared with the professional profile. At first it is likely that the individual does not quite match all of the core requirements – developmental actions will be needed. Over time, the individual’s profile becomes a superset of the professional profile, updated after projects or assignments, and reviewed in appraisals. The appraisal reviews performance against objectives. The individual’s skills, knowledge and behavioural characteristics can then be used diagnostically to shed light on why some things were done well while others were done less well; this puts objectivity into the preparation of personal development plans. When it comes to reward, the organisation can express its pay scales for IT staff in terms of the various levels of professional profile. This can help integrate IT pay scales into a corporate pay scheme. www.vital-mag.net
VitAL DRIVE: IT HITs THe FAIRwAy
SFIA Developed and regularly updated in a collaborative effort by organisations both providing and using IT, sFIA is the world’s preferred way of looking at IT skills, used in over 100 countries. sFIA defines 86 professional IT skills across a framework of seven levels of attainment from 1 (“follow”) to 7 (“set strategy, inspire, mobilise”). each level has a full, generic definition. each skill has an overall description and a differential description at each of the levels at which the skill can be recognised. sFIA is owned and is the copyright of The sFIA Foundation, a not-forprofit organisation whose members are BCs, e skills UK, The IeT, IMIs and itsMF. www.sfia.org.uk
SFIA and CompTIA Recently The sFIA Foundation has published a mapping showing the levels of skill that might be expected in people obtaining the internationally-recognised CompTIA accreditations. www.comptia.org
The Asset A set of professional profiles, broadly-based and probably numbering less than twenty, can be the currency in which the skilled asset is counted. It is also the basis of the common language that enables effective skills management. Managing the IT workforce as an asset transforms it from mere resource into a powerhouse of wisdom and professionalism based on best practice. The tools are available. It just needs a decision. VitAL www.comptia.org *Ron McLaren is a consultant in skills and capability management, specialising in improving the management of IT skills and capabilities in large organisations. He is a contributor to the development of the Skills Framework for the Information Age (SFIA) in his work as operations manager of the SFIA Foundation.
www.vital-mag.net
Sales fatigue at the souk For PGA IT manager Geraint Lewis, the arrival of spring brings the circling salesmen, sniffing out a freshly sprouted IT budget.
T
H e M AST eRS Tour name n t traditionally marks the start of the golf season, as Spring arrives in Augusta with an explosion of colour as the blossom on the course bursts into life. This year, if anything the anticipation of this great event was even bigger, given the return to golfing action of one eldrick Woods, following his much publicised ‘fall from grace’ over the winter period. Once again, the Masters delivered great golf, a great finish and a great champion in Phil Mickelson, who but for the dominance of the game by Tiger in the last twelve years would have won many more ‘majors’ than the four that he has secured and would no doubt be lauded as the ‘Greatest Of His Time’. Certainly in the UK, the PGA club Professionals are keen to see spring arrive and are crossing their fingers for the often promised but seldom delivered BBQ summer. After wet summers and snowy winters, the PGA Pros need to see the golfing equivalent of ‘Bums on seats’ hoping that a sustained period of good weather will bring out the golfers resplendent in their new golf clothing, keen to try out their new clubs. spring in the IT world usually marks the start of the new financial year, where IT managers can look forward to deliveries of shiny new pieces of hardware, delighting in spending many happy hours configuring PCs and Laptops up for users to break and abuse in so many different ways.
what I don’t look forward to are the constant sales calls from ‘account executives’ looking to sell you the latest piece of new technology as they ‘smell’ that the IT budget has been approved and like buzzards start to circle hoping for some new business from you. The calls follow the same format, introducing the latest piece of ‘buzz’ software or hardware, looking to save you money or increase your uptime etc. It is the equivalent of walking through an Arabic market, every stallholder trying to encourage you to buy something from their stall. In the end you just get fed up of the whole experience and return to your air conditioned hotel for some peace and quiet. I prefer to work with a small number of vendors who I have built up a relationship with over a number of years, they know me, I know them, and we both (I hope) know my business so they are in a position to give me best advice when it comes to purchasing. VitAL
May / June 2010 : VitAL 55
VitAL PLAneT
The green advantage New legislation is forcing many larger companies to look more carefully at their energy usage. Yet as Murray Sherwood, managing director of green IT specialist externus explains, a well-implemented green IT strategy can help to drive cost savings as well as enhancing green credentials.
