vital Inspiration for the modern business Volume 3 : Issue 1 : September / October 2009
Mission Impossible Is top security possible in the cloud?
The quest for quality Quality of experience & service management
Reducing your carbon footprint and your costs Trewin Restorick shows you how to achieve greener IT Feature focus: RELEASING BUSINESS VALUE – MULTI-LAYER INTEGRATION. 36-39
leader
Happy Birthday to us... Leader V
ital has been in business a full two years now and to mark this auspicious occasion the keen-eyed amongst you will no doubt notice we have undergone something of a makeover. I sincerely hope you approve of and enjoy our sharp new livery and ‘mast head’, it represents our desire to keep at the cutting edge of all things technological. I was extremely pleased to get Trewin Restorick’s byline in the magazine this issue (see cover story, page 10). I heard Trewin speaking at an event he chaired in the House of Commons back in the summer (see news story page 6) called A Shared Vision for Smarter Services. Principally aimed at the public sector, the initiative aims to get organisations to reduce their carbon footprints through a number of methods, including sharing resources and through the application of advanced IT technology and practices. It was encouraging stuff, especially as there was a pragmatic focus on the financial benefits of carbon footprint reduction, but all made slightly surreal in the grand surroundings of the Members’ Dining Room at the House Of Commons. TV screens in all corners scrolled details of the votes coming up, the debates and committees, while every so often the endearingly ‘Heath Robinson’ Division Bell would clatter away, calling MPs and Lords to various votes. Andrew Miller MP – the minister hosting the event – would look up every so often during his speech, especially when the bell rang, to check whether he needed to be in the Commons for a vote. And speaking of Mr Miller, the minister proved himself to be impressively knowledgeable on and sympathetic to the IT topics covered in the presentations, going so far as to look ahead at how virtual and cloud technologies could reduce emissions and costs in the future. Of course any government which found itself stuck in the financial hole that the present administration is in today that wasn’t exploring every ‘painless’ cost reduction avenue, no matter how ‘blue sky’, would really need to have a serious word with itself! Away from the gothic glamour of the Houses of Parliament, we have a brand new columnist to introduce this issue. Jonanthan Westlake of Staffordshire University takes up the challenge of writing regular contributions this month and by way of an introduction he has subjected himself to the Star Chamber that is the Secret of My Success on page 64. Welcome aboard Jonathan. Until next issue...
Service management training in particular, becomes vitally
important in tough economic times
because it will be
those operations that
can adapt quickest to
changing circumstances that will be strong enough to survive,
Matt Bailey
and even thrive, under the present economic
If you have any thoughts, feedback, or suggestions on how we can improve VitAL Magazine, please feel free to email me matthew.bailey@31media.co.uk
climate.
September / October 2009 : VitAL 1
Subscribe to the most VitAL source of information
News, Views, Strategy, Management, Case Studies and Opinion Pieces
vital Inspiration for the modern business
www.vital-mag.net If you have not already subscribed then visit www.vital-mag.net to download a subscription form which you can fax to +44 (0) 870 085 8837 or post to: 31 Crawley Business Centre, Stephenson Way, Crawley, Westplease Sussex, 1TN. 31 Media will keep you up to dateMedia, with our own products and offers including VitAL Magazine. If you do not wish to receive this information write to RH10 the Circulation Manager at the address given. Please tick here â– if you do not wish to receive relevant business information from other carefully selected companies.
contents
vital Inspiration for the modern business
vital Inspiration for the modern business Volume 3 : Issue 1 : September / October 2009
Mission Impossible
Contents 6 News The VitAL Cover Story
10 Reducing your carbon footprint and your costs Trewin Restorick, chief executive of independent environmental charity Global Action Plan shows you how to achieve greener IT through control of energy costs.
Is top security possible in the cloud?
The quest for quality Quality of experience & service management
Reducing your carbon footprint and your costs Trewin Restorick shows you how to achieve greener IT Feature focus: RELEASING BUSINESS VALUE – MULTI-LAYER INTEGRATION. 36-39
Editor Matthew Bailey matthew.bailey@31media.co.uk Tel: +44 (0)1293 934464 To advertise contact: Grant Farrell grant.farrell@31media.co.uk Tel: +44 (0)1293 934461
VitAL Signs – Life in a world with IT
13 How to kill a business Steve White Steve is contemplating the mortality of businesses through IT neglect.
VitAL management
14 Security: Not just a sprint to the line Paul judd Security effectiveness is critical, but performance cannot be diminished and bolt-on solutions aren’t the answer.
Production & Design Toni Barrington toni.barrington@31media.co.uk Dean Cook dean.cook@31media.co.uk Editorial & Advertising Enquiries 31 Media, Crawley Business Centre, Stephenson Way, Crawley, West Sussex, RH10 1TN Tel: +44 (0) 870 863 6930 Fax: +44 (0) 870 085 8837 Email: info@31media.co.uk Web: www.vital-mag.net Printed by Pensord, Tram Road, Pontllanfraith, Blackwood. NP12 2YA © 2009 31 Media Limited. All rights reserved. VitAL Magazine is edited, designed, and published by 31 Media Limited. No part of VitAL Magazine may be reproduced, transmitted, stored electronically, distributed, or copied, in whole or part without the prior written consent of the publisher. A reprint service is available. Opinions expressed in this journal do not necessarily reflect those of the editor or VitAL Magazine or its publisher, 31 Media Limited. ISSN 1755-6465 Published by:
16 Security compliance is not enough; it’s all about the ongoing audit Mike Vinten It’s highly dangerous to neglect continuous security auditing even when you think you have achieved compliance.
18 Easing migration to the cloud ian pugh Cloud computing may seem to offer the chance to do more with less, but the route is not necessarily straightforward and key challenges need to be addressed before applications are migrated to the cloud.
22 Setting the standard Richard Thompson The majority of those responsible for security in UK businesses are not aware of the contents of information security standards BS 7799 and ISO 27000. What are the consequences of this ignorance and how can information security accreditation drive broader business benefits?
VitAL Magazine, Proud to be the UKCMG’s Official Publication ITIL® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office.
Subscribing to VitAL Magazine VitAL Magazine is published six times per year for directors, department heads, and managers who are looking to improve the impact that IT implementation has on their customers and business. Subscription Rates: UK £30.00 per year, Rest of the World £60.00 per year Please direct all subscription enquiries to: subscriptions@31media.co.uk
COntents
Contents VitAL drive – it hits the driveway
24 Mission impossible? Mike Krausz The cloud offers many benefits, but is it worth the effort from a security point of view? Security expert Mike Krausz asks is security in the cloud mission impossible?
28 Investing in knowledge Aiden Lawes The credit crunch is the ideal opportunity to refresh and extend the skills of the workforce. But in previous downturns, training budgets were often slashed. Here’s hoping this time around enterprises are show a bit more foresight.
47 Attention to detail Geraint Lewis It’s a good time to take stock in the golfing world and Geraint Lewis is having a crazy time, while keeping his eye on the ball and his attention on the detail.
VitAL processes
48 There’s no such thing as unified communications Darren Boyce Ask for a definition of unified communications and you’ll get a different answer every time. Why? Because in reality, there is no such thing.
VitAL eyes on
31 Taking a process view Jonathan Westlake In his first regular column for VitAL, Jonathan Westlake highlights the review and selection of business process modelling tools.
VitAL management
52 The quest for quality
32 People development: Optional extra or vital component? Natalie Benjamin Making the case for people development in hard times can seem like a thankless task, but the credit crunch should be framed as a perfect opportunity to invigorate leadership and transform employees into high performers.
VitAL processes
36 Free your business with multi-layer integration Peter Durrant Most businesses realise that successful service management integration is a vital business component, but lacking a holistic and cohesive multi-layered integration strategy, many don’t fulfil their potential.
Peter Suba Quality of experience is increasingly the focus of IT service managers’ conversations. High time for an overview of what QoE is then; its applications and its relationships with IT service management.
VitAL events
56 Optimising IT services for business success As every organisation in the UK, not to mention every developed economy in the world faces economic downturn, service management and the tangible benefits it can bring move into focus. In order to survive we need to adopt, adapt and improve to face up to the challenges. One thing that is certain is that service management is vital to survival.
VitAL planet
58 Sustainability in IT: more than just being green Lubos Parobek A truly sustainable model for IT in the future looks at all the processes in place as well as the technology, and at how to make the business work more effectively.
40 Let’s bring innovation back to IT Lisa Hammond To get the IT department back to its rightful place at the beating heart of the business the emphasis needs to be switched firmly back on to innovation!
44 The rise of the data centre Barry Lewington Explaining the growing importance of the data centre and the implications this has for service management as a whole.
64 Secret of my success An introduction to VitAL’s newest columnist. Taking a break from academic duties at Staffordshire University, senior lecturer Jonanthan Westlake tells us what the secret is. September / October 2009 : VitAL 5
news
Cloud computing and shared services the way forward for public sector ICT “A Green ICT stimulus is essential in helping deliver the urgently required step-change needed to help government hit legally-binding carbon targets,” Trewin Restorick.
I
ndependent environmental charity Global Action Plan is leading a consortium of diverse and influential organisations calling on Central Government for a £1 billion IT stimulus package that it says will lead to smarter, higher quality public services. The initiative, ‘A shared vision for smarter services’ was launched in Parliament this summer, it aims to square the circle of saving the taxpayer money while also affecting significant legally-binding carbon reductions by making smart investments in ICT throughout the public sector.
“A Green ICT stimulus is essential in helping deliver the urgently required stepchange needed to help government hit legallybinding carbon targets,” comments Trewin Restorick, chief executive of Global Action Plan (author of this month’s cover story, see page 10). According to Global Action Plan, cleverly designed stimulus packages for smart local investments can address the immediate economic difficulties and move the UK towards an 80 percent reduction in carbon emissions following the timetable set by the Carbon Committee; at the same time it could also deliver a return on investment for Government; saving the taxpayer in the long term and improving the services received today. Rapid innovation in technology along with the development of smarter deployment strategies - such as virtualisation, shared service environments and cloud computing – means significant service improvements, financial savings and reductions in carbon emissions can be realised. However, according to Global Action Plan, as local authorities face tightening budgets, the economic and environmental efficiencies and service improvements possible through
this work could come to an abrupt end without Central Government action. If local service delivery agencies are to meet targets for increased service demand, environmental improvements and cost efficiencies, investment in upgrading and enhancing technologies is now urgent. The £1 billion fund is required for IT projects that collectively deliver financial efficiency, carbon reduction, and public service improvement or expansion. It should also stimulate public bodies to think differently and creatively including looking at opportunities for collaboration and shared services. Public sector industry body, Socitm (Society of Information Technology Management) has also announced its full support, senior vice president of Socitm, Steve Palmer, comments: “The opportunities that can be created by a positive Government response to initiatives are significant. All of us, whether public or private sector-based, are working to do more and more for less. In the local public sector that is particularly prevalent given the need to move as much resource as possible to the frontline at a time when the pressures on demand-led services are growing to unprecedented levels.”
Twitter hack caused by lack of security N
ews that Twitter has been hacked yet again comes as no surprise, given the fact that many IT staff and managers are being pushed into adopting cloud computing services on a fast track basis, according to Origin Storage. “Our observations suggest that a number of companies and their staff are being forced down the cloud computing route and are having to adapt their IT security systems on the fly,” explains Andy Cordial, Origin Storage’s managing director. “We have had concerns about this rate of change in the business sector for some time and, with all the data breaches occurring on the cloud front, it’s obvious that the chickens are now coming home to roost,” he added.
6 VitAL : September / October 2009
According to Cordial, this latest Twitter hack appears to be the result of the password of a company co-founder being guessable on the GoogleApps service which then allowed the hacker access to his personal information including details of his wife’s computer. It is, he explained, a common problem in IT departments, but one that can be solved by applying a sizeable slice of common sense and adding a selection of encryption technologies plus policies to the mix. “Adding encryption to a company’s data storage – whether in the cloud or not, will ensure that data at rest, as well as on the move, is protected from prying eyes,” says Cordial. “And if a secure password best practice is applied on top of corporate encryption policies, the resultant multiple layers of defence can help prevent human error causing a faux pas like the latest Twitter hack. If Twitter had had this strategy operating at all levels of its hierarchy, rather than apparently going for user growth at any cost, it wouldn’t be in the embarrassing situation it is now,” he added.
news
Businesses maintain focus on IT migration
A
ccording to an independent survey, organisations are continuing with their IT migration projects despite the current economic climate. With server, storage and virtualisation migrations representing an already significant investment, companies are looking for ways to reduce the overall amount of time that they spend on migrating systems, as well as preventing downtime during moves. Of the survey’s 158 respondents, 46 percent have at least one migration project to be completed during 2009. Migrations are classed as including physical server refreshes, storage migrations or implementations of virtualisation. Of those that are migrating their systems, physical server replacements were the most common projects to be undertaken, with 37 percent of companies carrying them out. Virtualisation projects
were the next most common (26 percent of migrations), followed by virtual and physical server migrations together (11 percent) and storage migrations (10 percent). Only eight percent of respondents were carrying out a full data centre migration including physical server, storage and virtualisation roll-outs. iSCSI storage is also proving to be of interest to organisations that are looking to reduce their spending on IT: more than half of respondents (51 percent) were either evaluating the technology or planning to implement iSCSI storage this year, while 19 percent had already implemented. The remaining 30 percent stated that they would not be considering iSCSI. However, most respondents were not aware of how iSCSI and booting from SAN could potentially reduce their IT costs, particularly around desktop support – only 21 percent of respondents had considered the technology.
What’s driving IT change?
A
ccording to an internal poll of its customers, technology group SCC has identified two main drivers behind the changing IT market. Businesses are increasingly turning to hosted applications in an attempt to access affordable and best of breed technologies; simultaneously, they need to maintain or reduce current capital expenditure levels. “While the economic downturn is putting tremendous pressure on IT departments to reduce operating costs, company boards still want the latest technologies delivering improved performance and efficiencies throughout the business – leaving the CTOs struggling between a rock and a hard place,” says Nick Martin, general manager of Solution Architecture at SCC. “As a consequence, we have seen a sharp rise in demand for hosted applications, cloud computing solutions and technology as a service (TaaS), these are widely considered an opportunity to remove the barriers to affordable access. With up-front capital expenditure no longer necessary and the hassle and risk of management taken away - particularly where ageing legacy systems present complex environments – companies are increasingly seeking such risk-free alternatives to expensive inhouse systems.”
“The problems that organisations are facing around IT migrations are due to cost and downtime, even though new technologies such as virtualisation can provide substantial efficiencies and savings. These moves have to be essential to the success of the business in order to be carried out, but the impact on end-user productivity can be considerable without the right planning and support in place,” said Ian Masters, sales and marketing director UK and Ireland, with the survey’s author, Double-Take Software. “There is also a significant cost when moves have to be performed outside work hours through paid overtime or employees giving up their free time. Organisations are looking for more effective tools to support their migration projects, as well as providing better value back to the business when it comes to protecting assets.”
Why the workplace wastage?
N
ew r ese a rch h a s revealed that despite good intentions at home, the vast majority of Britain’s employees confess to wasting energy at work. When asked about the difference in attitude, almost nine out of ten (87 percent) employees confessed to prioritising saving energy at home over the office. The study of over 3,000 professionals, which was commissioned by EDF Energy, uncovered a shocking disparity when it comes to cutting carbon emissions. While more than three quarters of people (77 percent) make a concerted effort to reduce energy consumption in the home, more than half (55 percent) admit to not making any effort at work. Among the top offences encountered were: failing to turn off the air conditioning (81 percent); forgetting to turn off the photocopier (76 percent); leaving lights (70 percent) and computers (84 percent) on in meeting rooms; and not shutting down printers (64 percent). The research found that four out of ten respondents believe the key reason for failing to save energy at work was forgetfulness, while
for one in five felt the process was futile as they don’t believe their actions make a difference. Despite these credit-crunched times, 18 percent of those surveyed were not concerned about saving money for their employers. Julie Allen, energy efficiency manager at EDF Energy Major Business comments: “The research shows that while most people really do want to save energy, and they can manage it when at home, work tends to get in the way during the day. It’s a real shame, because taking small steps can make a real difference. For example, turning off lights seems like such a small thing to do, yet it’s important to remember that lighting represents 20-40 percentof a company’s electricity bill.”
September / October 2009 : VitAL 7
news
Recession motivates itSMF recognises ISEB’s new IT service executives to improve management standard decision-making
S
ervice management iorganisation the itSMF has announced that it now recognises the ISEB’s new ITSM standard. After conducting a full review of ISEB’s Foundation Syllabus, Keith Aldis, itSMF chief executive commented, “We fully support this and will promote it as we would promote our own.” The itSMF confirmed that this is a collective arrangement rather than competitive and that in order to enable successful ISO/IEC 20000 roll-out, it aims to partner with other Examination Institutes. The Foundation Certificate in ISO/IEC 20000 is aimed at staff in internal and external service provider organisations who require knowledge and understanding of the ISO/IEC 20000 standard and its content. This supports the itSMF scheme which is for individuals who need to advise, guide and manage an ISO/IEC 20000 programme or conduct audits, specific courses are also run by the itSMF for consultants and auditors. The Foundation Certification provides a good base for delegates preparing for these more advance courses however it is not a pre-requisite.
Further information: www.bcs.org/qualifications www.itsmf.co.uk/isoiec20000
E
xecutives faced with the challenges of navigating the recession say that economic uncertainty puts a premium on good decision-making. A survey of 229 senior executives worldwide by the Economist Intelligence Unit highlights how recessions tend to expose organisational weaknesses that might have remained undetected in more settled times. But they also open up entirely new opportunities, as competitors scale back and customers seek value. By gathering the right information, systematically analysing it and routing it to the appropriate level of authority, organisations can make quick and informed decisions to rectify flaws and seize opportunities, concludes the study. “In previous recessions, companies that re-positioned
themselves were able to shine when the recovery came,” said Dan Armstrong, the editor of the study. “Companies with a clear and solid long-term plan can use a downturn to secure an unassailable market position, at a time when their competitors are struggling to survive.” Overall, the survey suggested that recessions exacerbate the tension that all businesses experience in trying to achieve a balance between short-term business needs and long-term development and expansion. A significant majority of businesses respond to a more challenging environment by focusing on costs, customers and survival. Four in ten regard the recession as an opportunity to invest in product development and get ahead of their competitors.
