The Business Value of IT Operations Service Life Cycle Management

What do you think of when you think of a "service"? Think about services where you work, you…

  • Flip a switch, the light goes on;
  • Turn a faucet handle, the water flows; and
  • Press an elevator button, the elevator stops at your floor.

You expect for these basic services to be there; to be reliable. These services weren't always reliable in the years when they were first used. What made them reliable was applying consistent, best practice continual service improvement practices.

These rather mundane basic business office services have become reliable as a result of refining and improving technologies, coupled with evolving and improving facilities service management. Now these once unreliable and flawed facilities services are as efficient and consistent as possible, and are just expected to be working within our business environment. The expectations that these services will work all the time make them business utilities because they support and perform service functions that are vital to supporting and improving business.

In many ways, information technology (IT) systems and network services and technologies are at approximately the same stage in evolution as the electricity, plumbing, and lift utility mechanics were in around the 1930s to 1950s; they work most of the time and eventually deliver the services necessary to support business, but in many organizations, IT services are not considered to be completely reliable. In fact, oftentimes, the IT services are not coordinated across the enterprise to the maximum business benefit.

Effective and dependable IT services deliver value to the enterprise customers and help business units to achieve their goals, without requiring each of the business units to address the specific management risks and costs for each of the IT services. Automating IT services can increase business value by making IT services more reliable and consistent and shortening service delivery times. IT has become a utility within most businesses today. Unfortunately, IT is often implemented and managed in such a way that it is not reliable, is uncoordinated throughout the enterprise, and often seems to do more harm than good to the business in the opinions of the enterprise network users, who are IT's customers.

IT services deliver value to the business. If IT does not bring value to the business, it is not a service but rather an expensive business liability.

Addressing IT Service Management

IT leaders responsible for IT service management must be able to answer the following questions if they expect to be effective:

  • Do you know and understand your business objectives?
  • Do you address each problem, incident, and so on, with a consistent approach or in an ad hoc manner?
  • Do you know who your customers are?
  • Do you know what your customers need?

As defined by "The Official Introduction to the ITIL Service Lifecycle" from the Office of Government Commerce (OCG), a customer is, "Someone who buys goods or Services. The Customer of an IT Service Provider is the person or group that defines and agrees the Service Level Targets. The term Customers is also sometimes informally used to mean Uses, for example 'this is a Customer-focused Organization."

  • Are you always reacting to address IT issues? Or, do you also anticipate and prepare IT plans?
  • Do you follow consistent IT service management practices?
  • Do you use automation tools to make your IT services more effective and efficient?

Whether they even realize it, all successful IT leaders use the Deming Quality Cycle; Plan, Do, Check, Act (PDCA), throughout continual IT service improvement and life cycle quality controls. ITIL V3 depends heavily upon using PDCA.

PDCA is discussed in more detail later in this chapter.

To be effective and successful as an IT service management leader, you must:

  • Know and understand what comprises an IT service
  • Know and understand the IT service management life cycle
  • Know and understand the business benefits of IT service management
  • Know where you are within the maturity of your IT service management program
  • Know where you want to get to with regard to the maturity of your program
  • Know the training that you, your staff, and your customers need to make your IT service management program as mature and effective as possible
  • Know and understand the true business benefits of IT service management
  • Know and understand the benefits of using tools to automate IT service management functions

The goal of this book is to help you with each of these important issues.

An Overview of Using Frameworks

Essentially, a framework is a collection of controls organized to highlight what needs to be done at various levels of the organization. It's an outline, if you will, that tells what but not how, because that level of detail is something you must fill in based upon your own organization and its unique environment. Organizations are increasingly realizing the value of frameworks and more often using them to increase business efficiency and integrate supporting controls into the business processes.