M
oST BUSINeSSeS implement a green IT plan primarily in order to save cost, with legislation also driving the requirement for change. Like any other business investment, the bottom line is that if it does not save money, the company will struggle to justify it. In the last couple of months, green IT has once again come under the spotlight because of the Carbon Reduction Commitment (CRC) legislation that came into force on 1 April. This will start to have a real effect on businesses next year because at the moment, it is still in the measurement phase. The first impact of the legislation, which will affect companies on a yearly-basis, will be the release of league tables. These will be published in April 2011 and will show how energy efficient businesses actually are. In total, an estimated 5,000 large, non-energy 56 VitAL : May / June 2010
intensive businesses will be affected including most corporations and sizeable companies. It is expected that a company’s position in the league table with respect to their competitors will become an important measure of how green a company is and could have a big impact on their reputation and brand value. Consequently, companies that end up lower in the league table will pay more and without significant action, the process is likely to add cost to many businesses’ products and services. Coupled with the rising cost of energy prices this will inevitably drive businesses to become more efficient and find ways to cut back on their energy usage to make essential cost savings.
Green IT Many of the IT directors that we have encountered are finding themselves in a www.vital-mag.net
vital planet
achieving multi-million pound cost savings on IT budgets and enhancing business reputation and brand value. We recently carried out a green IT assessment for Carnival UK, a leader in the UK cruise industry, at its corporate headquarters in Southampton. The final report revealed that the three biggest cost savers were virtualisation, the move from desktop printers to more energyefficient multi-functional devices (MFDs) and the re-use and extension of the desktops from a year to a five year cycle. Storage, cooling and airflow in the data centre were also identified as areas in which great savings could be made. Yet the change that saved the least cost - providing facilities to enable staff to work at home - actually saved the most energy, as while it obviously cut travel costs for the employees, providing the technology for home working actually cost money for the business.
Virtualisation quandary because they are being asked to contribute to green plans but are struggling to see how IT can make an impact, not realising that the effect that green IT can have can be quite considerable, particularly in terms of cutting costs by reducing energy waste and improving IT processes. Often, businesses worry about the upfront cost of green IT, in particular the manpower cost. This is a valid concern as a green IT plan is essentially a development programme of actions that staff must take. As we start to come out of recession and reengage in more projects, employees who may already have been thinned in terms of numbers are already stretched. Yet properly planned and implemented, green IT can have the combined effect of driving significant reductions in IT-related energy usage, while at the same time www.vital-mag.net
Virtualisation is one of the biggest reducers of power because it lowers the number of machines used. New servers are significantly more environmentally-friendly than older ones both in terms of manufacture and power-use because they are smaller, less power-hungry, more efficient and have software and hardware components that throttle back the power and shut down areas that are not in use. Conversely, the opposite is true for desktops which are not used so intensively. There is a lot of energy imbedded in the making of the desktop – around the energy equivalent of two years worth of usage. So when you throw away the desktop you are effectively also throwing away two years worth of energy. Extending the usage and refreshment cycle of desktops from around three years to five years through refurbishment or gradual replacement can save money on new equipment while from an environmental perspective, it also cuts back the
Properly planned and implemented, green IT can have the combined effect of driving significant reductions in IT-related energy usage, while at the same time achieving multi-million pound cost savings on IT budgets and enhancing business reputation and brand value.
May / June 2010 : VitAL 57
vital planet
amount of energy imbedded into the lifecycle of the machine.
Staying cool Cooling within the data centre is also a big issue as most IT directors are not aware of the cost involved. There is an historical mindset that old computers needed careful husbandry and a cool environment. Yet most new equipment now requires much less cooling and there are techniques that mean that you can direct the cooling far more efficiently, which can equate to as much as a 20 percent reduction in power for the business as a whole. Many IT workers also think that cooling is difficult because of the way most data centres have evolved – new equipment comes in when old equipment goes out so cooling is not considered at the outset. Yet rather than redesign the entire data centre to optimise cooling, many of the organisations that we have worked with have found that simply moving equipment around to focus the cooling can result in a dramatic reduction in energy usage. If you have a combination of new and old equipment you can simply segregate it into zones and put a divider down the middle.