Security by compliance is no longer working
T
he internationals a s s o c i a t i o n f o r IT governance professionals I S A C A’ s I n t e r n a t i o n a l Conference in Los Angeles has called for a sweeping change in how enterprises deal with information security. “Security by compliance is no longer working,” said John Pironti, who is president of IP Architects and an ISACA volunteer. “The number and impact of security breaches have dramatically increased in the last couple of years, even though companies were in compliance with standards like PCI, GLBA, FFIEC, FISMA and others.” If organisations continue to focus on security by compliance, he argues, the adversaries will continue to win as their attacks become more effective and more damaging. “Compliance can be a good
starting point for securing information infrastructure and data if an organization has not put anything in place previously, but it cannot be the end point of the conversation. We need to change the fundamental approach to the way enterprises deal with information protection. We need to stop thinking about information security and start thinking about information risk management.” Explaining the difference between the two, Pironti said, “Information security sets the tone for organisations that forces them to put measures in place that may actually end up preventing the business from being successful. Risk management gives the organisation the power to make the security decisions that align with its business requirements and then implement appropriate controls.”
8 VitAL : September / October 2009
cover story
Reducing your carbon footprint and your costs
10 VitAL : September / October 2009
IT departments cannot control the price of energy, but the amount of energy that is used can be managed and reduced. Trewin Restorick, chief executive of independent environmental charity Global Action Plan shows you how to achieve greener IT.
cover story
W
ith the economy shrinking more rapidly than most analysts had predicted the ‘green shoots’ of recovery are proving hard to find. For IT managers this means budgets remain tight and the need to become more efficient stays high on the agenda. In 2008, wholesale energy prices increased by over 60 percent from the previous year and many businesses saw their energy bills increase significantly, with some more than doubling. ICT uses a great deal of energy and it is rising fast. ICT equipment accounts for ten percent of the UK’s electricity consumption. Non-domestic energy consumption from ICT equipment rose by 70 percent from 2000 – 2006 and is forecast to grow a further 40 percent by 2020. Data centres account for about a quarter of the ICT sector’s emissions. ICT departments cannot easily control the price of energy, but the amount of energy that is used can be managed and reduced.
Carbon Reduction Commitment Alongside economic pressures, over 5,000 organisations in the UK will be hit by the new Carbon Reduction Commitment. This new Commitment, designed to help the Government hit legally-binding carbon targets, will be introduced in April 2010. It will force private and public sector organisations with electricity bills over £500,000 to measure their carbon footprints. They will then have to pay £12 per tonne for the carbon they produce from their direct emissions excluding travel and their results will be used to place them in a league table. If they are high in the table they will not only get their initial investment back they will also be financially rewarded. If they are low in the table they will be penalised. These dual financial and environmental pressures provide compelling reasons for ICT departments to consider their carbon footprints. However, according to research carried out by Global Action Plan, it appears that a large majority of ICT departments are not responsible for, or even aware of, the amount of energy that their departments currently consume and therefore the associated CO2 emissions. The research found that: • 86 percent of ICT professionals do not know the carbon footprint of their activities; • Only 15 percent are planning to calculate this; • A further 38 percent would like to but do not know how to; • Although ICT is a significant consumer of energy, more than half of the ICT departments surveyed do not see their organisation’s energy bills.
However, there are real savings to be made and quick wins to be had. • 30 percent of the overall energy consumed by PCs is wasted by being left on when not in use; • 1,000 PCs running 24/7 cost around £70,000 in electricity over a year; • A third of employees in the UK do not switch off their PCs when they leave the office at the end of the day, costing the UK £123 million a year in electricity; • If all UK businesses shut down their computers when not in use, it would contribute ten percent of the Government’s Climate Change Levy target and 40 percent of the energy efficiency targets set by the Carbon Trust. There are also significant inefficiencies in terms of servers and data retention: • 60 percent of ICT departments are using less than half their available server storage space; • Only one ICT department in five has a good working policy on data retention. Cutting out these energy inefficiencies will also reduce carbon emissions. Many IT managers have not made this connection because they feel mystified by the concept of measuring their carbon footprint. This process is, in fact, fairly easy and with three steps an organisation can quantify their carbon emissions from ICT and establish a baseline measurement. Step 1 – Establish a measurement team. Creating a team to measure the carbon footprint is important. Asking each team member to carry out the measurement activity relevant to their responsibilities is key to obtaining correct measurements and sparking sustainable thinking. Step 2 – Define a measurement timeline. It sounds basic, but putting a timeline in
If all UK businesses shut down their computers when not in use, it would contribute ten percent of the Government’s Climate Change Levy target and 40 percent of the energy efficiency targets set by the Carbon Trust.
September / October 2009 : VitAL 11
cover story
Although there is much work to be done to reduce the ICT industries contribution to global carbon emissions which is equivalent to that of the aviation industry, ICT departments can make real and effective changes to their own practices and usage. place will ensure that this activity, which may not be viewed as business critical, is completed in a timely fashion. Step 3 – Undertake and collate measurement activities.
What to measure Take an inventory of all equipment. This should include desktops and the end-user environment, all telecommunications and networking equipment and data centres including cooling and lighting. The inventory should include total numbers, the make, model, specification and capacity (where appropriate) for each equipment type. For some equipment it may not be practical or cost effective to measure actual energy consumption, in which case a theoretical measurement can be used. Ensure that the source of the data is documented for future reference, for example supplier or equipment specification information. Use of theoretical data should be kept to a minimum to improve overall accuracy. When the detailed inventory is complete, the next stage is to measure the energy consumption for each equipment type while in its various states – for example in use, standby and off.
How to measure Using the inventory, initiate a data collection exercise to capture the required consumption data. Source any necessary energy meters. There are many types of devices available, select the most appropriate type of energy meter / monitoring tools for your organisation according to organisation size, your budget and type of ICT equipment. 12 VitAL : September / October 2009
Involve facilities personnel who should be able to provide information on the organisation’s total energy consumption and may have breakdowns by site, floor, department etc. Measure the rate of electricity consumption of equipment in its various modes of operation and calculate how long those types of equipment are in each operational mode during a year. Using this information you can calculate the amount of electricity that will be consumed in a year. When the total electricity consumption has been established, the CO2 it is responsible for can be calculated by multiplying kWh by 0.537 (this multiplying factor is the 08/09 figure and it will change each year, please check the Defra guidelines for subsequent years) to give kg of CO2 per kWh of energy.
Prioritising, planning and implementation Once measurement has taken place and a baseline established, the next steps are prioritising, planning and implementation. This should factor in the time and resources required for implementation of each project, the potential benefits and any existing or future regulations that will need to be met. Recommended Approach: 1. M easure the energy usage of all ICT assets and the associated facilities such as the data centre or machine room; 2. I dentify the quick wins for your department; 3. Assess the value of longer term projects for your department; 4. Develop a Green ICT Strategic Plan. At the end of each project or phase of projects it’s recommended that the energy, carbon and cost savings achieved so far are measured. By
reporting financial savings made to date and projected savings, it is easier to obtain backing and secure budget for further initiatives to green the ICT in your organisation.
Solutions for the desktop end user environment Behaviour change through user education and automation both have roles to play. Some ideas for reducing the end user carbon footprint: • Enabling operating system power management features setting these as default; • Turning off users’ desktops, laptops, screens, chargers and other single user devices when not in use, preferably at the socket. There are power management programs which can monitor and implement this on a companywide level; • Installing timer switches and sensors for multi user devices such as printers, faxes and lighting; • Modifying users email behaviour. Large attachments make up a majority of email storage requirements, and consequently network bandwidth at peak times; • Educating users on using printing resources appropriately. Most printers should be set to use recycled paper and duplex as default. Company-wide print monitoring and management programs can assist in this.
Solutions for the data centre Data centres are responsible for up to a quarter of ICT emissions. There are large cost savings to be had in reducing their energy consumption and vendors are leading the charge in this respect. Some ways in which ICT departments have reduced their data
vitAL signs — life in the world with it cover story centre carbon footprints include: Auditing server usage: This can identify areas where consolidation would save resources and utilise current equipment most efficiently. Virtualisation: This allows resources to be apportioned specific to application usage as opposed to the limitations of individual devices’ hardware configuration. Cloud computing both internally and from external providers: This leverages the efficiencies of shared resources while better tailoring costs to actual usage. Centralising storage (eg NAS) and moving unused data to external media (eg tapes): This will reduce the amount of underutilised storage, a general data audit and clean up can also be helpful in this area. Cooling: This takes up an enormous amount of the data centre’s total energy bill. Rationalising the amount of equipment, proper design and not overcooling can reduce this.
Conclusion Although there is much work to be done to reduce the ICT industries contribution to global carbon emissions which is equivalent to that of the aviation industry, ICT departments can make real and effective changes to their own practices and usage. ICT departments also hold the key to assisting the whole organisation to reduce their total emissions through the implementation of ICT solutions. There is huge potential for ICT to become the pivotal piece in the sustainability jigsaw of every organisation, large or small. ICT staff already have the skills and knowledge and given the opportunity, will be able to cut costs, improve operational efficiency and ensure your organisation’s sustainability strategy is a success. VitAL For the full report see the Green ICT Handbook at www.greenict.org.uk www.globalactionplan.org.uk
Trewin Restorick is the CEO of independent environmental charity Global Action Plan, which he founded in 1993. The charity runs programmes to reduce carbon emissions, energy consumption and waste with businesses, schools, community organisations and households. Restorick is the chair of the Environmental IT Leadership Team (EILT); a trustee for Sustainability and Environmental Education; and cochaired Defra’s Compact Group. He has been trained as one of Al Gore’s UK Climate Change Ambassadors and is a frequent media commentator on environmental issues.
How to kill a business This month Steve White contemplates the mortality of businesses through IT neglect.
H
ow do you kill a business? I’m talking about killing a really big one, in the top 100. It’s not happened yet, but I think it is only a matter of time and it will make the death of Woolworths look insignificant. The sample size I have for generating my recipe for corporation suicide is tiny, and my number of data points is statistically insignificant, but every bell curve has two thin ends, and I’m poking about in the extreme corners to discover the formula. Not implementing an ITIL-like process and function structure and having some daily chaos is a great place to start. I certainly wouldn’t have a service catalogue, they are such a good idea. 70 percent of outages come from a poorly implemented change – so make sure the change process is chaotic – allow your developers access to the production systems. Run one central database for manufacturing, logistics, invoicing, stock location and distribution – take that central processing out for long enough and the heart stops beating. There needs to be huge complexity to this core function, it is best if no one really understands how the system works. To test, get the group with an overall view of the system to draw a block diagram of how it all works. If they don’t agree, if there are some areas that are not fully understood, that’s an indicator of danger because when a business-interrupting problem happens this disagreement can add days to business restoration. Have such complexity that the databases on which changes are tested are not identical to the production environment. When I mean identical – I mean really identical – database running on the same kind of hardware, firmware at exactly the same levels, the same volume of transactions being undertaken, the data the same. This is impossible. At the logical level, the live database must be transactions ahead of the test database, so
even if the live database is replicated in the test database every day it’s 24 hours old, and 24 hours smaller. The live database will not have the same patches or settings of the live database – that’s the point of it – that it is running the N+1 configuration. Physically the hardware is not identical – the live system has its own molecules. The bigger the company the bigger the database. Hosting the production system is costly enough, but as the production system gets bigger the test systems become an overhead that the business begins to underfund. All it takes is a few entirely unrelated changes and missed processes to allow something to disrupt the main database and then you need some time to elapse before the problem is noticed. A slow time to discovery is a critical factor for suicide. Let the poison spread unnoticed inside your database for a few weeks, enough time that a good system restoration is unthinkable. If the database collapses soon after a change that’s easy to solve, just roll back to a known good state. Once the poison has taken hold, it’s critical that sufficient time has elapsed so that you can’t back out to a known good state – the cost of doing so would be ruinous. You cannot reload the data from new as the business could not afford to begin to gather this legacy data and you cannot continue as the data in your system is unreliable. The only possible way back is a technical assault from the people that wrote the system – you then rely on them to create a technical solution to restore your core business functions. This takes time – mustering and aligning the work of perhaps forty or more people from different companies to technically solve the problem will take more time. If this takes longer than your business can survive without its core system, you have died and your own IT killed your company. VitAL
Service management training in particular, becomes vitally
important in tough economic times
because it will be
those operations that
can adapt quickest to
changing circumstances that will be strong
enough to survive,
and even thrive, under the present economic climate.
September // October October 2009 2009 :: VitAL VitAL 13 13 September
vital management
Security: Not just a sprint to the line Security effectiveness is critical, but performance cannot be diminished. Paul Judd, regional director for Fortinet explains why bolt-on solutions won’t champion any security objective.
I
f only everything was a simple as sprint racing. Point A to point B, as fast as you can, stay in lane, don’t jump the gun. It’s an uncomplicated business for sprinters, but if you introduce hurdles or, heaven forbid, a bend, you’ve got trouble. They don’t even breathe during a 100m dash, because of the performance trade-off. They might not know it but the Usain Bolts of this world accurately represent what’s wrong with many network security strategies. The world has moved on from single point product solutions that have to concentrate on one thing at a time. IP traffic is as latency-sensitive as ever, but now it must traverse an assault course of network security obstacles. Security isn’t as easy as a 100m dash; it’s more like a track and field tournament.
Picking a winner Picking out future winners in the security arena just a few years ago, you’d have made some impressive returns putting your money on the newly-coined security phenomenon of Unified Threat Management. UTM has since grown exponentially across all sectors (notably the high-end market at least as much as SME) to become a multi-billion dollar market within a very short space of time. 14 VitAL : September / October 2009
vital management
They might not know it but the Usain Bolts of this world accurately represent what’s wrong with many network security strategies. The world has moved on from single point product solutions that have to concentrate on one thing at a time. IP traffic is as latencysensitive as ever, but now it must traverse an assault course of network security obstacles. Security isn’t as easy as a 100m dash; it’s more like a track and field tournament.
During the same period, we’ve also experienced an explosion in virtualization and other technologies supporting the consolidation of hardware and processes into less places and smaller footprints. The rises of UTM, and that of virtualization, share the same origins. Ever increasing traffic loads on converged enterprise and telco networks are making multi-gigabit the way to go; critical IP data like telephony, video and web communications are causing network managers to be more latency sensitive than ever. In the largest networks, convoluted ‘pointproduct’ security architectures create too much performance impingement. It makes perfect sense that with so much demand toward loading multiple security capabilities into the same place (ie UTM, or integrated network security), advantage is taken of virtualization to make those places fewer still.
Where does this leave ‘athletic’ security systems? Straight out of the blocks, you’ve got to look at the security architectures as a team rather than an individual. In a point product set-up, those team members are separated onto their own exclusive appliance – or server-based hardware. With integrated network security, the team members are united into a single unit. The latter approach boasts efficiency gains for easier management, smaller power and space drains etc which are highly compelling – but what about performance? What about security effectiveness? The maturity of commercially available network security technologies tells us that the individual ‘team members’ of any given solution are going to be broadly equal in stature. The
difference between the best and the worse comparable AV systems, spam filters and firewalls is narrower than it has ever been. If any team is going to perform, teamwork is essential. Ask Real Madrid how much success their mega-expensive squad of ‘Galacticos’ has won them, and you get the picture. The most successful teams grow up together, learn together and can communicate extremely effectively. Communication underpins teamwork, which is why relay races typically result in calamity, and why market-leading products rarely interoperate. Running an alignment of point products creates obstacles to teamwork, but many integrated network security approaches also fall foul of this problem.
Security performance degradation At the technical level, the transit of IP traffic going into one end of any network gateway security infrastructure and out the other side is going to involve a degree of packet disassembly and reassembly. This is one of the core principles of security performance degradation. Going through the same practice of disassembly/reassembly to check for a different security problem each time, results in lots of redundant processing. In other words, lots of wasted throughput capacity and lots of wasted time. Doesn’t an integrated network security approach suffer from this? Well, not all examples of it. As well as repeatedly queuing for packet assembly/disassembly, IP traffic typically has to deal with security functions based upon multiple, disparate source codes. Herein lies the interoperability question. Again, most
‘cobbled together’ UTM approaches suffer from this as much as point architectures do. The result is greater latency, greater risk of security ineffectiveness and complete confusion about the root of the problem should any failures arise. The shortcomings don’t end there either. Any security system is only as good as the threat intelligence that constantly updates it. A given UTM vendor might do its own AV research, but contract out for web content filtering or IPS. Where does that leave you? Is that good teamwork?
Uniform architecture approach True UTM is derived from a uniform architecture approach, in which each security function has been developed on the same source code, and can optimise security performance by eliminating redundant traffic processing. How? Through the use of specialised hardware based on ASIC technology to accelerate the security inspection process. The development and application of specialised hardware security-specific ASIC processors to accelerate UTM has demolished institutionalised thinking around this security approach. Those harbouring lingering concerns about the applicability of integrated network security within their highspeed, real-time critical networks should only have cause to worry if they follow the wrong kind of approach. Security effectiveness of course is critical, but performance cannot be diminished. Avoid compromise, put your money where your mouth is, you can’t pause for breath in this game. Only teamwork wins success. VitAL www.fortinet.com September / October 2009 : VitAL 15
vital management
Security compliance is not enough; it’s all about the ongoing audit If continuous auditing is ignored it will lead to a multitude of sins. Mike Vinten, chief executive of Thesaurus, explains.
