What management needs to understand is that having effective and efficient processes aids IT during a downturn and readies organizations for when the economy improves. Efficient and effective processes are needed not just to control costs and risks, but also for IT to sustainably deliver services that meet the needs of the business now and in the future.
ITSM and quality management
While some may view the IT Infrastructure Library (ITIL) and its ITSM philosophy as just another bureaucratic management fad, it can be far more than that when implemented correctly. The objective of ITSM is to provide IT services that meet the needs of the overall organization in the pursuit and protection of goals. This idea of understanding requirements and delivering solutions that meet those requirements is, by definition, a quality management philosophy. Despite this quality emphasis, when we look at the actual ITSM implementation attempts, many have either outright failed or
IT does two things -- create and protect value -- and this is accomplished by providing services to the business that meet the business's requirements. The business must be able to rely on IT to develop or acquire the needed services and, once in production, these services must continue to meet those requirements, including confidentiality, integrity, availability, performance and so on.
This idea of sustainable IT services has two elements. First, the services must be created with ongoing operations -- not to mention security -- taken into account. The auto industry learned the hard way that it had to create cars and trucks that could be serviced. Until that realization, engineers designed vehicles that met their objectives, but when the vehicles needed service, repair was difficult and costly. This led to frustration not only on the part of the mechanics, but also of the customers. As part of the quality movement in the auto industry, they recognized that vehicles go through a life cycle and there is more to customer satisfaction than just buying a car.
This is true in IT as well. Development must take the needs of the business and other IT groups, such as operations and security, into account to deliver reliable service. Notice that I keep saying "services," as this is the perspective that ITSM imparts and why firms must embrace a service development life cycle (SDLC) mindset that is a natural evolution beyond the old system development life cycle perspective. This is because what IT provides to the business isn't just a software application or a "system" in a vacuum. Instead, there is a mixture of hardware, software, documentation, people, facilities and so on that combines to provide a usable, secure service that meets the requirements of the business. Think of a bill of materials, or bill of resources, in manufacturing. It is a hierarchical assembly of parts, subassemblies, machine centers and so on that all roll up to the top item. If you think of an IT service in the same regard, you are on the right track.
Now, for the second part. As the services are developed and put into production, they must be maintained in a controlled manner to continue to meet requirements. The persistent cowboy or firefighter mythos in IT must be abolished and replaced with formal processes that have predictable results.
Prioritizing ITIL processes
The following is a list of ITIL-defined processes that are critical in a production data center environment. The reason for an ordered list is that some are more critical than others for stability. The reason for the list will be explained later in this tip.
- First and foremost, IT operations groups, especially data centers, need to have solid processes to manage changes to production. Whether the environment is made up of 20-year-old legacy systems or cutting edge high-density blade systems, all it takes is one bad change and they can all come crashing down. More insidiously, lots of small, poorly planned changes can create numerous latent errors that aren't readily visible, which then combine at the worst possible time to create problems relating to confidentiality, integrity and availability. Well-designed and implemented change management processes will create stability and allow the organization to make effective tradeoffs around the risks of making and not making changes. To borrow a friend's perspective, without change management as a first step, your ITIL implementation effort may result in the automation of the ability to apologize for downtime, security events and so on.
- Second, there must be a configuration management system (CMS) that stores data about each system and how they relate to create services. Time and time again, I work with organizations that lack visibility to how the various configuration items (CIs) that make up a service relate to one another. This results in poor planning, development, testing, operations and security. Instead, there must be a CMS that has timely and accurate data whose updating is governed by change management. The trick to the smooth implementation and adoption of a CMS is to start as simply as possible, learn and evolve the system.
- Third, there will be incidents -- deviations from standard operation -- for one reason or another. How an IT organization responds to incidents can make all the difference to users, customers and the overall business. This perspective results in a tie between two important processes for third place, from an operation's perspective, for incident and event management. ITIL v3 contains the notion of "events." This critical process spans development, testing and production and seeks to understand the relationship between criteria in the environment and what the IT response should be. In some cases, this diligence will unearth opportunities to automate responses, such as triggering a server to reboot during off-peak hours to recover from a known memory leak. It also allows for lessons learned to be collected and applied via IT Knowledge Management (ITKM) for consistent recovery.
- Fourth, there will always be a need to understand the root cause of problems and eliminate them or prevent them when it makes business sense. This is the domain of problem management. IT organization cannot afford to have repetitive incidents and problems if they can be eliminated.
To explain the rationale of the order, change management and configuration management foster stability and planning throughout the service life cycle. Incident and event are reactionary in nature and help IT define how to respond to situations. Problem management blends a reactive element in dealing with incidents that have an unknown root cause with a proactive element that seeks to prevent incidents and problems in the first place. Is this an order of process implementation that should always be followed? The best answer is that it depends on how you implement them.
For some organizations, change and configuration should be implemented at the same time, then incident and event at the same time, followed by problem management. In other organizations with major stability challenges, the first thing to put in is basic change management to stop the hemorrhaging, something we came to understand when Kevin Behr, Gene Kim and I authored the Visible Ops Handbook. There is an important reason for this -- the same resources that are firefighting are typically the same resources that should be working on projects to move the organization ahead.
Therein lies an important concept for you to ponder -- the most precious resources in IT are our people, and we cannot afford to waste their time firefighting. They must work on projects and planned tasks to move the organization ahead. Thus, we need to have processes in place that create a stable environment, enabling them to do just that.
So, is that it? The short answer is "no." As development begins to create services that are stable and operations maintains them as such, work must be done to further improve IT, and this is where other ITSM processes, such as service-level management, availability, capacity and so on come to play. I am far from an ITIL zealot, but I do believe that ITIL has much to offer if you adopt the processes in a pragmatic manner in the pursuit of organizational goals. ITSM cannot be an ends -- it is only a means to an ends. In the current economy, IT needs to be very cognizant of the needs of the business and how to help enable and protect value.
In conclusion, IT needs effective and efficient processes that deliver predictable results to the business. The business cannot afford to waste resources, including time, money and management attention. Moreover, IT must then be capable of continuing to deliver those services in a sustainable manner that meets requirements, or the business could be put at extreme risk. The need for IT to improve is a constant and must be approached holistically in a manner that creates and protects value for the organization overall.
ABOUT THE AUTHOR: George Spafford http://www.spaffordconsulting.com/ is a Principal Consultant with Pepperweed Consulting and an experienced practitioner in business and IT operations. He is a prolific author and speaker, and has consulted and conducted training on regulatory compliance, IT governance and process improvement.
What did you think of this feature? Write to SearchDataCenter.com's Matt Stansberry about your data center concerns at firstname.lastname@example.org.
This was first published in July 2009