A holistic process Green IT should be a holistic process and therefore one that requires commitment from all areas of the business. In our experience, convincing management about the potential benefits of green IT is therefore even more crucial than changing the mindset of IT staff. The main reason any change management programme fails is because of a lack of vision at CEO or director level. If the project is too ambitious with no ‘quick wins’ or successes in the early part, this can also leave people very disillusioned. A successful project will therefore typically have a combination of vision, quick wins and direction. The simplest measures, or ‘quick wins,’ tend to be the ones that are easy to implement and invisible to the other areas of the business. For example, if you change the way that the data centre is cooled, or move from real servers to virtualised servers, users will not know or care as these are all things that happen behind the scenes. Some of the more significant changes, however, do require the rest of the company to buy-in. For example, Multi Functional Devices (MFDs) make printing far more efficient and 58 VitAL : May / June 2010
unlike handy desktop printers, they are shared by many people and typically positioned a short walk away. This means that users must leave their desks to collect material, making it a bit more inconvenient for them to print and therefore more likely to consider what they are printing. One of our customers has seen a reduction of over 40 percent in the volume of material printed as a result. The fact that MFDs save the business money is unlikely to convince users that the new devices are a good idea. Explaining that they are much more environmentally friendly however, will usually – and validly – persuade users that these cost-saving machines are worthwhile.
Software bloat At the top end of the green plan are measures to increase the efficiency of applications and reduce ‘software bloat’. Historically, most of these systems have been designed to be in use all the time because energy has always been cheap. Now that energy has become more expensive and there is greater scrutiny of energy usage, more complicated changes such as the move to smaller, more energy efficient systems are well worthwhile and will give demonstrable returns both in terms of money and carbon reductions. Savings that have been made in this area can be re-invested into schemes that don’t actually save money but do reduce carbon such as home working, with the net result that the business has a cost-neutral green IT policy. Other companies simply want to use the exercise to drive cost savings. Once a green IT plan has been implemented, there is no reason why a business should not see a return on investment within a year, particularly on those changes that don’t involve huge capital expenditure. Some initiatives will have an early payback whereas others, such as virtualisation programmes, might take between nine months and two years to implement. It is therefore important to look at the business cases individually and design a change programme that includes a variety of elements that give an ROI within a year and balance the portfolio of other changes. During the initial five year change plan, the business should be in a position to incorporate and evolve green IT as part of existing departmental plans, taking into account new technologies and changes to the business as they happen. VitAL www.externus.co.uk
The fact that MFDs save the business money is unlikely to convince users that the new devices are a good idea. Explaining that they are much more environmentally friendly however, will usually – and validly – persuade users that these costsaving machines are worthwhile.
www.vital-mag.net
VitAL PLAneT
Virtualisation - the catalyst for green data centres Sean McCarry, UK and Ireland country manager, Novell explains how virtualisation technologies can enhance green efforts, but management is essential for real success.
T
He L AST few years have seen organisations look much more closely at their energy consumption and in particular, the largest drain on energy resources, IT infrastructure. However, the recession has impacted the speed by which organisations have sought to develop more green IT and many data centres remain the energy gluttons, wasting costly – and limited – energy resources. Adding to actual hardware costs is the increase in energy prices that has seen the cost to power data centres in western europe rise significantly, with IDC estimating the cost increasing 13 percent year on year in 2008 to reach �4.9 billion. For some low-end servers with an average three year lifespan it will cost more to power these machines than to actually acquire them. Consequently it’s clear that the data centre is a major consumer of power, not to mention a major contributor to any company’s energy bill. But the pendulum may finally be swinging back as confidence returns. Industry commentators and analysts believe that green initiatives have started coming back
www.vital-mag.net
onto the agenda because of the rise in costs for both IT and energy. As a result, CIOs and IT directors have turned their attention to the latest technologies for ways to reduce costs and build greener IT infrastructures. Attracting considerable attention is virtualisation.