I
T security is rarely out of the press because our data is a precious resource. Because of this exposure, most companies now invest in the appropriate solutions to protect IT systems from security threats, but they need to realise that this is only half the battle. Due to the ever-changing field of security, continuous auditing is the best way to ensure that whatever IT security solution is in place sufficiently protects an organisation’s
16 VitAL : September / October 2009
employees and systems. For many organisations, this means additional resource and may not be high on the corporate agenda. However, if ignored, it can easily escalate to significant business and legal difficulties.
The crisis IT policies and regulations govern all organisations in the UK. For example, Sarbanes-Oxley (SOX) is particularly
vital management
applicable in accountancy environments and BASEL II in the financial industry. The threat of significant penalties has seen companies of all sizes invest in IT security products in an effort to ensure compliance with these regulations. However, the changing nature of IT security threats means what is compliant one day, might not be the next. To ensure that systems remain compliant and secure, regular IT audits are imperative. Currently, no regulations are in place to standardise IT security audit practice and so it is up to each individual company to take the initiative to maintain regulatory compliance. An initial rigorous check once a security solution is implemented is great, but not enough to continually meet industry compliance requirements or keep comprehensively up to date as regulations change. Businesses may not be security compliant because: • Audits aren’t conducted on an ongoing basis – businesses may have a tick-box attitude towards compliance that says ‘once is enough’; • The continuous auditing process requires more resource and therefore increases costs; • They aren’t aware of the latest industry security regulations or how to deal with them. Businesses in all sectors need to realise that investing time and money in IT security can quickly be proven outdated due to the changing nature of security threats. Even if the initial audits have proven compliance, companies are still open to potential attacks on an ongoing basis, leading to possible penalties for non-compliance or neglect of duties.
Why audit continually? Organisations may not be fully aware of the security levels for every single element of their IT system. New threats to IT appear on a frequent basis; therefore, any security system needs to adapt constantly and review its perimeters. Auditing provides visibility and raises awareness of every potential security threat and regular auditing identifies where problem areas exist and where investment should be made. A good example is employees using memory sticks. These are usually encrypted, however are rarely checked on a regular basis. Companies know they should be regularly checking these devices, but is this really happening? The cost-effectiveness of repeated security audits far outweighs any incurred expense and associated damages
of a security incident. Many businesses do not survive a security threat, either through the additional cost to repair the systems or from reputation damage. The security audit assesses current policy compliance; recommends solutions to any deficiencies; and ensures up to date downloads to deal with the latest threats. The audit should be a living document accurately reflecting how the organisation protects IT assets on a daily basis and evolving with the organisation as its infrastructure changes. Each audit should continuously build on previous audit efforts to help refine policy and correct deficiencies that are discovered through the audit process. Compliance issues can vary depending on in what industry an organisation operates, however, at a base level, an audit process should: • Identify unauthorised software, reduce liability and ensure that a business is licensed appropriately; • Locate security threats, such as hacking tools and spyware, to reduce exposure to viruses; • Ensure data is protected.
What to look for when choosing an audit service There are many auditing services available and it is essential to find a service that provides an enterprise-wide review, covering every element of an IT estate. The audit service should point out exactly what responsibilities an organisation has to address in order to remain compliant with their industry’s regulations and security needs. An audit service should perform thorough penetration testing of an entire IT system and report the audit trail to show where deficiencies and potential threats lie. The audit provides recommendations on how to improve any weakness in IT security. If upgrades or new installations are required, an effective auditing service will ensure these happen in a way that remains secure and, above all, manageable for the organisation. Regular auditing makes sure that any recommendations to maintain regulatory compliance are implemented correctly from the outset and continually work with the solution that is in place. This also means no hefty bills to overhaul and bring a company’s system up to speed with the latest security requirements as an ongoing auditing service is a controllable cost. Organisations should never feel their security door is left open. VitAL www.i-tcs.com
The threat of significant penalties has seen companies of all sizes invest in IT security products in an effort to ensure compliance with these regulations. However, the changing nature of IT security threats means what is compliant one day, might not be the next. To ensure that systems remain compliant and secure, regular IT audits are imperative.
September / October 2009 : VitAL 17
vital management
Easing migration to the cloud The route to cloud computing may seem paved with gold, offering the chance to do more with less. Despite this, the route is not necessarily straightforward and key challenges need to be addressed before applications are migrated to the cloud. Ian Pugh, UK sales director for Novell Data Centre explains more.
T
he benefits of virtualisation and cloud computing such as reducing costs and increasing the effective utilisation of IT resources are widely touted. This is particularly so at the moment given the pressures IT teams face as budgets continue to be slashed. According to recent thinking from IDC, IT spending cut backs caused by the economic downturn will accelerate the adoption of transformative technologies. Cloud computing is a perfect example of the type of transformative
18 VitAL : September / October 2009
technology IDC has been talking about. The technology involves businesses migrating applications traditionally run on infrastructure owned by an enterprise and instead running them on external infrastructure.
The rise of cloud computing This may sound straightforward enough but there’s plenty of debate over what cloud computing means. According to Gartner, cloud computing is a style of computing in which massively scalable IT-related capabilities
are provided “as a service” using internet technologies to multiple external customers. While not everyone agrees with this definition, there’s no disguising the fact that cloud technology is now top of the agenda for decision makers within organisations large and small. This is largely thanks to the efforts of the likes of Google and Amazon that have made the technology a talking point for endusers, not just those in IT. But it’s also because of the cost-saving potential the technology promises. These cost savings are highly
vital management
attractive to those in the process of starting up their own business as it means they can avoid the typical IT infrastructure costs and instead use “IT as a service” and access resources when required. The cost saving opportunity is also there for larger organisations to grab although there’s still some way to go before larger businesses fully embrace the technology. Aside from security concerns organisations face other challenges regarding what they do with their existing applications and how they move them to a virtual environment in the smoothest way possible. For small businesses this may not be a particularly big concern. Larger businesses that run hundreds of applications within a mixed IT environment, however, may find the challenge more daunting. Before going into the technicalities of addressing such a challenge it’s important to appreciate the huge shift that cloud computing brings with it, particularly when it comes to the role of IT.
A new role for IT Perhaps the most interesting way in which cloud computing impacts IT is the role the IT function plays within organisations. With cloud computing, IT can be delivered as a service – consumed by employees or teams as and when they need it. This is having a knock-on effect on the data centre and IT managers which are undergoing an evolution to become more service driven. Employees within organisations are more demanding as they know they can now access computing power and applications on-demand. IT teams need to respond to this by ensuring the service they deliver can adapt to their particular needs. This means they need to be able to efficiently move workloads across various architectures so resources can be used effectively without it having an impact on users’ abilities to access the data they need. For example, employees need to access the information they need without worrying about problems such as downtime. Downtime, even for a matter of minutes, can have a significant impact on competitive advantage – especially in industries such as financial services. Visibility into virtualised infrastructure, improving utilisation of IT resources and, crucially, keeping costs down are also important considerations that need to be addressed.
Ensuring availability Cloud computing architecture is designed to be available 24/7 so users can access the applications and data they need when they want it. Despite this, one of the biggest concerns organisations have is availability or
the potential for downtime. All organisations use applications that are critical to the day-today operations and productivity of staff. These may include customer ordering solutions or business intelligence applications. When these run on an organisation’s own IT infrastructure, it’s the responsibility of the IT team to fix any problems if for some reason they become unavailable. When these applications are hosted using external infrastructure the IT function has less control so it’s no wonder they have concerns. These concerns are heightened as some cloud computing providers have failed to offer sufficient service level agreements to guarantee uptime. This means enterprises cannot be sure of the service they will receive and therefore are apprehensive about relying on the cloud for mission-critical tasks. In addition to this, some organisations have become concerned about the availability of applications in recent months following the high profile incidents of downtime suffered by popular cloud platforms such as Google and Twitter. If established and large cloud providers such as Google can suffer from downtime it’s hardly surprising businesses are reluctant to host their business-critical applications beyond the corporate network. To address these issues, organisations should invest in technology that protects both physical and virtual server workloads. This technology means that in the event of a production server outage or disaster, workloads can be transferred to a recovery environment and continue to run as normal until the existing environment is stable.
With cloud computing, IT can be delivered as a service – consumed by employees or teams as and when they need it. This is having a knockon effect on the data centre and IT managers which are undergoing an evolution to become more service driven.
Increasing visibility As well as protecting against such incidents, organisations will enjoy a far smoother transition to cloud if they can increase visibility into what’s taking place within their virtualised environments. This is highly important since the use of virtualisation and cloud technologies introduces the problem of ‘blind spots’. Put simply, when virtualising the data centre and applications it’s easy to lose sight of where data sits and the extent to which you are enjoying good utilisation rates. Key, therefore, are tools that provide insight into the virtualised environment and show how the infrastructure is used. Without continuous insight into a virtualised environment, it is challenging for IT managers to maintain application performance and troubleshoot delivery issues that may arise.
Improving utilisation This visibility also means organisations can look at ways to increase utilisation of their virtualised environments. Traditionally IT teams have tracked blanket availability. While improvement September / October 2009 : VitAL 19
vital management
in this is positive it does not mean much when it comes to senior business decision makers. All they are interested in is revenue growth and making sure IT infrastructure is being used at 100 percent so the business does not lose revenue by spending on IT resource that is not being used. This means IT teams need to be tracking service availability. This can only be achieved by using sophisticated reporting tools. These tools give IT managers an understanding of how many virtual machines are deployed, who owns them and how they use available resources. With increased visibility, enterprises can maintain the added responsiveness and agility that virtualisation and cloud computing can deliver.
Keeping costs down Finally, although cloud computing and virtualisation are all about saving costs, it’s worth noting that hosting all applications in the cloud may not necessarily be the best way to cut costs. In many cases, organisations have already spent significant time building an internal IT infrastructure – abandoning this and hosting all applications externally could actually prove to be more costly. As a result, what most organisations are doing is establishing ‘private clouds’. 20 VitAL : September / October 2009
These allow companies to pool IT power across multiple locations and provide it ‘on tap’ to those in the company that need it most. Once a ‘private cloud’ has been set up, enterprises can use public or external cloud services for extra support when they need it. Adopting this approach means enterprises are getting the most out of what they already have first before looking to the cloud. This does, however, require management tools to ensure when businesses move applications from a physical to virtual environment, they have complete control over their applications.
Paving a smooth road to cloud adoption Cloud computing and virtualisation offer huge benefits in terms of doing more with less. However, challenges including ensuring availability, increasing visibility, improving utilisation of IT resources and keeping costs down still stand in the way of large scale adoption. These, however, can be overcome if organisations invest in solutions to keep their dynamic environments under control and allow them to provide the flexibility needed. By using these tools enterprises can smooth the road to cloud computing adoption in coming months. VitAL www.novell.com
Some cloud computing providers have failed to offer sufficient service level agreements to guarantee uptime. This means enterprises cannot be sure of the service they will receive and therefore are apprehensive about relying on the cloud for mission-critical tasks.
vital management
Setting the standard A recent government survey found that the majority of those responsible for security in UK businesses are not aware of the contents of information security standards BS 7799 and ISO 27000. Richard Thompson, managing director, Pitney Bowes Management Services, assesses the consequences of this finding and underlines how information security accreditation can drive broader business benefits.
I
nformation is critical to the operation and perhaps even the survival of organisations. While a growing number of businesses are working towards information security accreditation, there is still considerable scope for improvement as far as awareness and adoption of standards is concerned. The Information Security Breaches Survey is conducted every two years on behalf of the Department for Business, Enterprise and Regulatory Reform and the most
22 VitAL : September / October 2009
recent findings reveal that information security best practice amongst UK plc is far from widespread. In fact, 79 percent of those responsible for security in UK businesses are not aware of the contents of information security standards BS 7799 and ISO 2700. Of course, there is some irony in referencing figures from the UK Government which, itself, has hardly been a paragon of responsibility and excellence regarding matters of information integrity.
vital management
However, the figures should not be overlooked, revealing a disturbing lack of strategic planning and information security insight.
International standard In simple terms, ISO 27001 is the only auditable international standard that defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls. ISO27001 accreditation acknowledges that an organisation has developed and implemented a comprehensive information security policy, ensuring confidentiality, integrity and accessibility of all corporate and customer information. Information is a significant asset to any business and needs to be securely identified and managed. This is becoming ever more important with increasing regulation and the drive towards greater operational transparency. ISO 27001 is suitable for any organisation, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors, helping to encourage more business. ISO 277001 is also highly effective for outsourcing organisations that manage information on behalf of others. Customers can be assured that their information is being robustly protected – again, a vital consideration in developing existing customer relationships and in winning the trust of prospects.
The benefits of standardisation Aside from these advantages there are many common benefits to ISO 27001 standardisation – benefits which play across the broader business environment. These can be summarised as follows: Interoperability: A general benefit of standardisation, the idea is that systems from
diverse parties are more likely to fit together if they follow a common roadmap. Due diligence: Compliance with, or certification against, an international standard can be a useful management tool with which to demonstrate due diligence. Assurance: Senior management can be assured of the quality of a system, business unit, or other entity, if a recognised framework or approach is followed. Bench marking: Organisations often use a standard as a measure of their status within their peer community. It can be used as a bench mark for current standing and progress. Awareness: Implementation of a standard such as ISO 27001 can often result in broader security awareness throughout an organisation. Alignment: Because implementation of ISO 27001 tends to involve both business management and technical staff, greater IT and Business alignment often results.
The need for greater security Certification to ISO 27001 can help organisations manage and protect their business critical information assets and can convey the necessary confidence to any interested parties, especially customers. Not only this, the implementation of standards can reveal hitherto hidden inefficiencies and can help to drive general best-practice processes. Recent high-profile media coverage of data-loss scandals has raised the general level of awareness about the need for greater security around information. There is a demand for businesses in both the B2B and B2C sector to implement rigorous processes. Those failing to do so run the risk of alienating today’s demanding, compliance-savvy consumer and business audiences. VitAL www.pitneybowes.co.uk
While a growing number of businesses are working towards information security accreditation, there is still considerable scope for improvement as far as awareness and adoption of standards is concerned.
September / October 2009 : VitAL 23
vital management
Mission impossible? The cloud – infinite worlds of processing power and data storage well beyond the current frontiers of our universe. But is it worth it? Is there a point to it, especially from the security point of view? Security expert Mike Krausz asks is security in the cloud mission impossible?
W
hat is the cloud? Firstly, it is the logical continuation of a development towards highly distributed services, which began with the stand-alone PC not being connected at all – over to networked PCs that could basically share files and processing power in a limited way – up to Windows DFS, which allows entire file systems to be distributed across a LAN or even WAN if enough wire speed is available. The cloud is a culmination point of that development allowing a service – broken up into its processes – to run in a distributed way on a cluster of hardware. This poses new challenges in regard to everything that security is made of; but let’s discuss these in detail and separately.
The three pillars of security When talking about security one should always bear in mind that it consists of (at least) three ‘pillars’: availability, integrity and confidentiality. More pillars might be necessary depending on the business model of the company looked at, eg an online business provider such as Amazon or EBay will need to add non-repudiation (ie making sure that transaction cannot be denied after they have taken place by either party). 24 VitAL : September / October 2009
Availability Availability is the least thing to worry about in the cloud, it’s basically a given. It can be defined as: ‘A resource is available to a legitimate user when the users requests access.’ Availability summarises all requirements about resources simply by being there. This affects file space, CPU processing capability as well as IO requirements for database servers or technical simulations of all kinds. The difference between a cloud and the standard out-of-the-box cluster is that in the cloud processes can ‘flow’ through the cloud running on the processors where it makes most sense to run them either based on current performance or on idle status. On the lower technical levels, though, it is not quite trivial to organise data in such a way that redundancy and performance are sufficiently balanced I/O being the limiting factor. However, in the cloud, where resources can be assigned in an on-demand way, assurance that enough resources are available when needed by the user/application should not be a problem unless of course the cloud has not been planned according to needs, which should, in today’s ITIL-oriented world, be the exception rather than the rule.
vital management
in the cloud, where resources can be assigned in an ondemand way, assurance that enough resources are available when needed by the user/ application should not be a problem unless of course the cloud has not been planned according Should these needs outgrow the configuration, more disk space or CPUs can be added easily provided that physical limits are not exceeded, ie it’s still not a good idea to generate files in excess of 1PB. The only major factor threatening availability in the cloud is the operating system itself. As we all know systems such as Windows or MacOS are maturing over time, early adopters therefore do risk their data but the risk does not seem more elevated then when changing to a new operating system. After all, the distribution of data, processes and services will not relieve the user from their duty to back-up data. In summary as availability will be far from threatened in the cloud and actually higher, more overall availability can be expected than from operating the same data/application in a cluster, it’s one nil to the cloud!
Integrity There’s only so much you can do about integrity as usually the network protocols assure it during transport, whereas algorithms such as MD5 assure integrity on the logical data layer (don’t think OSI here, I am just referring to structured, high level data). For the cloud preserving integrity might be a challenge as it has to be split into data integrity
(no problems to be expected) and information integrity, which might be more difficult to achieve due to the distribution of data across servers. The challenge here is to ensure that as much as applications will be broken up in processes and data will be broken up in fitting chunks the context isn’t lost and data remains meaningful throughout all processing and handling cycles no matter how many processing units, CPUs or memory devices are in the loop. For a quick overview let’s briefly enumerate the integrity assuring mechanisms already in place: RAM: ECC-RAM is capable of detecting and correcting bit errors based on Hamming-codes. As RAM is inherently unreliable and needs to be refreshed regularly a bit error could have devastating results. Hence at this level error detection and correction are urgently and incessantly needed. Hard Disks: File storage uses error correcting codes as well, although either on a very low close-to-hardware level and only when it comes to master file system tables or equivalent meta data. User data itself is usually not protected in any way. If RAID arrays are employed data will be broken down into stripes with each one containing parity code or CRC code information allowing the controller to re-calculate lost data if,
to needs, which should, in today’s ITIL-oriented world, be the exception rather than the rule.
September / October 2009 : VitAL 25
vital management
depending on the redundancy level of the drive, one disk (or more) should go missing. Network: All Ethernet packets contain a Cyclic Redundancy Check error detecting and correcting code at their end. Using this code the receiving network device is able to recompute the CRC sent with the packet and can therefore evaluate whether the data contained in the frame has survived transmission over the network. If the CRC check comes up with a different result than what has been sent with the frame, the frame is dropped. As much as any single computer can gain from the above methods to secure data integrity, so can the cloud, being basically a loose combination of different CPUs; hence two nil to the cloud. It should be mentioned though that high-level data integrity, such as protecting Word files from being altered or mis-transmitted, still rests with the human, so additional measures might be needed, if required.
Confidentiality Confidentiality and privacy are actually the big issues in the cloud. While IT has adopted access rights systems painfully slowly that allow access based on a user’s role in a business process rather than an operating-systemdefined function, the whole concept needs major technical redesign to work in the cloud, which for now can be best imagined as a cluster with some added functionality in regard to how data can be distributed. As a cluster of more or less equally equipped PCs the cloud should consist of similar 26 VitAL : September / October 2009
operating systems that allow a common access rights-granting and revoking system, centralised logging and centralised resource management. Additionally, it must be ensured that when a change is made to the access rights of a resource that these changes propagate through the cloud reliably and speedily in order not to expose a regulations gap when changes are made. Based on current operating systems the challenge of preserving confidentiality is a big one by itself, in the cloud there’s simply no better way to assure confidentiality then what the operating system has to offer, which is fairly little. Confidentiality is also challenged by the operating system’s need for security patches and updates which exposes the biggest security weakness of the cloud: the underlying operating systems, which even today, are still far from being mature enough to enable highly secure computing. This however is an effect of IT and IT development only slowly embracing the benefits of quality management and quality assurance, which would be the single means to detect vulnerabilities and weaknesses on time, ie before a product hits the market and is exposed to all kinds of nefarious folk. It is not clear when the operating systems used today, whose security concepts go back as far as the late 60s, will become stable, reliable, and confidentiality-preserving enough to allow you to entrust your data to a completely distributed system. What makes it even more implausible is that it has still not been achieved for standalone PC’s or clusters.
Confidentiality and privacy are actually the big issues in the cloud. While IT has adopted access rights systems painfully slowly that allow access based on a user’s role in a business process rather than an operating-systemdefined function, the whole concept needs major technical redesign to work in the cloud.
vital management
It is not clear when the operating systems used today, whose security concepts go back as far as the late 60s, will become stable, reliable, and confidentiality-preserving enough to allow you to entrust your data to a completely distributed system.
Privacy, not quite the fourth pillar Privacy is a sideline concern of preserving confidentiality in the cloud. As most vendors or service providers would have it, ‘the ideal cloud is an outsourced one’ which results in grave privacy concerns because of the general unreliability of such constructs. There are ample examples of outsourcers abusing the customer’s trust, albeit usually when it comes to billing and less in regard to the entrusted data itself; it should however be clear to everybody that what’s usually most valuable today is not the physical assets but the logical and intangible ones. Just as General Motors is wary of letting go of Opel (its main provider of know-how),
you should be suspicious when a whole IT or computing infrastructure is outsourced to a cloud-based system where you might not be the only customer in the cloud. Viruses and Trojans specially written for espionage are not unthinkable and actually easy to imagine, resulting in further challenges to the cloud operator and the operating system designers. As of now, confidentiality in the cloud does not exist on a suitable scale for the environment, therefore the final score is two:one to the cloud. Or to put it in a less soccer-oriented way: You should carefully consider the benefits and drawbacks and if your data is sensitive enough, the cloud may not yet be the right place to put it. VitAL mkrausz@i-s-c.co.at
About Mike Krausz Michael Krausz studied physics, computer science and law at the University of Technology Vienna and Webster University Vienna. He is a certified ISMS manager and auditor as well as a licensed professional investigator. Pioneering information security in Austria since 1995 he designed the first training class for a modern comprehensive approach on information security in 1998, the technical examination questionnaire for all future ISO 27001 auditors in Austria in 2002 and a two-year training program on Computer Forensics for a foreign public sector customer. After ten years as system administrator and IT manager he now serves as a consultant for national and international corporations in a consulting, training and investigations capacity.
September / October 2009 : VitAL 27
vital management
Investing in knowledge In times of economic struggle there are two approaches that enterprises can take towards education and training: treat the training budget as a discretionary spend and cut it to the bone; or see the reduced workload as an opportunity to refresh or extend the skills of the workforce. In previous downturns, the former approach is the one that was encountered most frequently. Independent consultant Aiden Lawes hopes this time around enterprises are showing a bit more foresight.
28 VitAL : September / October 2009
vital management
R
ecessions pass. Despite Gordon Brown’s claim to have abolished ‘boom and bust’, this tends to be exactly how the economic cycle works. Political decisions may exacerbate or ameliorate the size and frequency of the peaks and troughs, but ups and downs will undoubtedly happen. Assuming that they can stay in business, successful enterprises tend to be the ones that are positioned to take advantage of the upturns when they arrive. Spotting and responding to the downturns is more challenging, and not something I’ll even attempt to address!
How to tackle the opportunity? Clearly the first thing to do is define the current and likely future needs of the enterprise, understand the current capabilities of the workforce and identify the gaps that need addressing. How large this task will be is dependent upon the enterprise’s existing mechanisms for staff development. For the purposes of this article, let’s assume that the task has been done and the enterprise understands what gaps it wishes to tackle. Exactly what is it that enterprises need in their personnel? The short answer is competence. For many years I have worked to a definition of competence as being comprised of knowledge, attitude, skills and experience. Attitude is of course an innate characteristic that the individual possesses. The ‘right’ attitudes can be described, engendered and encouraged by the enterprise, but they can’t really be taught. Experience is precisely what is says – practical application of knowledge and skills which both consolidates knowledge
and allows them to refine that knowledge and those skills. So that leaves knowledge and skills. Many of these can be formally taught, but at least as much can be gathered from the workplace – from all manner of structured and informal knowledge transfer mechanisms.
Formal education and training programmes Organisations need to clearly identify what their learning requirements are and choose the optimum method for addressing them. All too frequently, money is wasted through poor decisions (“send everyone on a foundation course” or “there’s room for 16, so let’s fill the slots”); suppliers are often selected on ‘lowest price’, rather than value (quality of tuition, measurable results); individual development programmes are non-existent or vague, so matching the individual to the right course is poor; learning objectives are not set and monitored for each person; and there is a mistaken focus on paper-qualifications as though they are the goal, rather than an indicator. Unfortunately, too many qualification schemes are centred on the topic rather than the roles and competence sets that individuals require. There is a trend towards testing by means of multiple choice question (MCQ) exams. This is certainly attractive for the exam bodies, since such tests are far easier and much cheaper to manage. At foundation levels, where the intent is to test basic knowledge and understanding, they are appropriate. But at higher levels, where we are more interested in people’s ability to apply that knowledge, they become
Every student is an individual – a unique being who has specific needs, both in terms of knowledge and skills as well as in their preferred learning mode. So while some will thrive with computerbased packages, others will struggle.
September / October 2009 : VitAL 29
vital management
less so. Even complex MCQ questions tend to test the candidates’ ability to deduce the correct answer by logic and reasoning, rather than testing their ability to select and use appropriate knowledge. Every student is an individual – a unique being who has specific needs, both in terms of knowledge and skills as well as in their preferred learning mode. So while some will thrive with computer-based packages, others will struggle. Where classroom training is involved, some courses may achieve more with an internal audience, enabling focus to be placed on how specific processes or functions are handled internally. For other subjects, the individual may benefit more from sharing experience and ideas with those from different backgrounds. Each individual brings behavioural attitudes to any group learning experience that can inhibit or enhance the experience both for themselves and other delegates. Clearly when all these factors are taken into account, it is obvious that there is unlikely to be a single solution that is going to satisfy everyone. So choosing the right mix and style of learning modules is a complex task.
What about other options? Knowledge management has always been implicit as a discipline that is essential for successful ITSM solutions, but earlier iterations didn’t place the same emphasis on it as is the 30 VitAL : September / October 2009
case with ITIL v3. It uses the DIKW model to represent the continuum from pieces of data through to the ability to make informed and sensible decisions, which relies upon individuals being able to recognise patterns, trends, etc and to extrapolate from given positions. By storing data and information, and by using a range of tools, the knowledge can be made accessible to, and shared by, many within the organisation. We can populate knowledge bases and add to them over time, but by definition they will never be complete or hold all the answers. There is always the need for individuals to apply their own unique capabilities to specific situations and exercise their judgment when making decisions. Over the years, many organisations have introduced early-retirement/voluntary redundant packages, using the logic of reducing the payroll costs by releasing the older and typically higher paid workers. This has often also meant losing knowledge and experience. As a society we are also facing a demographic change that means the traditional life-pattern of childhood - education - (job-for-life) work (short) retirement - death becomes increasingly irrelevant. Life-long learning is a reality, with people switching not just jobs but career paths, often with full-time education breaks. And the path from work to retirement is blurring rapidly; those that need and/or want to can frequently continue in paid employment, while those that
Life-long learning is a reality, with people switching not just jobs but career paths, often with full-time education breaks. And the path from work to retirement is blurring rapidly; those that need and/or want to can frequently continue in paid employment, while those that can afford it ease into parttime working or even early retirement.
VitAL eyes on
Taking a process view can afford it ease into part-time working or even early retirement. Surprisingly, many individuals would welcome the opportunity to change their working patterns – maybe to a shorter week or flexible hours, or simply to less stressful roles. Perhaps these are the people who should be redeployed from front-line roles to act instead as mentors and knowledge communicators. This could be through formal education programmes, melding theoretical sessions with practical input from those who have lived and breathed many of the possible challenges, via one-toone mentoring/coaching partnerships, or by using these people to populate knowledgebases.
In this, the first of his regular columns (VitAL Eyes On) covering subjects designed to provoke debate and give practical direction to readers based on his wide IT experience, Jonathan Westlake (for a full introduction read his Secret Of My Success column on page 64) highlights the review and selection of business process modelling (BPM) tools.
Investing in knowledge Investing in knowledge and skills transfer programmes equips the whole organisation with a richer and more robust capability profile, positioning it to take earliest and fullest advantage of the upturn as well as facilitating immediate improvement in performance. Of course, implementing successful solutions in this way requires a great deal of thought and flexibility on everyone’s part. What one individual is prepared to sacrifice in terms of income may not be possible for another with different circumstances. Pension entitlement is simply one of the issues that will need careful handling, but there are no insurmountable barriers if the will is present. There are many organisations that offer flexible reward packages, allowing the individual to choose from a “menu” of benefits including cash, pension contribution/accrual, life insurance, health and dental care, childminding, company car, etc Extending this type of package to embrace additional flexibility around the actual working hours/patterns shouldn’t be too arduous. Understanding and recognising the value that is tied up in human resources is as important as managing any other asset. Finding ways to unlock the intellectual capital held by individuals can really pay dividends for any organisation truly seeking to implement knowledge management. By using a bit of imagination, overall costs can be constrained, valuable resources retained and their capabilities enhanced, and those with the knowledge and experience publicly recognised for the value that they can provide. VitAL al4kiwi@yahoo.co.uk
I
n the current economic climate it has never been more important to maximise the contribution of IT to a business. An accepted way of achieving this is to take a process view, model the process and map how IT can make an impact. BPM is arguably the most generic and recognisable term for this activity. Over the last ten years I have seen the proliferation of more and more tools on the market to help with the task of BPM. These range from graphical notation tools to full-scale enterprise process management tools. They all offer an opportunity to record processes and share the results across the organisation. I annually undertake a do-it-yourself review of BPM tools and reflect on the latest news regarding standards for BPM. I am not loyal to any particular BPM tool and my overarching need is to maintain my BPM teaching module. This need is not dissimilar to any organisations commercial need. The criteria for selecting a BPM tool will naturally vary per organisation but two factors have caught my eye recently. Firstly, the increased popularity of the open source movement and secondly a seeming willingness from some tool vendors to make BPM more affordable and accessible to all members of an organisation.
Example search terms are listed at the end of this column and it is worth noting that the free software includes proprietary examples such as Tibco’s BPM tool. It is not my intention to review these offerings. From the standards aspect, the role of Unified Modelling Language (UML) has also caught my eye. UML will be a future column topic but at this juncture UML’s use for BPM is of interest as a universal standard. The scope of using UML for all aspects of business and systems analysis is hence attractive. To conclude, I recommend a DIY review of BPM as a technique for getting more value for money from your IT investment. Consider a BPM tool for modelling your processes or for existing BPM tool users review the tool you currently use. There may be something more fit for purpose on the market and that may be open source. Having the right BPM tool as part of a framework of analysis tools is worth an annual review and can bring tangible benefits. VitAL BPM search terms: Tibco BPMScript AnaXagora www.staffs.ac.uk
September / October 2009 : VitAL 31
vital management
People development: Optional extra or vital component? Making the case for people development in hard times can seem like a thankless task. Natalie Benjamin of Lane4 says the credit crunch should be framed as a perfect opportunity to invigorate leadership and transform employees into high performers.
32 VitAL : September / October 2009
T
his year’s tough economic climate has meant mounting challenge for business leaders and their people. With stiff competition for shrinking budgets across all sectors, gaining an advantage against marketplace rivals is more important than ever. So why and how should companies seize this opportunity to demonstrate their strategic value in 2009 and beyond? In the middle of every difficulty lies opportunity’, is a notion that all business leaders must hang on to as difficult economic conditions infiltrate every sector and every department. From the world’s biggest banks and businesses to homeowners, first-time buyers and students, an economy under pressure knows no bounds.
‘
The real value of L&D Historically, in a multifunctional organisation, it’s those ‘nice to have’ business departments that see their annual spending budgets squeezed with immediate effect. After all, can anybody demonstrate the real value of human resources, particularly the ‘softer’ people development side, when all hands need to be firmly on deck? “Actually there are many examples of the benefits of investing in people during difficult economic conditions,” explains Matt Rogan,commercial director at Lane4. “A study by Bain & Company, analysing more than 700 firms during the recession of 1990-1991, shows that twice as many companies made marketplace gains during that year than during calmer periods. You only need to do some research to see that it’s
vital management
precisely during these times that businesses must nurture and retain their talent to gain a competitive advantage in the long-term.” The examples to which Rogan refers are widespread and include Southwest Airlines’ significant investment in people development when the industry’s prospects were suffering post 9/11, Dell’s continued investment in leadership development following extensive budget and job cuts and media company Viacom pushing on with training programmes during a recession, even when their own client numbers were falling. All three companies reported improved performance as a result of the investments they made. Interestingly, the critical importance the aforementioned Southwest Airlines places on its people is reinforced in the company’s mission statement, which identifies a ‘commitment to providing employees with a stable work environment with equal opportunity for learning and personal growth’ and that, ‘employees will be provided with the same concern, respect and caring attitude within the organisation that they are expected to share externally with every Southwest Customer.’
Committed to investment So there you have it, from a company that has been there and done it - treat your people well and they will treat the customer well! Christian Hobson, head of learning and performance at Nomura, is determined to follow these examples. “Our people are our business and because we’re asking them to respond and perform in tough conditions, we must ensure they remain totally engaged and demonstrate the right behaviours. If we don’t, our business performance will suffer.” Hobson continues, “Retaining our best people is vital and it’s a challenge that our senior executives continue to focus on. This year it would have been easy for them
History tells us that tough economic conditions are inevitable and part of the natural business cycle, but what’s not so clear is that when employees feel buoyant and engaged their increased productivity and loyalty can ensure high performance in the most difficult circumstances. to cut HR spend, but they haven’t. They remain committed to the investment which demonstrates its long-term value.” Of course, history tells us that tough economic conditions are inevitable and part of the natural business cycle, but what’s not so clear is that when employees feel buoyant and engaged their increased productivity and loyalty can ensure high performance in the most difficult circumstances. Crucially, companies must tailor or revamp programmes during any financial squeeze to ensure that they are explicitly relevant to the September / October 2009 : VitAL 33
vital management
current economic climate and are designed to help people achieve in tough market conditions. After all, it’s precisely during these difficult times that performance needs to be at its highest level to maintain profit margins and retain competitive advantage. “With greater risk and more uncertainty, particularly in the financial sector, people need the mental toughness to be able to respond well under pressure,” explains Shona Keogh, a senior consultant at Lane4. “Leadership is also a key factor, so that employees understand and are able to fully engage with the team or company vision. It’s when times are tough that people need to be prepared, remain competitive and withstand economic challenge. People development programmes and 1:1 coaching can also help to address stress levels that may be consequences of the crunch.”
Bucking the trend With this in mind, it’s clear to see that shortterm cost cutting hinders both competitiveness and employee loyalty and only serves to dampen morale, reduce levels of innovation and reinforce any negative impressions. Simply put, if something can be cut with such ease its 34 VitAL : September / October 2009
perceived value will inevitably decrease. Research indicates that true recession survivors have continued to place critical importance on employee development and that when competitors are slashing training budgets, there is a better opportunity than ever to steal a march and gain competitive advantage. Business leaders know that this current crisis is not a new phenomenon and that better conditions will inevitably ensue, indeed current indicators suggest that the UK economy is starting to grow again and that the country – along with various other regions in the wider world – is coming out of recession and credit is once more starting to flow. So, rather than being viewed as a threat, the credit crunch should be framed as a perfect opportunity to invigorate leadership, transform employees into high performers and demonstrate the true value of learning and development. It is these lessons that CEOs must have reinforced by HR directors when it’s time to set budgets. Of course, this is not always an easy battle to win, but things that are worth fighting for never are! VitAL www.lane4performance.com
So there you have it, from a company that has been there and done it – treat your people well and they will treat the customer well!
vital processes
WHEN? The Hilton Birmingham Metropole WHERE? Early booking offer now on BOOK? 9-10th November 2009
save up to 15%!