A step in the right direction Virtualisation consolidates the workloads of individual servers and runs them on a single, efficient server, requiring fewer physical servers and lowering electricity and cooling requirements. Many organisations have an abundance of home-grown or legacy applications running on individual, underutilised servers. Virtualisation allows enterprises to consolidate them on less expensive commodity hardware without having to rewrite old applications. For example, sony Italia replaced 12 older physical servers with just two new ones running sUse Linux enterprise server with Xen virtualisation, reducing its costs and freeing up valuable space in the data centre. The company avoided having to buy, maintain, power and cool ten new machines May / June 2010 : VitAL 59
vital planet
– and with 64-bit virtual servers running on the highly tuned SUSE Linux Enterprise Server platform, the new two-server cluster offers all the performance Sony Italia needs. Why do many organisations have too much computing capacity in the first place? The answer is that historically IT has acquired a server for each application with a net result of creating huge server farms where each server has a utilisation rate of only about 20 percent. With virtualisation, IT can substantially increase the compute-capacity utilisation by using the same hardware to run multiple applications independently. This means that utilisation rates can rise towards 80-90 percent, allowing IT to reduce the number of servers. For example, Essent, the Dutch energy company, undertook a major data centre consolidation project, virtualising a large number of servers to reduce costs and energy consumption. As a result, Essent believes that the solution saved them about £2m for the data centre consolidation project alone.
If it sounds too good to be true... While the case for virtualisation has been made industry-wide, its benefits come hand in hand with more complex server management issues. This benefit and cost offset has inhibited the full utilisation of virtualisation. Today, each virtual machine is managed as if it were physical. In order to achieve the lower power consumption and cooling costs 60 VitAL : May / June 2010
virtualisation promises, organisations must also incorporate automated virtualisation management. Implementing virtualisation alone is like assembling an orchestra without a conductor. You can have the best violinists, trumpet players and harpists in the world, but without an experienced conductor, chaos will ensue. Similarly, with virtualisation, a single point of management keeps all systems working together and supporting the business. Ironically, while attempting to reduce physical server sprawl, organisations can inadvertently create virtual server sprawl. Doing so likely means a host of unanticipated capacity and resource allocation issues. Understanding how to manage and allocate effectively is vital to optimising the new arsenal of virtual machines. This is where automation tools come in to play. IT regularly ‘brings down’ a server for updating or servicing. While an inconvenience, workers have come to work around this procedure. With virtualisation housing a number of tasks and applications on one server, many aspects of the business are going to be affected by these downtimes. And on the off chance there is a server failure, there is a risk that a large portion of the business is completely ‘off-line’. This scenario is a nightmare from an organisation’s perspective but especially so for businesses that are prediction orientated such as manufacturers since any downtime in the supply process caused www.vital-mag.net
vital planet
by downed servers can lead to lost output, unsatisfied customers or lost sales. It would take only one of these ‘offline’ instances for executives to reverse their position on virtualisation in their data centres to avoid these disastrous situations. Automated management alleviates the heavy manual process of moving files and applications. Not only does this help avoid an ‘offline’ situation, it enables effective server maintenance without risk. And if a server, either physical or virtual, fails there is automatic, rapid deployment of services for business continuity. Organisations can plan scheduled maintenance with confidence and reduced hassle, while keeping the business running smoothly. All the while ensuring cooling and power consumption savings and reducing the impact of the data centre on the environment.
Putting it into practice Pernod Ricard Pacific, a wine and spirits company, is a great example of this in practice. The company was moving to new premises in Australia with a much small data centre and energy capacity. By migrating existing physical servers to virtual machines on SUSE Linux Enterprise with Xen, and provisioning new virtual servers instead of buying new hardware, the company eliminated or avoided buying a total of 50 servers. Instead of the projected 58kW, the company is operating all existing and new services inside the 32kW limit imposed by the new data centre and still www.vital-mag.net
has room for growth in terms of floor space, power and cooling. In addition to reducing hardware acquisition and maintenance costs, Pernod Ricard Pacific manages the physical and virtual infrastructure from a single solution which automatically provisions new environments based on the available resources. Moreover, the increased utilisation of the hardware resources means that the company can accomplish more useful work within a smaller power envelope reducing operational costs and cutting the carbon footprint. It estimates that with Xen virtualisation on SUSE Linux Enterprise Server, it is saving 625 tonnes of CO2 emissions equivalent to planting 2,250 trees. Virtualisation has been on a crusade the last few years but with the emphasis returning to both cost reduction, IT efficiency and greening of the data centre, its importance will only rise further in the coming years. While virtualisation can be a tremendous boost to an enterprise’s productivity and environmental policy, without the proper automated management tools in place, it will threaten the very benefits sought in the first place. Virtualisation’s promises of reducing sever sprawl, heating and cooling costs, and power consumption are enticing, but they cannot be attained without effective management in place. With orchestrated management tools that automate critical data centre processes, organisations can make virtualisation a central component in their green IT strategy. VitAL www.novell.com
Virtualisation has been on a crusade the last few years but with the emphasis returning to both cost reduction, IT efficiency and greening of the data centre, its importance will only rise further in the coming years.