I
t seems that, unlike the forecasted bird-flu epidemic that was supposed to decimate the population, the credit-crunch did not turn out to be just another hypedup scare. Amongst many other effects that might be attributed to the crunch including, for example, a rise in the number of house burglaries here in the UK, MPs expenses are being scrutinised like never before. Personally, I don’t believe the expenses row to be any kind of coincidence. There is no question about it: right now, times are hard. With the UK economy in some difficulty, the Retail Price Index (RPI) for April showed the biggest monthly drop since records began in 1948 according to a recent report from the BBC. The same source also quoted a similar worrying trend in the Consumer Price Index (CPI) – the government’s preferred measure for inflation. At present, it is also reported that the Bank of England is trying to forest in the UK by cutting interest rates as a means of stimulating the economy. During such difficult economic times, it is quite natural for us, both personally and from an organisational perspective, to begin pulling in the belt by curbing spending until things get better; as, of course, they inevitably must. So within many organisations, there is significant pressure being applied from above to cut operational budgets particularly in areas that may be perceived to be something of a luxury; and often, training programmes are one of the first candidate-items to make it onto the list. In this article, we will consider why your company should reverse that logic; and, far from cuttingback on training, should right now, be actually investing. The primary reason to invest in training – whether it is for an individual or an organisation – is to facilitate the transition from one state to another. For this reason, service management training in particular, becomes vitally important in tough economic times because it will be those operations that can adapt quickest to changing circumstances that will be strong enough to survive, and even thrive, under the present economic climate. Competitors,
unable to make rapid transitions – adapting to the changing demands of the markets within which they operate – will simply fall along the wayside leaving those organisations that are agile enough to prosper.
Adopting best practice The case for adopting best practice frameworks, such as ITIL, is that they allow organisations to genuinely benefit from the experiences of others without being condemned to repeat their mistakes. It is true to say that not all adopters manage to effectively leverage the benefits, of course, since there are many challenges to be overcome when dealing with significant organisational change. However, it is fair to say that the adoption of best practice, for many, has been instrumental in the achievement of organisational excellence in the field of service management. The current state of the art in service management is ITIL Version 3 which was released in the summer of 2007 replacing the older Version 2 best practice and is now reaching maturity. Perhaps the biggest change in ITIL v3 is the embracing of the concept of the service lifecycle. It is not an entirely new idea of course: you could find it in ITIL v2 if you knew what you were looking for; and the same basic idea is also to be found within Enterprise Architecture. As a wise man once said, ‘there is nothing new under the sun’. However, that said, the successful translation of this concept into operational activity holds the promise of transforming units that serve the business into real strategic assets able to deliver organisational change effectively and rapidly, bringing about real business benefits. Such agility enables organisations to improve their speed-to-market with new or changed product offerings; improve their ability to cope with significant organisational change including, for example, mergers and acquisitions; and to improve organisational capability for making rapid adjustments and course-corrections that may be deemed necessary both in the present, and future, economic situation. Furthermore the ability to ensure that Business Change
Service management training in particular, becomes vitally
optimising IT services for business success important in tough economic times because it will be those operations that can adapt quickest to changing circumstances that will be strong enough to survive, and even thrive, under the present economic climate.
www.itsmf.co.uk/conference09 September / October 2009 : VitAL 35
vital management
Feature sponsored by:
36 VitAL : September / October 2009
vital management
Free your business with multi-layer integration Most businesses realise that a successful platform for service management integration is a vital business component, but many don’t fulfil their potential due to a lack of a holistic and cohesive multi-layered integration strategy. Peter Durrant, UK sales director at Avocent:LANDesk sets out to right this wrong.
I
nformation and quick, easy access to it, lies at the heart of any business’s ability to communicate effectively. Not only is information the main driver for business communication, but managing that information through evolutionary advances in technology – especially service management integration - has become a mission critical function for business survival. In fact, the increased use of service management solutions is now such a critical asset that it can affect a company’s ability to maximise return on investment by intelligently and effectively managing its resources. Unfortunately, while most businesses realise that a successful platform for service management integration is a vital business component, most don’t fulfil their potential due to a lack of a holistic and cohesive multilayered integration strategy.
Optimised business value Essentially, service management implementation is the orchestration of a business’s operational architecture but this doesn’t necessarily begin and end with the IT infrastructure. The management takes in to account the diverse range of a business’s resources, which were traditionally viewed by CFOs and CIOs as valuable but separate entities. From technologies and processes to best practices and services - a successful service management implementation is maximised to deliver robust operational efficiency 24/7. With a good service management system in place, covering everything from the desktop to the data centre, people and skill sets can be redeployed, adding optimised business value while engaging the organisation with efficient resource management, which can significantly enhance productivity.
Reducing total cost of ownership through optimised operational expenditure is the Holy Grail for CIOs and CFOs. A recent Gartner report of one thousand CIOs concluded that 62 percent didn’t intend to make any budget reductions for IT spending in 2009. This highlights the fact that CIOs place a huge emphasis on the business value of IT systems because it’s not worth the risk of offsetting lower capex cost. A badly managed service doesn’t provide the best solution and is often a false economy. In fact, initial capital investment in service management software and services is offset in the long term by a plethora of rewards that help businesses achieve a wide array of objectives, enhanced staff productivity and fiscal recompense though lowered operational expenditure. A successful platform for service management can have a dramatic impact on many aspects of business processes. It can improve decision-making accuracy, drive behaviour, enhance productivity, and increase not just employee’s operating efficiency but also that of the operations architecture eco-system. It can also reduce operational risk by providing comprehensive context for a wide range of management decisions. A superior integrated and managed service will improve established systems and processes for trouble ticketing, call response and incident management while reducing service interruptions and expediting restoration. It will also help meet the intensive demands of rigorous service level agreements, which has knock on benefits for utilising IT labour requirements and improving staff productivity. Service delivery costs will be significantly reduced and service-related risks will be better administered. Finally, it enables streamlined compliance with internal policies and external mandates while proactively adapting to changing business requirements.
Reducing total cost of ownership through optimised operational expenditure is the Holy Grail for CIOs and CFOs. A recent Gartner report of one thousand CIOs concluded that 62 percent didn’t intend to make any budget reductions for IT spending in 2009.
September / October 2009 : VitAL 37
Feature sponsored by:
vital management
Feature sponsored by:
By establishing the capabilities to both define standardised management processes and then automate their execution accurately and consistently across the enterprise environment, they provide the core requirements for ITIL adoption.
38 VitAL : September / October 2009
Ultimately, this platform positions IT services as a strategic contributor to businesslevel innovation and gives business a competitive edge.
An integrated multi-layer approach While these improvements offer excellent competitive advantages in the short term, they don’t release their true potential because they’re not collectively realised as part of a cohesive overarching strategy, existing only in isolation. For truly enhanced operational activity, these service management solutions need to be fully embedded with IT systems and management tools. If, for example, service desk software is only deployed in an isolated silo it can’t communicate effectively with the underlying IT infrastructure. This limits its ability to collect useful information and the knock on effect is that the business isn’t in a position to implement any useful changes to processes. To truly unify these solutions and leverage their full potential, companies need to incorporate multi-layer integration with their existing systems and network management tools, key business applications and personal productivity tools. This multi-layered approach really is best practice if businesses want to run as successful service management solution. Viewed through this holistic prism, multi-layered integration really becomes a Rosetta stone for unlocking the way business can understand and manage the IT environment and the mission-critical services it delivers. In other words, service management should be thought of as the central nervous system that collates all key business benefits to boost IT service delivery, drive efficiency, reduce costs, manage risk, improve control and increase productivity. It should also be sufficiently flexible to let organisations of any size pursue and achieve
a level of service management capability and IT-business alignment appropriate to their own unique needs, with reliable results and predictable costs. Without end-to-end multilevel integration, service management doesn’t deliver on its promise. What’s more, a badly designed and implemented system is more of a hindrance and will nullify attempts to streamline business. Service request response gets backlogged, personal productivity is fractured and service desk analysts have to rely on a set of different tools and interfaces, which creates inefficient resource utilisation. A well-integrated service management platform unleashes the true value and potential of business. It provides a fully integrated service desk and IT service infrastructure and asset management solutions. From the data centre to the desktop, this approach helps to solve IT complexities for everyone from service desk managers to IT operations management. Multi-layered integration means the service management solution and the wider IT environment can be monitored through one single interface. Like a central nervous system, these processes can be collated and automated where as previously, they were broken in to isolated domains.
Flexible and responsive service Let’s consider the impact of multi-layered service management benefits for staff and service customers. It helps make IT services more flexible and responsive to service consumers and users can self-provision needed services through a closed-loop service catalogue that secures required approvals automatically and validates user credentials and role-based authorisations against directories and other resources. New employee provisioning can be fully automated and triggered by events in the HR system. Users are ensured fast, convenient access to
vital management
Multi-layer service management integration frees business to finally realise its capabilities by managing a whole range of IT support and business directives through one tool set. It enables organisations to optimise their IT investments by turning the service desk in to a business services centre and improves service processes and productivity while reducing costs.
all the resources and services they need to become and remain productive throughout their tenure with the organisation, even as their roles and responsibilities change over time. For service desk analysts, a multi-layered solution brings together all the disciplines and tools they need to diagnose and correct problems through a single interface. Incident reporting and tracking, troubleshooting, problem resolution and managed change execution can all be accessed efficiently and securely without leaving the service management console. Systems management actions can be called to monitor, control and reconfigure systems remotely, or to inventory and distribute software. Security management functions can be called to scan for vulnerabilities and manage patch applications. Scripts and batch files can be called to initiate routine maintenance and management functions. What’s more, because this information and functionality is exposed and accessed though a single interface, the potential impact of any action can be assessed quickly and accurately, reducing the risk of unintentional service interruption. It’s also a tremendous advantage to collaborative operations, because it eliminates confusion and miscommunication in handoffs, and by eliminating redundant manual tasks it increases IT staff productivity while improving morale. Most importantly, an integrated service management solution provides an auditable log of management activity that is complete because it is centrally maintained.
Core requirements for ITIL The IT organisation gets the widest array of augmentations from a multi-layered solution. By establishing the capabilities to both define standardised management processes and then automate their execution accurately and consistently across the enterprise environment,
management. The IT organisation also reaps the benefits of enhanced communication because a fully integrated service management environment gives real-time visibility, creating a more flexible and controlled eco-system.
Customer benefits
they provide the core requirements for ITIL adoption. ITIL has been taken up by hundreds of enterprise companies as a best practice solution for organisations that are increasingly beholden to IT in order to run their business effectively. The ITIL communication links they provide between systems also facilitate resource management within the IT organisation, allowing personal calendars and other scheduling tools to be accessed within the service management console. System-to-system integration reveals automated processes to other business units so other departments can leverage this integration to implement their own repeatable processes. Unified event management means that the management system can monitor their status, incidents, trigger alerts and proactively initiate corrective response, often before users or administrators are aware of the situation – thereby reducing downtime and increasing productivity. Integration in the service management solution also helps the IT department make more efficient use of its internal resources by standardising processes, streamlining workflows and simplifying asset
While multi-layered service management integration adds benefits for the business organisation, it also adds key benefits to its customers and business partners. IT services are more highly available, reliable, and quickly restored after interruption because integration reduces operational risk to the business and facilitates critical compliance activities. By integrating enterprise-level strategic goals and policies into the management processes for IT services, it improves organisational alignment, enables more efficient pursuit of growth opportunities, and expedites adaptation to changes in organisation and the business environment. By extending process and workflow automation across enterprise boundaries with open industry standards, an integrated platform supports collaborative operations and efficiencies throughout the supply and delivery chains, allowing even third-party processes to be simplified. Multi-layer service management integration frees business to finally realise its capabilities by managing a whole range of IT support and business directives through one tool set. It enables organisations to optimise their IT investments by turning the service desk in to a business services centre and improves service processes and productivity while reducing costs. These solutions deliver transformational capabilities and business benefits for the IT organisation and all of its customers—not just for the organisations of today but for the future of optimised business deployment models tomorrow. VitAL www.avocent.co.uk September / October 2009 : VitAL 39
Feature sponsored by:
vital processes
Let’s bring innovation back to IT To get the IT department back to its rightfull place at the beating heart of the business, Lisa Hammond, CEO and cofounder at Centrix says the emphasis needs to be on innovation.
40 VitAL : September / October 2009
vital processes
IT has let slip its reputation for innovation and leading business to new ways of doing things. For IT to get more serious top-table attention, it has to change the way it operates. Too many organisations are awash with more technology than they really need or can make optimum use of. The first step has to be the reduction and consolidation of equipment, applications and assets, to a tightly managed and efficient core.
T
he rules of the IT game have changed. Given the speed of change in the business environment and impact of globalisation on almost every sector of the economy there is no room for business leaders to abdicate responsibility for IT. Today, IT plays a role in most aspects of a company’s business – without IT, companies simply grind to a halt, never mind competing in the global economy. But why, if this resource is so essential, does it still lack the attention it deserves at board-level and can anything be done to change this?
Unobtrusive base-line service It is essential that IT delivers an unobtrusive base-line service. Equally, it is critical that IT is stringent and constantly vigilant about how it can help the business reduce operating costs. But in some areas, IT has let slip its reputation for innovation and leading business to new ways of doing things. For IT to get more serious top-table attention, it has to change the way it operates. Too many organisations are awash with more technology than they really need or can make optimum use of. The first step has to be the reduction and consolidation of equipment, applications and assets, to a tightly managed and efficient core. Such a move has two allied benefits. One, effective software asset management can result in significant savings through the rationalisation of unused or unneeded applications. Industry estimates suggest as much as 30 percent of IT spend can be found to be wasted in this fashion. The second positive payback is getting the attention and credibility of the rest of the business. For too long IT has laboured under a less than helpful image of talking in
impenetrable jargon, and of not living with the same realities as the rest of the business. It’s arguable that at least some of that reputation is deserved: in which case even more reason to put it firmly in the past. To do that, IT departments must finally break the ongoing IT-business misalignment that seems to bedevil far too many projects. Which of course may be easier said than done but what’s certain is that any danger of miscommunication must be avoided. IT leaders need to get better at communicating in the language of the business, so that they can be understood, recognised and related to by the rest of the organisation (be that finance, marketing, sales, product development). Let’s not ask our hard-pressed colleagues to get to the bottom of SOA or IT Security: much better is to work with them on how we can make technology the tool to close gaps in performance, get better and more accurate data on customers, adapt to globalisation and all the other challenges the business faces daily.
Expanding the skill set Another very important skill for today’s CIO is being on top of all things legal and contractual. Dealing with suppliers who are getting sharper at extracting precious margin, working with corporate to get the best SLAs and outsourcing arrangements possible, dovetailing with finance around all the issues to do with compliance in today’s world, and increasingly being aligned with HR around issues like work-life balance: this again suggests the need for IT leaders to expand their skill base beyond being fluent in the language IT. That being said, IT is and always has to be about delivery. The business is looking for continuity and stability of the platform and
‘plumbing’ but also needs effective, worthwhile projects that keep things moving ahead. A streamlined IT function that knows what its assets are, what its infrastructure is capable of, and what it needs to get out there to make an impact, is in a much stronger position against its competitors and make business goals a reality. To help companies develop and implement improved business-led IT strategies, there are IT services available today that work on a subscription-based model. This approach allows projects to grow in line with timeframes and budgets, with the client organisation only paying for the services used. This avoids some of the problems associated with traditional approaches to IT procurement methods, which often involve lengthy, inflexible contracts; which are so often the cause of projects going awry.
An excellent opportunity Put all this together and the message has to be that there is an excellent opportunity, after a number of challenging years, to put IT back in focus for the management boards of many organisations. Innovation – the creation of new value – is the aim. However, to get there, IT teams need to pick up speed and remove anything that can get in the way of adding value to what they offer to the business. After all, agility and innovation go hand in hand. This may be preaching to the converted in many cases, but the sad fact remains too many IT projects still end up as disappointments and too many CIOs are reduced to the role of caretakers of other people’s problems. Let’s put IT where it really needs to be – a truly essential driver of business. VitAL www.centrix.co.uk September / October 2009 : VitAL 41
vital processes
Figure 1: Best practice for IT
Best Practice
What it means...
IT is a board responsibility
Making IT work has little to do with technology itself. Just because a builder can acquire a handsome set of hammers, nails, and planks doesn’t mean he can erect a quality house at reasonable cost. Making IT work demands the same thing that other parts of the business do – inspired leadership, superb execution, motivated people, and the thoughtful attentions of the board. Board members need to learn about and understand IT in the same way they learn about and understand finance, manufacturing operations, customer service, and marketing.
Create a long-term IT plan
Because winds of change buffet IT more than any other area of the organisation, companies will benefit from a long-term, disciplined, strategic view of IT investment, and a firm focus on using IT to enhance the company’s productivity. A detailed IT plan allows companies to develop their IT capabilities deliberately and systematically to enhance business performance.
Develop a unifying IT platform
Most organisations are amazingly complex, with departments or initiatives that are like independent countries, each with its own business applications, technologies and culture. Project costs soar because skills are isolated in individual teams rather than harnessed across the business; knowledge and components developed in one area aren’t re-used elsewhere; and consultants are brought in again and again to solve the same problems in different areas of the business. Ongoing maintenance costs run rampant as the company struggles to maintain the skills to handle heterogeneous hardware, multiple versions of operating systems software, and varied sets of applications, while almost certainly overpaying for licenses because no one has a picture of overall demand. Executives must understand the root cause of this complexity, which is encouraged by leading software companies and large systems integrators (who are often also the consultants on business change programmes), and embark on projects to simplify and rationalise their IT provision. The aim should be to develop a common technology architecture that meets the needs of the business but is less costly and easier to manage.
Create a customer-centric IT service by use of service aggregation to fit the needs of the business
Progressive companies have reinvented their IT departments into services structure. They create a network that distributes IT services and resources across the company to the users who need them, rather than assigning particular resources to single departments. They set-up a “service management” group to concentrate on IT planning and process re-designs. Business users play a central role in managing service delivery, and often lead service management initiatives, adding pivotal resources to implementation projects. Companies who transform their IT into a service to the business can improve performance and productivity in a way that leaves competitors behind.
Develop a high-performance IT culture
First on the agenda must be to establish an accountable IT leadership team. An IT organisation that has clear guidance, a shared mission, and high expectations can focus its staff around work in line with the business’s needs and correct performance and productivity problems. To do this, all IT managers, including CIOs and CTOs, must be handson people who are deeply involved in projects and teams.
42 VitAL : September / October 2009
Unbiased advice and bespoke IT Service Management solutions
ITIL v2-v3 Foundation and Managers Bridge ITIL v2 and v3 Foundation Certificate ITIL v3 Intermediate Certificate Public schedule and on-site options available. Visit our website www.wardownconsulting.co.uk for details.
Tel: 01582 488242 Fax: 01582 488343 E-mail: training@wardownconsulting.co.uk Website: www.wardownconsulting.co.uk Wardown Consulting Limited. Prudence Place, Proctor Way, Luton, Bedfordshire. LU2 9PE
IT Service Management Training & Consultancy
vital processes
The rise of the data centre Barry Lewington, principal consultant at PTS Consulting assesses the growing importance of the data centre and the implications this has for service management.
44 VitAL : September / October 2009
vital processes
Today, our whole lifestyle is dominated by IT. There are very few activities we perform today where IT does not play some part. We have all become part of the IT ‘snowball’ where bigger, better, faster, more complex systems are feeding our insatiable information technology appetite.
Also, there is a growing awareness of the need to be more economical with the use of power, not just through environmental awareness programmes (green Initiatives) but also through growing power costs. So why have organisations found themselves in this predicament? For many years now we have had data centres in place supporting our IT systems, with very few problems for most. Today, our whole lifestyle is dominated by IT. There are very few activities we perform today where IT does not play some part. We have all become part of the IT ‘snowball’ where bigger, better, faster, more complex systems are feeding our insatiable information technology appetite.
The IT information age
I
t was not too long ago that the lack of data centre space was for many at a critical level preventing us from implementing new IT services. Today, with the growing take up of new server technology such as blade servers and, in addition to that, the stabilisation and value realisation of virtualisation technologies, our data centre landscape has taken major leaps in just a few years. This leap in IT technology has not however been consistently matched by investments in environmental (cooling and power) systems. This has resulted in many organisations having to take tactical and sometimes expensive short-term solutions to provide much needed cooling for their new IT systems.
To support these advances we require powerful yet efficient systems. These systems require more complex software which requires more processing power and information stored in bigger databases. The result is that these systems consume more power to run. Increased power in the data centre, leads to an increase in cooling system capacity. Within many organisations the data centre and its supporting infrastructure is the responsibility of the Facilities / Estates departments. Typically they do not understand IT and likewise the IT department does not understand the mechanical or electrical systems that make up the data centre infrastructure. This has resulted in arms length discussions in trying to align the two technologies. Today though there is a growing need to draw the two disparate technologies under one authority to ensure they are closely aligned, with IT taking the overall authority for the development and support of the entire data centre including its mechanical and electrical infrastructure.
Best practice alignment So how do we re-align the exponential growth of IT demands and systems and ensure the environment they occupy is neither over nor under-engineered? Through the use of a service management framework such as ITIL, we can effectively manage the entire data centre including its mechanical and electrical infrastructure as part of a single IT service, aligning the delivery and support for power, cooling and space with those of the IT infrastructure and systems. ITIL v3 was released in 2007 and promotes the need for organisations to develop IT services as part of a service lifecycle, where IT services and their supporting constituent parts are managed from ‘cradle to grave’. Through the implementation of supporting processes, services can be implemented and supported, with the services becoming predictable with little or no surprises. In providing the IT services to our clients, we need to consider the requirements for the provision of our basic commodities that make our systems work (power and cooling).
Developing a strategy The Service Lifecycle process starts with laying out the vision for our services, this we do through the development of a strategy. ITIL states that we should start by developing a strategy where we take a snapshot of our present situation and capture a list of business demands from our customers. With the information available, we develop the vision for our service, through development of a gap analysis and planning the alignment of our services to the needs of our customers. The aim is to ensure we have sufficient capacity to deliver our services without wasting valuable resources. The strategy will state what we are trying to achieve and how we will develop our services. September / October 2009 : VitAL 45
vital processes
The IT strategy should align with the vision and direction set out in the overarching business strategy. Feeding into the IT Strategy we may have more detailed service-specific strategies such as the IT services strategy and data centre strategy, all of which, should support and feed into the broader service strategy higher up the tree. The core output from the strategies will feed into the development of the department’s financial budget for the forthcoming year. Future changes in the implementation of new technologies planned to be implemented into the data centre will drive a data centre requirement for space, power and/or cooling. If these are defined in the services strategies, the data centre strategy will plan and provide the provision for supporting the new services. All too often I have found organisations who have run into trouble within their IT service delivery, who have not laid down the foundations of a basic strategy and have effectively lost their way in delivering their services.
The importance of data centre and service design With our data centre strategy in place and visibility of all of the organisational strategies, we are now able to develop a design and plan of activities to meet the forthcoming needs of the organisation. Our activity moves into the development of the data centre design. With the typical lifespan of a data centre being ten to 15 years, it does not surprise me when I visit a data centre hanging on by its fingertips and learn that it is 35 years old and has had only sporadic investment since its inception! It seems organisations are now waking up to the importance of the data centre and the critical role it plays in the success of their core business. What comes as a shock in many cases is the cost to address historical lack of investment. Effective planning and integration 46 VitAL : September / October 2009
of flexible designs can greatly alleviate the need for major unplanned investments. Taking our clients’ needs to implement new systems, we are able to take these requirements and move into our service design stage. Here the data centre is designed to address the future needs of the client. We assess the capability of the data centre infrastructure (power, cooling, security etc.) and develop the plans for upgrading or replacing aged equipment. One of the biggest changes in data centre practices has been the development and use of cold or warm aisle containment. This was brought about by the growing needs of server hardware requiring fast dissipation of warm air. This concentration of warm air has put a strain on aged cooling equipment and has caused several organisations to close down systems as a result of an air conditioning unit failure. In addition to the above, external factors based on rising power costs and the need to reduce power consumption to align with an organisation’s Green Initiatives, leads to the design of the data centre becoming more prominent. In a recent government publication, data centres in the UK are said to consume approximately five percent of the UK’s energy. Once we have our data centre designs confirmed, we can now move to our service transition phase, where we will plan and develop our staged implementation and deployment. This will be managed through to live operations using the change, release and deployment management processes.
Service transition and ongoing support It is important that we set control stage points through our processes. This enables activities to be approved and ensures that expectations are effectively met and that any
With the information available, we develop the vision for our service, through development of a gap analysis and planning the alignment of our services to the needs of our customers. The aim is to ensure we have sufficient capacity to deliver our services without wasting valuable resources. The strategy will state what we are trying to achieve and how we will develop our services.
VitAL Drive: IT hits the fairway
Attention to detail unexpected changes that have been found on the way can be assessed and approved before progressing. The final stage of the service transition is the deployment of the service. Even the implementation of a new air conditioning unit should still be treated as if it was a new customer service, since its potential failure can have a serious impact on the overall efficiency of the data centre and the systems it supports. Therefore, the timing, testing, acceptance of the unit into production is all important on the overall service levels offered. Just like an IT system suitable documentation and training needs to be provided before the unit is accepted into the live operation. This should be the same for all data centre equipment, whether it’s a new generator, fire suppression system or air conditioning unit, all support staff expected to interface with the system need to be aware of their role in using and supporting the system (all new staff need to be trained and all staff should attend a refresher session run on a regular basis). Once the data centre infrastructure has been accepted into live operation, ongoing support will be provided using the standard IT service operations processes, event, incident and problem management processes.
Managing the data centre lifecycle In closing the lifecycle loop managing the ability to address minor changes and to pickup ongoing issues, we use our continual service improvement processes. These include our measurement processes for: tracking service performance and developing service performance trends; service reporting for providing management visibility on performance against expectations; and from a financial basis, the ability to track the business returns on our financial investments. Therefore through alignment of our data centre infrastructure into our IT service management processes using a common best practice framework such as ITIL, we are able to deliver an efficient and effective IT service to our clients while maintaining a comfortable control on addressing ongoing external influencing factors such as increasing power costs and the need to address green Initiatives. VitAL www.ptsconsulting.com
It’s a good time to take stock in the golfing world and Geraint LEWIS is having a crazy time, while keeping his eye on the ball.
H
aving just watched the Open Championship on the BBC, (please don’t call it the British Open, it was the first and therefore does not need any geographical explanation) we can see the extremes of the game, 150,000 people passing through the gates to watch golf over the four days of the championship and it comes down to one man on the 18th green with a putt to win. Which reminds me of the old saying “Golf is a game of inches rather than yards” All the focus on how far the pros hit the ball and will this mean the end of the traditional courses that host the Open Championship, when at the end of the day it comes down to those small putts on the green to make all the difference. Tom Watson – misses a 10 foot putt on 18th green to win the Open Championship. No mention of how long or short he was off the tee. Watson has of course benefited from missed putts, in 1983, at The Open, Hale Irwin attempted to backhand a tap-in on the 14th hole, missed and took a bogey five, Watson won the Open by one shoot. The history of the Open is littered with hard luck stories of what might have been, the most recent being “Caddygate”. Everything looked rosy for Ian Woosnam when he birdied the first hole of the final round of The Open at Lytham to move into a share of the lead. But as he arrived at the second tee his caddie, Miles Byrne, realised that he had left a driver Woosie had been trying out on the practice tees in the bag – meaning he had an illegal 15th club in there. A shocked Woosnam reported the breach to an official, and suffered a two-stroke penalty, without which he would have finished second (or possibly better, as he was shaken
by the incident). ”It’s the biggest mistake he will make in his life. He won’t do it again,” said a philosophical Woosnam afterwards. A fortnight later Woosnam sacked him, after Byrne overslept and missed the start of Woosnam’s final round at the Scandinavian Masters. The above reminds us that attention to detail in our work is essential. We are currently in the process of rolling out a new software package to all staff and amongst all of the planning and costing and testing, we need to remember that at the end of the process is a person who will be using the software and they need to be included within everything that we consider. As the golfing year starts to draw to a close, we can all reflect on our performance over the year and make our plans for the next season. “How is my game?” I hear you ask. Well I nearly broke the course record while playing on holiday, but my putt on 18, hit the blade of the windmill and bounced out. “Crazy golf?” it certainly was. VitAL
September / October 2009 : VitAL 47
vital processes
There’s no such thing as unified communications Ask for a definition of unified communications and you’ll get a different answer every time. Why? Because, according to Darren Boyce, CEO of Proximity Communications, in reality, there is no such thing.
B
usinesses have rightly embraced the opportunity to maximise the revenue - generating oppor tunities presented by technologies associated with unified communications. It’s a no-brainer that accessing your emails and business-critical applications on the move will accelerate decision making; that synching complementary processes will help automate previously mundane tasks, and allowing employees to collaborate will generate bright ideas. With a unified or collaborative environment, the possibilities are seemingly endless.
48 VitAL : September / October 2009
It is because of these compelling – and entirely valid – benefits, that hundreds, if not thousands of products, are now promoted and sold under the ‘unified communications’ banner. As a result the term, originally coined to illustrate the convergence of voice and data networks, has evolved into a catchall phrase used to describe any device, technology, or application that even slightly touches on the concept of collaboration or always-on communications. But how can distinct technologies or products unify your communications?
Put simply, they cannot. The fundamental meaning ‘to unify your communications’ cannot be applied to individual products. Unified communications is therefore not a solution you can or should buy offthe-shelf. On the other hand the basic principle of ‘unified communications’ is very real. In the pursuit of operational efficiency, business agility and increased productivity, the concept or strategy of unifying and integrating communications is the panacea. Here, unifying communications becomes a process, not a product.
vital processes
Communications, unified Instead of unified communications – a term loaded with confusion and inaccuracies – organisations are advised to challenge the perception that products alone can deliver a unified ICT architecture, and consider instead a more holistic route toward achieving the associated business benefits. This route advocates the integration of an organisation’s assets; that exploiting and evolving your existing investments is sound business practice. Furthermore, it provides a cost-effective, realistic roadmap that helps prioritise and simplify the process of unifying your communications. Instead of unified communications, businesses should adopt ‘Communications, Unified’. Communications, Unified is designed to help organisations realise the commercial and collaborative benefits of unifying their business communications. It encourages organisations to take a fresh look at their existing assets and identify how these can be better integrated or evolved to improve efficiencies in business processes, as well as productivity and innovation between employees, customers and partners. It advocates a migratory approach to pursuing a unified environment, and is based on the principle that unifying communications is a process, not a product. Furthermore, it allows businesses to maintain a wholly
bespoke ICT architecture, specific to that organisation’s culture and commercial engagement model. By exploiting and integrating legacy investments with best-of-breed new technologies, organisations are able to unify their communications at a price and pace to suit; and ease the cultural transition toward greater collaboration and social practices in business. With so much potential at your fingertips though, where do you start? How do you know which technologies will provide measurable business benefits? Which employees will benefit most from collaborative tools? How do you synchronise your communications infrastructure without biting off more than you can chew?
Six degrees of unity Six degrees of unity is a six-step process for unifying a business’s communications infrastructure in order to achieve greater cultural and commercial benefits. Taking into account all aspects of an ICT architecture, it’s a framework that emphasises the importance of understanding business processes, culture, and objectives, and only then marrying the appropriate applications and technologies. By design, it appeals to decision makers and leaders that want to manage risk and
By exploiting and integrating legacy investments with best-ofbreed new technologies, organisations are able to unify their communications at a price and pace to suit; and ease the cultural transition toward greater collaboration and social practices in business.
September / October 2009 : VitAL 49
vital processes
streamline expenditure but not compromise on innovation: 1 – Define: The opportunities associated with unifying communications can transform the day-to-day operations and capabilities of an organisation; understanding the commercial, as well as the cultural, impact of such a strategy is essential to its success. It’s easy to get swept up in the hype and demand for unified communications, so clarifying the business’s objectives upfront (with all required parties) is therefore a priority. This will help to define the scale of the project; map resource; factor in training, and set realistic expectations for the adoption of new processes. Unifying communications will affect the culture of an organisation, particularly where collaborative tools are introduced and roles are evolving, so engage other departments such as HR and legal in the planning and implementation process – for their expertise and support. 2 – Optimise: In the current financial climate, sweating your assets is an all too common phrase. However, conducting a review of existing infrastructure and applications will often uncover significant under-utilisation of these technologies, and highlight key features lying dormant or processes that are misused. 50 VitAL : September / October 2009
Internal training is a simple and effective method of ensuring existing tools are being optimised to their full potential, and doesn’t need to onerous on the IT department; training sessions can be conducted as webinars or delivered via YouTube, for example. 3 – Integrate: Piecing together the components of an ICT architecture is pivotal to the Communications, Unified philosophy. Whether configuring multi-vendor technologies or synching partner applications, the aim is to create a seamless, automated environment that reduces duplication, and facilitates greater interaction and knowledge transfer. Even the simplest tweaks such as enabling employees to share calendars or reviewing user access profiles for departmental applications, can have a significant impact on day-to-day operations, and require minimal effort to apply. Sharing basic collaboration tools, such as Skype or MSN, in order to communicate with colleagues can also benefit the organisation. Indeed many contact centre environments are using these tools to engage with customers who want a real-time resolution to their query. With the proper parameters in place, these tools are extremely cost-effective, and when deployed company-wide, will facilitate
knowledge transfer. In the case of the contact centre example, agents can quickly identify the correct in-house expertise and seek answers to customer queries far more efficiently. Larger projects, such as reconfiguring and integrating disparate but complementary processes, will automate data share and capture across an organisation, streamlining the supply chain. 4 – Consolidate: As organisations flex and scale in the wake of expansion and recession, the process of procuring and making redundant network connections and hardware becomes increasingly complex. Compounded by an increase in remote and mobile working, where ICT investment reaches beyond the office perimeter, managing expenditure can be challenging and time-consuming. The process of better integrating communications infrastructure will naturally weed out inactive technologies and force the consolidation of hardware/software, thus reducing operational expenditure and maintenance complexity. Such integration will also automate previously manual tasks too, streamlining departmental processes or ICT maintenance. Further reductions can also be realised through third-party managed services such
vital processes
as telecoms expense management, which will constantly research and dynamically move fixed and mobile network contracts onto the best possible tariffs. 5 – Manage: Managed services have significantly matured and today bring far greater flexibility and stability to operational processes and budgets. Ranging from 24/7 maintenance to managed applications, the ‘virtual ICT team’ approach allows organisations to focus on seeking value-add from its assets, and identify new technologies that support the accomplishment of longterm business objectives. 6 – Evolve: As described earlier, the term unified communications is associated with hundreds, perhaps thousands of different technologies. While this can make it difficult to identify which new solutions are best for the business, it also means there are
plenty of options for evolving a bespoke communications unified strategy.