May / June 2010 : VitAL 61
directory
Hornbill Systems
Wardown Consulting
Ares, Odyssey Business Park, West End Road, Ruislip, HA4 6QD
Prudence Place, Proctor Way, Luton, Bedfordshire. LU2 9PE
6 Rickett Street, London SW6 1RU
T: F: W: C: E:
T: W: C: E:
T: F: W: C: E:
020 8582 8282 020 8582 8288 www.hornbill.com Sales info@hornbill.com
01582 488242 01582 488343 www.wardownconsulting.co.uk Rosemary Gurney rosemary.gurney@wardownconsulting.co.uk
emereo solutions (uk) ltd
0871 717 7294 www.emereo.eu Andrew Smith marketing@emereo.eu
Emereo provides end-point security
Supportworks’ Enterprise Support Platform (ESP) provides a fully integrated platform for automating and managing Service Management related processes. Supportworks ESP is the foundation of Hornbill’s ITIL, Helpdesk, Customer, HR and Industry Support solutions. Supportworks ITSM is certified Pink Verify Enhanced.
Wardown Consulting was established to help businesses capitalise from the substantial benefits that IT Service Management can deliver. Our consultants boast a wealth of industry experience and are accredited to deliver ITIL v2 and v3 training.
InfraVision
Kepner-tregoe
NetSupport Software
Quayside House, Thames Side, Windsor, Berkshire, SL4 1QN T: +44 (0) 1753 856716 F: +44 (0) 1753 854929 W: www.kepner-tregoe.com C: Steve White E: swhite@kepner-tregoe.com
Towngate East, Market Deeping, Peterborough, PE6 8NE T: +44 (0) 1778 382270 F: +44 (0) 1778 382280 W: www.netsupportsoftware.co.uk C: Colette Reed E: colette@netsupportsoftware.co.uk
Delegate House, 30A Hart Street, Henley-on-Thames, Oxon, RG9 2AL T: F: W: C: E:
+44 (0) 1491 635340 +44 (0) 1491 579835 www.infravision.com Nigel Todd n.todd@infravision.com
InfraVision inspire organisations to move from a Break/Fix culture to a Service led culture. We enable clients to be ITIL aligned and therefore more efficient in 12 weeks with BMC SDE. Be inspired; be transformed; be a customer of InfraVision.
Kepner-Tregoe provides consulting and training services to organizations worldwide. We collaborate with clients to implement their strategies by embedding problem-solving, decision-making, and project execution methods through individual and team skill development and process improvement. Clients build competitive advantage by using our systematic processes to achieve rapid, targeted results and create lasting value.
Pink Elephant
Sunrise Software
Atlantic House, Imperial Way, Reading. RG2 0TD
50 Barwell Business Park, Leatherhead Rd
T: + 44 (0) 118 903 6824 F: + 44 (0) 118 903 6282 W: www.pinkelephant.com C: Frances Fenn E: info.emea@pinkelephant.com Acknowledged worldwide as niche, independent, IT Service Management Education and Consulting providers. Having trained more people than any other company in ITIL related subjects since 1987, we have contributed to all 3 versions of the ITIL books.
62 VitAL : May / June 2010
Chessington, Surrey. KT9 2NY T: +44 (0) 208 391 9000 F: +44 (0) 208 391 0404 W: www.sunrisesoftware.co.uk C: Angela Steel E: welcome@sunrisesoftware.co.uk Sunrise is a leading independent provider of service management software solutions for IT and across the organisation, with a customer base of over 1000 blue chip and public sector organisations.
and data loss prevention solutions to organisations wishing to protect their data and information without inhibiting their people. Our chosen solution, DriveLock, ensure IT security policies are both people- and information-centric.