Integration & evolution The possibilities are endless, so take it back to step one (Define) and invest only in what your business needs and at a pace that ensures proper integration between technologies and employees. Communications, Unified is a strategy that holds integration and evolution at the core; it enables cultural change without disruption, and helps businesses realise commercial gains of a unified architecture without requiring significant upfront investment. It’s a migration strategy that delivers the same benefits associated with unified communications but is unique to each individual business. VitAL www.proximitycomms.com
Give a man a fish, and feed him for a day. Teach him to fish, and you feed him for life.
Service management
At ICCM, we believe customers who wish to be self-sufficient should have the ability and the tools to do so. Changes, administration, upgrades, enhancements and maintenance to our solution, e-Service Desk can be done with minimal time and skill, substantially reducing the total solution cost of ownership. Furthermore, we give you a full round-trip of ITIL® strategy and business alignment tool coupled with 33 ‘out of the box’ modules all underpinned by the leading Business Process Management platform. In short, our solution set enables you to gain greater value in today’s challenging business climate.
training in particular, becomes vitally important in tough economic times because it will be those operations that can adapt quickest to changing circumstances
“e-Service Desk gives us the tools internally to build different that us willtobe strongit in every processes around our needs allowing leverage aspect of our business.” enough to survive,
BBC Worldwide
and even thrive, under Solutions
the present economic www.iccm.co.uk info@iccm.co.uk
Extraordinary Service Desk Software created within the Leading Process Improvement Architecture
climate.UK tel: +44 (0) 1666 828 600
September / October 2009 : VitAL 51
vital processes
The quest for quality Quality of experience is increasingly the focus of IT service managers’ conversations. Here, service management consultant Peter Suba gives an overview of what QoE is, its applications and its relationships with IT service management.
M
easuring the quality of IT services has developed into an art. The days of focusing metrics on simply satisfying the requirements of an SLA are behind us, and modern IT organisations increasingly understand the need for more holistic measures. Terms such as customer satisfaction and quality of service have entered everyday language for the IT service manager, with tools such as point surveys and balanced scorecards in demand. Typically, these reflect a specific scope and are therefore subject to specific objective metrics. Yet you cannot manage what you cannot measure, and understanding the full breadth of the user or customer’s experience – not just with the service but also with its provider – is fast becoming a key measure of success. Quality of experience (QoE), sometimes referred to as quality of user experience, attempts to plug the gap by taking a step into the world of the user themselves, to understand their experience of the services and their providers in as broad a way as is practicable.
Measuring the quality and the width QoE, therefore, is not something that can or should be measured with a single metric. It is multi-faceted, multi-dimensional, and a broad spectrum of factors needs to be taken into account. Nonetheless, as with any metric used to control activities, it is vitally important that QoE metrics remain specific, measurable, achievable, realistic and timely (SMART). Perhaps a priority dimension is the precise definition of the customer, or customer groups. Experience of a service may be completely different for the day-to-day users of an application and their line management. Grouping customers appropriately ensures that not only is obtaining a valid picture of their 52 VitAL : September / October 2009
QoE achievable, but that its relationship to their business priorities can also be understood. This implies that QoE is measuring an area of strategic business importance, and cannot be left simply to technology silos. This is a business measure, but one led and governed by the IT service management layer. Clearly the specific metrics will vary from organisation to organisation, but with the goal of understanding the user’s experience of a service and its provider in mind there are some areas of measurement that will be typical. These will fall into certain common groupings, for example technical aspects, such as: - Connection to and availability of a service; - Responsiveness of an application and its ease of navigation; - Level of security. As well as aspects of user interaction, such as: - Number of processes executed by the user; - Effectiveness (success/failure ratio); - Efficiency (number of steps to complete an action); - Proficiency (number of errors); - User identification and validation. It also needs to take into account Business/ Financial aspects, such as: - Visibility of costs and charges; - Value for money; - Utilisation And satisfaction aspects, such as: - User and stakeholder satisfaction; - Percentage of users requesting support; - Percentage of support requests chased and number of complaints; - Commendations. This is by no means an exhaustive list, and for each organisation what is actually measured will be constrained by what is practicable to measure in a SMART fashion, and what sources of information are realistically
Measuring the quality of IT services has developed into an art. The days of focusing metrics on simply satisfying the requirements of an SLA are behind us, and modern IT organisations increasingly understand the need for more holistic measures.
vital processes
September / October 2009 : VitAL 53
vital processes
available. Typically measurement data will come from a number of sources, including technology solutions, management tools, surveys, business information, etc. For example, to measure the QoE related to an application service one might need to survey the user groups, to understand costs (and charges) verses the value of service outcomes, review reports from relevant monitoring technologies, to measure performance from end-to-end with a view on how it affects the business process, etc. Validation of results should be seen in a strategic context, something to which ITIL’s service strategy can add value. For instance, measuring QoE when outsourcing a service might initially show a discrepancy between the experience of end users, who may be tackling a significant operational change, and that of a manager for whom strategic objectives are being met. The patterns of business activity (PBA) methodology described in ITIL’s service strategy publication may further assist organisations in the art of defining QoE metrics. Without factoring BPA in, there’s a good chance that the result of QoE will be unfavourable or misinterpreted. There is also a close relationship with business process management (BPM) which helps understanding of the relevant underlying business processes.
A lifetime of experience Measuring QoE should form part of the IT service manager’s ‘tool kit’. In generic terms it is a practice to enhance the wider ITSM framework, and complements and interacts with service catalogue management, service level management etc. For example, organisations might find QoE is most practicable where the service catalogue has a number of services closely mapped onto specific line of business applications. In this case, QoE of a specific service can constitute an important part of the overall service reporting approach, giving a different viewpoint which does not necessarily align to the quality of service when looked at from an SLA conformity perspective. QoE measures might also form 54 VitAL : September / October 2009
excellent indicators for continual service improvement initiatives. Proactive problem management will be enhanced by the availability of QoE information, and change management will benefit from the opportunity to evaluate how change has impacted its customer groups with a ‘before and after’ analysis. One further aspect that should be mentioned is the framework of business stakeholder management, or communication between IT and the business. Using QoE measurement to assist the understanding of the end user perception of services is a good way to demonstrate to the business community how IT listens to its viewpoint and aims to improve overall satisfaction with the IT function. At present, many QoE initiatives are reactive and are most often launched by business management following a failed or problematic implementation project or troublesome process period. While these are valid, perhaps the greatest value will be found in taking a proactive and ongoing approach to QoE, seeking to also understand where user experience is positive, consistent and, indeed, where the services are working well! Some activities associated with continual service improvement might also be considered to be QoE improvement initiatives. However, research suggests that the primary driver behind a business’s QoE initiative is to increase employee productivity. The modern IT service manager needs to fully grasp such drivers if initiatives launched from within the IT organisation are to focus beyond applications and infrastructure and improve IT’s support of the business.
Armed with experience Quality of experience is another tool in the IT service manager’s armoury, and is highly effective when aligned with ITIL v3, which offers a number of methods and approaches which will support the introduction of an effective QoE framework. It will, however, always be limited if aligned to technologies rather than end user services and the needs of the business. VitAL www.icore-ltd.com
Quality of experience is another tool in the IT service manager’s armoury, and is highly effective when aligned with ITIL v3, which offers a number of methods and approaches which will support the introduction of an effective QoE framework. It will, however, always be limited if aligned to technologies rather than end user services and the needs of the business.
vital events
Optimising IT services for business success As every organisation in the UK, not to mention every developed economy in the world faces economic downturn, service management and the tangible benefits it can bring move into focus for many organisations. itSMF UK CEO, Keith Aldis says in order to survive we need to adopt, adapt and improve to face up to the challenges. One thing that is certain is that service management is vital to survival.
A
t the heart of service management are the principles of delivering IT services that are continually cost effective while delivering the business benefit they set out to meet. It can be used to address the inefficiencies in systems, processes and workforce allowing you to become more resourceful and save money. With this in mind the itSMF UK 18th Annual Conference focuses on ‘Optimising IT Services for Business Success.” It is the world’s leading IT service management conference; a space where the industry convenes to learn, discover, interact and exchange ideas, skills and products. The conference will once again be held at the Hilton Birmingham Metropole on 9th-10th November 2009 and plans to be even more successful than last year’s which was rated ‘the best yet’ by itSMF members, with approximately 1,200
56 VitAL : September / October 2009
attendees from over 45 nations.
Revamped programme This year the itSMF has revamped the programme to ensure true value and is now hosting approximately 60 seminars split between seven streams: lessons learned; tips and techniques; working together; the human factor; facing the future; and responsive interactive sessions and experiential learning sessions. Also let’s not forget that the conference is also home to best collection of IT service management suppliers of products, training and consultancy under one roof – with an 80-strong exhibition across the two days. June saw the impressive addition of BCS as Platinum sponsor for the event. “To have BCS as Platinum sponsor for this prestigious event is a fantastic step and demonstrates just how important to the IT industry IT service
management is today,” stated Ben Clacy, head of global business development at itSMF UK. “Organisations are continuing to realise the real benefits that quality service management can deliver and in the current climate this event is helping to demonstrate to boards throughout the UK and beyond, that IT service management is one of the key priorities for a business today.” The event also hosts a prestigious awards dinner which recognises outstanding achievement in the field of service management, further information on the awards can be found at: www.itsmf.co.uk/awards09 Be sure to gain the best value from the itSMF UK Conference by taking advantage of the ‘Early’ booking discount! Further details on all aspects of the Conference can be found at: www.itsmf.co.uk/conference09
vital events
A sneak preview of some of the seminars Stream: Working together Delivering IT services on a massive scale: case studies in best practice Mark Hall, director of information technology, HM Revenue and Customs HM Revenue and Customs has one of the largest IT service environments in the UK. Collecting £457 billion of Revenue in 2007-08 and protecting UK frontiers 24/7 IT service management environments don’t get much more challenging or visible. This is the story of that service and of one of the largest outsourcing arrangements in the world. Areas covered will include: the move of one of the UK’s most critical services in a single weekend, the success of online self assessment filing, improving IT Security and improving availability.
Stream: The human factor Does your IT service organisation measure anything useful? Ivor McFarlane, IBM Ltd IT people and business people are different. Traditionally in IT we need to understand how things work, get our kicks from fixing things when they break. The business should be able to view IT as a utility, a taken-forgranted foundation on which they can build their services to their customers. IT service management’s (ITSM) focus should be on what they deliver, not on the tools they use. This fundamental mismatch requires IT to take a perspective on what matters to the business. This perspective needs to be supported by appropriate measurements. These measures need to capture what matters to the supported business – and these tend to be ways of looking and measuring that are nor intuitive to IT, and need to be thought about by ITSM. This talk will describe – in the presenter’s experience and perspective - the background, consider the current situation and explore a mindset and approaches that can describe service management effectiveness in a way that actually reflects its value to the customers that are paying for it.
Stream: Lessons learned Relationship management – An evolving story Conor O’Brien, head of IT service delivery & operations, Eversheds LLP Wendy Owen, IT training & relationship manager, Eversheds LLP Over the last two years, Eversheds LLP has been adopting ITIL and implementing ISO20000, and has struggled to find real-world examples of best practice in the implementation of business relationship management. Consequently, through trial and error, it has made some mistakes and achieved some success along the way; this presentation will highlight its experiences from the ‘birth and growing pains’ of business relationship management through to ‘adolescence’, giving you a head start if you are in the process of implementing BRM in your organisation, or are about to embark on that journey.
Stream: Facing the future Service management in difficult economic conditions Adam Poppleton, senior IT consultant Hampshire County Council
What part does service management have to play in keeping the boat afloat as we sail these treacherous economic waters? This presentation will examine the Hampshire County Council implementation of service management, including key lessons learned and examples of how it is being used to achieve success against the aims of reducing costs, improving efficiency and improving quality to the customer - especially in these ‘uncertain’ economic times.
Interactive: risk management in practice! Signe-Marie Hernes Bjerke DNV Certification Ltd An ISO Standard for risk management has been issued. Within IT service management we all know the benefit of a common vocabulary and a common approach. This workshop will give an introduction to the risk management process. The participants will carry out a risk assessment using an example from availability and continuity management. The workshop itself will be an example on how to carry out a real risk assessment at their workplace. We will also discuss important principles for risk management in general as well as how it could be implemented in an organisation.
Stream: Working together Sopra Group and easyJet’s agile team-working delivers real benefits Bob Craig, divisional director, Sopra Group Colin Rees, head of development, easyJet This session will focus on Sopra Group and easyJet’s working relationship to support and manage several of easyJet’s business-critical applications. The relationship is founded on the seamless integration of easyJet’s team at Luton Airport and Sopra Group’s Luton-based and offshore (India) teams: one project, one team, multiple locations; recognition that good and effective communications are essential in such a relationship and involvement of the offshore team at the earliest stage in the life-cycle.
Stream: Facing the future ITIL v3 – The opium of IT service management? Kevin Holland, head of service quality improvement NHS National Programme for IT – NHS – Connecting For Health Brenda L Peery, IT service management architect & programme analyst, Tractare Ltd. For many years opium was widely used to reduce pain. It worked and was seen to work, but didn’t remove the true cause of the pain. Is ITIL often used in the same way, reducing the pains of IT without addressing the root cause? Research shows that few organisations go beyond implementing the service desk, perpetuating spend on this particular painkiller. When ROI is an absolute must, how can you justify developing ITSM beyond the basics? This presentation will highlight true costs of the ‘painkillers’ in order to illustrate the value of implementing the pro-active aspects of the service lifecycle. It will help you to justify investment in ITIL v3 to your CEO, and create the most beneficial path to the future.
September / October 2009 : VitAL 57
vital planet
Sustainability in IT: more than just being green A truly sustainable model for IT in the future looks at all the processes in place as well as the technology, and at how to make the business work more effectively. Lubos Parobek, VP product management at KACE reports.
58 VitAL : September / October 2009
vital planet
Using tools to auto-discover assets on the company network, as well as software licences installed can provide two main benefits: firstly, it shows what is installed on the company’s systems and where. Secondly, the business can use this information to improve its approach to patching and updating applications, making systems more secure in general.
S
ustainability can be generally looked at as the aim of reducing the amount of resources required by a process or organisation, so that the overall result is less impact on the wider environment. In the green IT world, most of the coverage that you might read has focused on how to reduce the amount of power consumed by the business, as well as looking at initiatives such as the recycling of old IT resources. A truly sustainable model for IT in the future looks at all the processes in place as well as the technology, and at how to make the business work more effectively. IT budgets tend to be split in two ways: a certain amount is for keeping the lights running and for the ongoing management of IT, while the rest is for new technology that can improve overall performance. Typically, the split is around 80 percent on maintenance and licences for existing products, while around 20 percent is earmarked for opportunities to be innovative. Taking an approach to IT activities based on sustainable principles can help to reduce costs in the ongoing part of an organisation’s budget, freeing up funds to be more creative.
Power management Looking at power management, IT managers have heard how they should exhort staff to turn off desktops whenever they are not in use. However, the standard response from IT is that this affects their patching and update strategy, which is often carried out around normal business hours. Aside from the impact
on IT staff having to work longer, the technology is readily available to put desktop machines to sleep where required, and wake them up if and when application updates are available and ready to be installed. There is now no excuse from a technical perspective not to look at this approach, while from a budget standpoint, any investment in IT to roll this out can be justified thanks to the power savings that can be delivered. Delivering this level of automation makes life easier for IT staff, as they can more easily report on the success of updates carried out, while it also adds an element of green IT to the mix.
Beyond power reduction Areas where a ‘sustainable IT’ strategy can be applied go beyond just reducing power or cooling costs; how an organisation runs its help-desk is one example of how to look for opportunities to streamline processes. Most businesses still don’t have full asset management and discovery procedures in place, despite the overhead this can add to the IT team when it comes to support. The volume of assets that IT is responsible for continues to grow, and the additional complexity that comes with virtualisation or other new technologies means that support is often one of the biggest overheads for IT. This leads to the level of cost that is incurred becoming unsustainable, as the IT budget is swallowed up by support and additional staff costs. Organisations should be able to point to one central store of information for all their IT September / October 2009 : VitAL 59
vital planet
Go green, save green
C
orporate concern for environmentally friendly practices has risen in the past several years and
fortunately, for both the environment and individual companies, many green practices are also friendly to the company checkbook. For example, telecommuting by IT staff and other employees can save companies money by reducing the need for office space and utility costs, not to mention carbon emissions. IT workers may even be willing to take a pay cut to work from home. In a June 2008 survey, IT job site Dice found that 37 percent of IT workers say they’d accept up to a 10 percent lower salary to work full-time from home. Telecommuting is such a prized job perk that both parties benefit, employers by saving on salaries or other costs and workers by saving on personal commute expenses. Companies also may gain a competitive edge by hiring better talent because they offer telecommuting as a job perk. In a May 2008 online survey, the Telework Coalition found that 87 percent of respondents would limit a job search based on potential commute costs. Indeed, 28 percent said they’re already looking for a new job because of the cost of commuting. To help the company realise the benefits of telework, IT may need to implement new technologies (if they are not already in assets. However, all too often this data is not kept up to date, leading to further problems with supporting assets. The growth of consumer devices that can also be used for work purposes, such as the iPhone, has added to this problem. Looking at the organisation’s help-desk, support and asset management strategy is therefore one area where sustainability is required.
place): Remote management so IT can be sure home-based
Auto-discovery
makes possible the fast connections desirable for worker
Using tools to auto-discover assets on the company network, as well as software licences installed can provide two main benefits: firstly, it shows what is installed on the company’s systems and where. Secondly, the business can use this information to improve its approach to patching and updating applications, making systems more secure in general. The element of sustainability is that all this can be automated, leaving the IT team free to concentrate on more useful activities and providing more value back to the business. There is another benefit that can be achieved: applications that have not been used for some time can be rationalised to achieve a cost saving as well. For the future, IT has to look at itself as being part of the overall business processes and how it can deliver greater value back to the organisation. However, the way to achieve this is through looking to reduce ongoing IT costs and increase innovation. Automating IT management tasks where possible is one approach to reducing the level of ongoing costs that comes out of the budget, while freeing up time and resources to be more inventive. In this way, IT can sustain itself and the business it supports. VitAL www.kace.com
productivity.
60 VitAL : September / October 2009
PCs comply with corporate policies, secure remote access and new collaborative technologies such as VoIP (voice over IP) and Web conferencing to make telework more appealing and cost effective for both workers and employers. If your company evaluated telecommuting in the past, things have changed. Higher penetration of residential broadband today
Telecommuting pinches plenty of pennies for employers. In 2005, Sun Microsystems reported saving $255 million in real estate costs over four years by eliminating or avoiding the need for 7,700 cubicles and workstations. Nortel Networks saves $22 million per year in real estate and energy costs as a result of telecommuting employees. Lexis-Nexis, which started a telecommuting pilot in 1995, saved $6 million in the first year, and the programme continues to run profitably. At Hewlett-Packard, 70 percent of employees telecommute at least occasionally and nearly 13,000 employees work exclusively from home offices. In 2006, HP’s full-time teleworkers saved almost 2.5 million round drips, avoided 85 million miles of road travel and almost 28,000 tons of CO2 emissions. At IBM, more than a third of its 100,000-plus employees participate in workfrom-home or mobile employee programmes. Taken from the Kace white paper Top 10 Ways to Increase IT ROI Without Adding Staff available at: www.kace.com/resource-center/white-papers.php
directory
Customer Service & Call Centre Solutions Customer Service Network
Creative Industries Centre, Wolverhampton Science Park, Wolverhampton, WV10 9TG T: 01902 311641 F: 01902 311637 W: www.customernet.com C: Chris Walker E: chrisw@customernet.com Customer Service Network are experts in Customer and Employee perception measurement. We work with many of the UK’s leading names to help them better understand what their customers and people want. Contact us to find out how we can help.
General Training
IT Service Management Consulting Training
UKCMG
FOX IT
Suite A1, Kebbell House, Carpenders Park, Watford. WD19 5BE
Chester House, 76-86 Chertsey Road, Woking, Surrey, GU21 5BJ
T: F: W: C: E:
T: F: W: E:
+ 44 (0) 20 8421 5330 + 44 (0) 20 8421 5457 www.ukcmg.org.uk Laura Goss, UKCMG Secretariat ukcmg@ukcmg.org.uk
UKCMG is an independent, non-profit, user group organisation targeted at improving members’ knowledge, skills and abilities in Capacity Management and related IT service management disciplines. We achieve this through a combination of events including, a three-day Annual Conference and networking between end-users, consultants & suppliers
+44 (0) 1483 221222 +44 (0) 1483 221500 www.foxit.net enquiries@foxit.net
Fox IT is a global independent Service Management specialist having undertaken transformation engagements in over 50 countries. Recognised as the premier supplier of Consultancy, Education, Solutions and Accelerators, Fox IT has the most extensive ITIL based ITSM and Governance practice in the world.
Helpdesk Internal/External FrontRange Solutions
ICCM Solutions
™
100 Longwater Avenue, GreenPark, Reading, RG2 6GP T: +44 (0)870 401 7300 F: +44 (0)870 401 7301 W: www.frontrange.co.uk C: Chantelle Mearing E: chantelle.mearing@frontrange.com With over 8500 customers worldwide, FrontRange are the leading provider of consolidated IT Service solutions, including: • HEAT Service & Support — Award-winning Incident Management & Helpdesk Automation • FrontRange ITSM — Fully integrated, scalable, ITIL aligned IT Service & Infrastructure Management.
Unit 4 Charlton Business Park, Crudwell Road, Malmesbury, Wiltshire, SN16 9RU T: + 44 (0) 1666 828 600 F: + 44 (0) 1666 826103 W: www.iccm.co.uk C: Kate Colclough E: info@iccm.co.uk ICCM supply Service Desk software created within Metastorms™ leading process improvement architecture. This collaboration delivers unparalleled Service Management capabilities across all industries and business functions. By developing its technology from the process up around the ITIL® framework ICCM’s software allows customers to tailor processes around their company’s actual needs.
Qualifications and Accreditations Hornbill Systems
APMG
Your VitAL Magazine News, Views, Strategy, Management Case studies & Opinion pieces To advertise in VitAL contact
Ares, Odyssey Business Park, West End Road, Ruislip, HA4 6QD
Sword House, Totteridge Road, High Wycombe, Buckinghamshire, UK
T: 020 8582 8282 F: 020 8582 8288 W: www.hornbill.com C: Sales E: info@hornbill.com
T: F: W: C: E:
Supportworks’ Enterprise Support Platform (ESP) provides a fully integrated platform for automating and managing Service Management related processes. Supportworks ESP is the foundation of Hornbill’s ITIL, Helpdesk, Customer, HR and Industry Support solutions. Supportworks ITSM is certified Pink Verify Enhanced.
+ 44 (0) 1494 452 450 + 44 (0) 1494 459559 www.apmg-uk.com Nicola McKinney nicola.mckinney@apmgroup.co.uk
As an accredited ITIL® Examination Institute, APMG offers our training organizations a range of benefits to help them demonstrate the quality and professionalism of their services. Call us to find out how your business could benefit from our accreditation services.
Grant Farrell on +44 (0)1293 934461
vital Inspiration for the modern business
vital-mag.net September / October 2009 : VitAL 61
directory
Publications, Events, Conferences CUSTOMER MAGAZINE
31 Media, Crawley Business Centre, Stephenson Way, Crawley, West Sussex, RH10 1TN
IT Service Management Consulting Training Wardown Consulting
IT Security emereo solutions (uk) ltd
Prudence Place, Proctor Way, Luton, Bedfordshire. LU2 9PE
6 Rickett Street, London SW6 1RU
T: +44 (0) 1293 934461 F: +44 (0) 870 085 8837 W: www.31media.co.uk C: Grant Farrell E: grant.farrell@31media.co.uk
T: 01582 488242 F: 01582 488343 W: www.wardownconsulting.co.uk C: Rosemary Gurney E: rosemary.gurney@wardownconsulting.co.uk
T: 0871 717 7294 W: www.emereo.eu C: Andrew Smith E: marketing@emereo.eu
Customer is a UK based magazine for senior professionals who are committed to ensuring their businesses are totally customer centric. With a pragmatic editorial approach Customer aims to bring clarity and vision to a sector that has become increasingly complex.
Wardown Consulting was established to help businesses capitalise from the substantial benefits that IT Service Management can deliver. Our consultants boast a wealth of industry experience and are accredited to deliver ITIL v2 and v3 training.
and data loss prevention solutions to
Emereo provides end-point security organisations wishing to protect their data and information without inhibiting their people. Our chosen solution, DriveLock, ensure IT security policies are both people- and information-centric.
IT Service Management Systems InfraVision
Delegate House, 30A Hart Street, Henley-on-Thames, Oxon, RG9 2AL T: F: W: C: E:
+44 (0) 1491 635340 +44 (0) 1491 579835 www.infravision.com Nigel Todd n.todd@infravision.com
InfraVision improves your service organisation, delivering value to your company’s core business. The unique combination of ITIL process knowledge and thorough knowledge of Service and System Management Software enables us to deliver successful implementation within the defined budget.
Kepner-tregoe
NetSupport Software
Quayside House, Thames Side, Windsor, Berkshire, SL4 1QN T: +44 (0) 1753 856716 F: +44 (0) 1753 854929 W: www.kepner-tregoe.com C: Steve White E: swhite@kepner-tregoe.com
Towngate East, Market Deeping, Peterborough, PE6 8NE T: +44 (0) 1778 382270 F: +44 (0) 1778 382280 W: www.netsupportsoftware.co.uk C: Colette Reed E: colette@netsupportsoftware.co.uk
Kepner-Tregoe provides consulting and training services to organizations worldwide. We collaborate with clients to implement their strategies by embedding problem-solving, decision-making, and project execution methods through individual and team skill development and process improvement. Clients build competitive advantage by using our systematic processes to achieve rapid, targeted results and create lasting value.
IT Service Management Systems
NetSupport are developers of desktop management and remote control software packages. The product range comprises NetSupport Manager Remote Control, NetSupport DNA Helpdesk (providing a web-based ITIL-compliant helpdesk), NetSupport DNA Asset Management Suite and NetSupport Protect desktop security and recovery.
IT Service Management Consultants
Pink Elephant
Sunrise Software
iCore
Atlantic House, Imperial Way, Reading. RG2 0TD
50 Barwell Business Park, Leatherhead Rd
60 Lombard Street, London. EC3V 9EA
T: F: W: C: E:
+ 44 (0) 118 903 6824 + 44 (0) 118 903 6282 www.pinkelephant.com Frances Fenn info.emea@pinkelephant.com
Acknowledged worldwide as niche, independent, IT Service Management Education and Consulting providers. Having trained more people than any other company in ITIL related subjects since 1987, we have contributed to all 3 versions of the ITIL books.
62 VitAL : September / October 2009
Chessington, Surrey. KT9 2NY T: +44 (0) 208 391 9000 F: +44 (0) 208 391 0404 W: www.sunrisesoftware.co.uk C: Angela Steel E: welcome@sunrisesoftware.co.uk Sunrise is a leading independent provider of service management software solutions for IT and across the organisation, with a customer base of over 1000 blue chip and public sector organisations.
T: F: W: E:
+44 (0) 207 464 8414 +44 (0) 207 464 8888 www.icore-ltd.com enquiries@icore-ltd.com
iCore is the UK’s largest independent service management consultancy. From best practice alignment, governance, outsourcing and contract consulting to ITIL training and recruitment — our range of high quality services help to ensure our clients optimise ROI through the deployment of efficient and effective IT service provision methods and sustainable controls.
directory
Industry Body / Association BCS
IT Service Management Consulting Training
avocent landesk
North Star House, North Star Avenue, Swindon, SN2 1FA
IT Service Management Systems
T: +44 (0) 1793 417596 W: www.bcs.org C: Suky Kaur Sunner E: suky.kaursunner@hq.bcs.org.uk BCS is the leading professional body for those working in IT. We have over 65,000 members in more than 100 countries and are the qualifying body for Chartered IT Professionals (CITP). Please go to www. bcs.org to learn more.
Dukes Court, Duke Street, Woking, Surrey GU22 7AD
House-on-the-Hill Software
T: +44 (0) 1483 744444 F: +44 (0) 1483 744401 W: www.landesk.com C: Sarah Lewis E: sarah.lewis@avocent.com Avocent delivers IT operations management solutions that reduce operating costs, simplify management and increase the availability of critical IT environments 24/7 via integrated, centralized software. This includes Systems Management, Security Management, Data Centre Management and IT Service Management.
127 Stockport Rd, Marple, Cheshire SK6 6AF T: +44 (0) 161 449 7057 F: +44 (0) 161 449 7122 W: www.houseonthehill.com C: Tim Roche E: info@houseonthehill.com Specialists in providing comprehensive solutions for any size business on time, in budget and carefully tailored to your needs, House-on-the-Hill produces SupportDesk; the most flexible ITILcompatible Service Management solution on the market. House-on-the-Hill provides comprehensive solutions for over 500 businesses worldwide.
IT Service Management Systems
Customer Service & Call Centre Solutions
Publications, Events, Conferences
tesseract
Customer Service Network
TEST MAGAZINE
1 Newmans Row, Lincoln Road, High Wycombe, Buckinghamshire, HP12 3RE T: +44 (0) 1494 465066 F: +44 (0) 1494 464756 W: www.tesseract.co.uk C: Mark Montgomery E: websales@tesseract.co.uk
Third Avenue, Globe Business Park
31 Media, Crawley Business Centre, Stephenson Way, Crawley, West Sussex, RH10 1TN
Tesseract’s Service Centre is a true web product using Microsoft.Net Technology and as a browser based product supports multiple databases, allowing for a ‘zero footprint client’. Running on an IIS server the system also supports remote communications via the internet. The system can be hosted to reduce installation costs.
Marlow, Buckinghamshire SL7 1EY T: +44 (0) 1628 898 888 F: +44 (0) 1628 898 777 W: www.kana.com C: Warren Holtman KANA helps the world’s best known brands master customer service experience. Our solutions help companies create consistent, knowledgeable conversations with customers across every channel; phone, email, chat, and web. KANA’s clients report significant increases in customer satisfaction and loyalty.
T: F: W: C: E:
+44 (0) 870 863 6930 +44 (0) 870 085 8837 www.31media.co.uk Lorretta Walsh lorretta.walsh@31media.co.uk
The European Software Tester is a publication designed specifically for individuals and organisations aligned with software testing. With independent, practical, and insightful editorial T.E.S.T aims to inspire its readers and provide its advertisers with a clearly defined route to market.
IT Service Management Consultants EMC
Connaught House, Portsmouth Road, Send, Surrey, GU23 7JY T: F: W: E:
+44 (0) 1483 213 200 +44 (0) 1483 213 201 www.infra.co.uk infra-info.uk@emc.com
Based on ITIL best practice, EMC’s IT Service Automation & Operations solutions deliver end-to-end IT Service Management, visibility and control by enabling and improving the Service Desk function, servicecentric CMDB population and federation, as well as key processes.
IT Service Management Forum
FGI
. 150 Wharfedale Road, Winnersh Triangle, Wokingham, Berkshire. RG41 5RG
Warwick Innovation Centre, Warwick Technology Park, Gallows Hill, Warwick, Warwickshire, CV34 6UW
T: F: W: C: E:
0118 918 6503 0118 969 9749 www.itsmf.co.uk Ben Clacy ben.clacy@itsmf.co.uk
The itSMF is the only internationally recognised and independent organisation whose sole focus is on the on-going development and promotion of IT Service Management ’best practice‘, standards and qualifications. The forum has 14,000 UK members and official itSMF chapters in 44 countries
T: +44 (0) 1926 405 777 F: +44 (0) 1926 405 778 W: www.fgiltd.co.uk C: Jayne Neal, Sales Manager E: jayne@fgiltd.co.uk FGI are leading suppliers of ITIL®, PRINCE2™ and ISO20000 training and consultancy. Our dedication to these core competencies allow us to provide the highest quality service. We work with your organisation to understand and develop the most effective training programmes.
September / October 2009 : VitAL 63
secrets of my success
Jonathan Westlake Staffordshire University “The things I like best about the job are the constant change and thirst for knowledge and understanding. To put it another way, I suppose I’m Introducing VitAL’s newest
being modestly paid for doing something which
columnist from the world of
represents a hobby!”
academia, Jonathan Westlake. Jonathan is a senior lecturer in the Applied Computing Department at Staffordshire University in Stafford. Originally,
VitAL: Name, company and job title please? Married? Kids? Jonathan Westlake: Jonathan Westlake, Staffordshire University Senior Lecturer. Married for 12 years and with two pet guinea pigs. No children as yet but plenty of nephews.
North Staffordshire Polytechnic, the University still retains a vocational approach and is noted for its science departments. The School of Computing was originally situated in electronics giant GEC’s former Nelson Research Laboratory. It offered one of the first BSc courses in computing in the United Kingdom. The School of Computing offers one of the most respected computing degrees in the UK. Here Jonathan shares some insights with us and tells us the secret of his success...
64 VitAL : September / October 2009
VitAL: What got you started in IT? JW: Purely by chance. 1982 was the Year of IT and I was fortunate enough to be given the chance to work in the internal IT Services Bureau with the company that sponsored me through my degree. 27 years on and I’m still in IT and it still excites me. VitAL: Was there any one person or organisation that was your inspiration? JW: I’ve only worked for three firms prior to joining Staffordshire University in 1996. The company mentioned above, a large engineering firm and a small software house. At each firm I have received guidance and inspiration with either a technical aspect, commercial aspect or people skills aspect. None of the help I received has been forgotten and has always encouraged me to help others in my various roles over the years. VitAL: What was your first IT job and what was your first major IT triumph? JW: My first IT job was as junior systems analyst. There were lots of little triumphs in my early days such as loading tapes the right way and other related housekeeping jobs. More difficult tasks inevitably followed.
VitAL: Did you ever make any embarrassing mistakes? What did you learn from them? JW: Countless and too many to list but I have learnt more from the failures/mistakes than the occasional triumphs. VitAL: What do you like best about your job? JW: The things I like best about the job are the constant change and thirst for knowledge and understanding. To put it another way, I suppose I’m being modestly paid for doing something which represents a hobby! VitAL: What is your biggest ambition? JW: My ambition has always been to provide a good service and help to solve business problems using IT. The pastoral side of my job as a lecturer has become an increasingly enjoyable aspect and goes to show that ambition is difficult to quantify. VitAL: What are your hobbies or interests? JW: I love the outdoors and this represents a total contrast to my day to day IT job. I’m a volunteer ranger at a local country park which provides delights such as strimming; path maintenance and surveying great crested newts. VitAL: What is the secret of your success? JW: To take all the inputs, some of which may be garbage and try to provide an output which makes some sense and so avoid garbage out. Everything else is a bonus. VitAL: Jonathan Westlake, thank you very much.
In Touch With Technology
SUBSCRIBE TO T.E.S.T. Sponsored by
HNOL WITH TEC IN TOUCH
PEA THE EURO
AR N SOFTW
OGY
E TESTER
risk Handling the g -based testin ht with Risk Getting it rig ile; The ering with ag Inside: Deliv
the QA g; Anarchy in tware testin future of sof
Simply visit www.testmagazine.co.uk/Subscribe.html Or email subscriptions@testmagazine.co.uk *Please
note that subscription rates vary depending on geographical location
Published by 31 Media Ltd Telephone: +44 (0) 870 863 6930 Facsimile: +44 (0) 870 085 8837
www.31media.co.uk
Email: info@31media.co.uk Website: www.31media.co.uk
The European Software Tester