NetSupport are developers of desktop management and remote control software packages. The product range comprises NetSupport Manager Remote Control, NetSupport DNA Helpdesk (providing a web-based ITIL-compliant helpdesk), NetSupport DNA Asset Management Suite and NetSupport Protect desktop security and recovery.
G2G3
Panama House, 14 The High Street, Lasswade, EH18 1ND T: F: W: C: E:
+ 44 (0) 131 461 3333 + 44 (0) 131 663 8934 www.g2g3.com David Arrowsmith info@g2g3.com
G2G3 is the leading provider of communication tools, gaming solutions and simulations that propel enterprise IT and business alignment. Headquartered in the UK, G2G3 has a strong global network of partners supporting the Americas, Europe and Asia-Pacific. www.vital-mag.net
DIReCTORy
DENNIS ADAMS ASSOCIATES
AVOCENT LANDESk
HOUSE-ON-THE-HILL SOfTWARE
Tel: +44 (0)845 055 8935 www.dennisadams.co.uk info@dennisadams.co.uk
Dukes Court, Duke Street, Woking, Surrey GU22 7AD
127 Stockport Rd, Marple, Cheshire Sk6 6Af
Dennis Adams Associates IT Management Consultants enable clients to:
T: +44 (0) 1483 744444 f: +44 (0) 1483 744401 W: www.landesk.com C: Sarah Lewis E: sarah.lewis@avocent.com Avocent delivers IT operations management solutions that reduce operating costs, simplify management and increase the availability of critical IT environments 24/7 via integrated, centralized software. This includes systems Management, security Management, Data Centre Management and IT service Management.
specialists in providing comprehensive solutions for any size business on time, in budget and carefully tailored to your needs, House-on-the-Hill produces supportDesk; the most flexible ITILcompatible service Management solution on the market. House-on-the-Hill provides comprehensive solutions for over 500 businesses worldwide.
UNIpRESS SOfTWARE
TEST MAGAZINE
●
● ●
●
●
Build high performing IT Management teams Implement effective IT strategy Create empowering IT Processes and Procedures establish Production supportable Technology Roadmaps Be visibly Accountable to the Business
CHERWELL SOfTWARE
Brinkworth House, Brinkworth, SN15 5Df
Unipress Software – London
T: + 44 (0) 1793 680280 W: www.cherwellsoftware.com/contact
2 Sheraton Street
Cherwell service Management delivers ITIL v3 best practice ‘out-of-the-box’ including: Incident, Problem, Change, CMDB, sLA, Knowledge, selfservice and is PinkVeRIFy certified. Our unique CBAT development platform empowers users to fully customise screens, workflow processes and develop additional business applications. The Cherwell solution is available via a standard license model or ‘On Demand’ saas service.
T: f: W: E:
EMC
Connaught House, portsmouth Road, Send, Surrey, GU23 7JY T: f: W: E:
+44 (0) 1483 213 200 +44 (0) 1483 213 201 www.infra.co.uk infra-info.uk@emc.com
Based on ITIL best practice, eMC’s IT service Automation & Operations solutions deliver end-to-end IT service Management, visibility and control by enabling and improving the service Desk function, servicecentric CMDB population and federation, as well as key processes.
www.vital-mag.net
Unipress Software Ltd London, W1f 8BH + 44 (0) 8450 646566 + 44 (0) 8450 636261 unipress.co.uk sales@unipress.co.uk
web Help Desk is a 100% web-based helpdesk solution which provides a low cost of ownership, ultimate portability and simple implementation. A totally cross-platform solution, web Help Desk has a diverse feature-set that will allow you to fulfil any submitted request more efficiently and effectively.
T: f: W: C: E:
+44 (0) 161 449 7057 +44 (0) 161 449 7122 www.houseonthehill.com Tim Roche info@houseonthehill.com
31 Media, Media House, 16 Rippolson Road, London SE18 1NS T: f: W: C: E:
+44 (0) 870 863 6930 +44 (0) 870 085 8837 www.31media.co.uk Grant farrell grant.farrell@31media.co.uk
The European Software Tester is a publication designed specifically for individuals and organisations aligned with software testing. with independent, practical, and insightful editorial T.e.s.T aims to inspire its readers and provide its advertisers with a clearly defined route to market.
IT SERVICE MANAGEMENT fORUM
E-WAREHOUSE
. 150 Wharfedale Road, Winnersh Triangle, Wokingham, Berkshire. RG41 5RG
e-Warehouse Ltd, Hampden House, Hampden House, Monument park, Chalgrove,Oxfordshire , OX44 7RW
T: f: W: C: E:
T: 0845 299 7539 f: 08717143802 w: www.oxygenservicedesk.com c: Victoria Eggleton e: oxygen@e-warehouse.com
0118 918 6503 0118 969 9749 www.itsmf.co.uk Ben Clacy ben.clacy@itsmf.co.uk
The itsMF is the only internationally recognised and independent organisation whose sole focus is on the on-going development and promotion of IT service Management ’best practice‘, standards and qualifications. The forum has 14,000 UK members and official itsMF chapters in 44 countries
oxygen Service desk is a process automation engine that simply interprets your pre-defined business processes and then mobilises the actual process, pushing work tasks to people and to systems, streamlining how the processes run across your entire department or organisation.
May / June 2010 : VitAL 63
seCReTs OF My sUCCess
Gareth Davies Frog This issue we ask Gareth Davies, managing director of schools learning platform solutions company Frog, to divulge the secret of his success. VitAL: name, company and job title please? Married? Kids? Gareth Davies: Gareth Davies, Managing Director, Frog. Married with two kids, Alex aged six and evie aged three. VitAL: what got you started in IT? GD: I borrowed a friend’s sinclair spectrum when I was 11. My dad bought me a BBC Micro for Christmas – after tinkering with it for a while I realised that I could make it do anything I wanted. I wrote my first stock control system at 12, started developing games from home at 16 for two companies and left school at 16 knowing what I wanted to do. VitAL: was there any one person or organisation that was your inspiration? GD: no, not really, I look at steve Jobs nowadays, but no-one back then. VitAL: what was your first IT job and what was your first major IT triumph? GD: My first IT job was on a yTs (youth Training scheme) in a mechanical / electrical engineering company where I was employed to help out in any way I could. I ended up developing a planning / spreadsheet system for them to do all their job scheduling on. My first triumph was probably the development of a complete eRP system from scratch for a group of textile companies. VitAL: Did you ever make any embarrassing mistakes? what did you learn from them? GD: Too complicated to explain here, but I once forced an element of the textile system in because it was ‘technically right’ without thinking about human beings. I learned over that period that technology was all about people and not computers, which has served me extremely well
64 VitAL : May / June 2010
since then – an embarrassing mistake that has shaped my career! VitAL: what do you like best about your job? GD: The freedom to create whatever we want and the ability to make a difference – we are genuinely improving the quality of education in the UK and that’s more fulfilling than you can imagine. VitAL: what is your biggest ambition? GD: To create an internationally trusted brand in Frog – we make a difference locally, no reason why we can’t do it abroad too! VitAL: what are your hobbies or interests? GD: I love cars, keeping fit, reading (personal development stuff mainly), and of course the kids. VitAL: what is the secret of your success? GD: Understanding that people like to have fun – all the time – everyone! This influences the way our business runs, the way we write our software, the way we market ourselves, and the way we work with our customers. Frog is as much a family as it is a business. It’s a very big family nowadays, but a family nonetheless. I guess also never giving up – building a business is really difficult, especially in the very early stages when both business and personal money is tight – giving up never entered my head, it just wasn’t an option. My personal experience of building a business is that it’s about building as much value as possible into what you do and then surviving long enough for the market to learn about what you’re doing.
“My personal experience of building a business is that it’s about building as much value as possible into what you do and then surviving long enough for the market to learn about what you’re doing.”
VitAL: Gareth Davies, thank you very much. www.frogtrade.com
www.vital-mag.net
vital A New Era ONLINE
Print Digital Online
For exclusive news, features, opinion, comment, directory, digital archive and much more visit
www.vital-mag.net
www.31media.co.uk
vital focus groups Helping you overcome obstacles
●
2011
One Day Event ● 120 Decision Makers ● 15 Thought Leading Debate Sessions Peer-to-Peer Networking
●
Exhibition
●
Cutting Edge Content
For more information Contact Grant Farrell on +44 (0) 203 056 4598 Email: registration@vitalfocusgroups.com Email: info@vitalfocusgroups.com Website: www.vitalfocusgroups.com
An event organised by 31 Media publishers of VitAL Magazine