As they relate to conformity and compliance, there are many frameworks that are currently being used throughout the world to make many businesses more effective and efficient with a number of compliance and risk management issues. The following list highlights some of the most popular frameworks:

  • Control Objectives for Information and related Technology (COBIT)—Created in 1995 as an IT audit framework, COBIT has evolved into an IT management framework used extensively by IT and Sarbanes-Oxley (SOX) auditors. COBIT is governed by the IT Governance Institute.
  • Committee of Sponsoring Organizations (COSO)—A voluntary private-sector organization formed in 1985 that provides executive management with frameworks and guidance to establish more effective, efficient, and ethical business operations on a global basis. COSO concepts can be used by IT areas to help with risk identification and mitigation activities.
  • ISO/IEC 20000—Used to provide more effective managed services delivery through an integrated process approach to best meet business and customer requirements. The concepts can be adopted within IT to improve IT managed services.
  • ISO/IEC 27001—The specification for an information security management system (ISMS) which, in 2005, replaced the old BS7799 standard, which was originally established in 1995. This is probably the most widely adopted and actively used set of security guidelines by IT practitioners throughout the world.
  • Capability Maturity Model Integrated (CMMI)—Created by the Software Engineering Institute at Carnegie Mellon University in 1991, CMMI was initially developed to track the maturity of software development processes but then evolved into being used to measure the maturity of any type of process. This can be used nicely to determine the maturity of IT processes.
  • IT Infrastructure Library (ITIL)—What is now called ITIL was developed in a project during the mid-1980s, directed by Peter Skinner and John Stewart at the UK Government's Central Computer and Telecommunications Agency (CCTA). It was originally titled "Government Information Technology Infrastructure Management Methodolog" (GITMM) and over several years eventually expanded to 31 volumes of books, each of which covered an IT management topic. It has evolved to ITIL V3, published in May 2007, and is comprised of five key volumes.

All these frameworks, and others, can be used to business' benefit and to make IT service management more consistent and more predictable. Using frameworks within IT service management makes business processes that depend upon IT more predictable.

The Possibilities of ITIL V3

All the previously listed frameworks can provide benefit to any type of business organization. However, throughout this guide, I will be focusing on ITIL V3 as it relates to IT management services. Why? Because it is becoming increasingly important for IT services to be closely aligned and integrated with the business, and ITIL V3 fits the bill nicely by helping IT leaders to establish a business management approach and discipline for IT service management. ITIL V3 does a good job of mapping out the IT activities and services and relating them to the associated and similar aspects of running a business. In a nutshell, ITIL V3 helps to transform IT services into valuable business services.

The release of ITIL V3 brought much speculation in the IT management world. Would it clarify the methodologies? Would it make things more complicated and unworkable?

ITIL was updated to V3 by an international group of expert contributors. The new version features significant modifications designed to speed and simplify a business's implementation, adaptation, and application of service management processes that, if properly followed, result in operational improvement and service excellence.

ITIL V3 is a fantastic improvement, and truly takes the issues that were covered within ITIL V2 out of their silos and integrates them into the wide spectrum of business processes. In addition, V3 more clearly demonstrates how IT must support the business.

ITIL V2 Evolution to V3

In ITIL V3, the ITIL V2 books have been boiled down into five core IT services management guidance topics for each phase of the IT services management life cycle. Each topic incorporates all the process topics that were within ITIL V2, and more clearly demonstrates how each of these processes fit into the IT services management life cycle. The following list provides a brief review of each of the IT services management and support processes within ITIL V2.

ITIL V2 Service Support focuses on IT services users. The processes involved include:

  • Service Desk / Service Request Management—The goal is to provide a single point of interface for other IT service management processes to improve customer response and issue resolution.
  • Incident Management—The goal is to restore normal service operation as quickly as possible and minimize the adverse effect on business operations to ensure the best possible levels of service quality and availability.
  • Software Asset Management—The goal is to reduce IT expenditures, human resource overhead, and risks inherent in owning and managing software assets, and in turn improve return on investment (ROI) and business application availability.
  • Problem Management—The goal is to resolve the root cause of incidents and minimize the adverse impact of incidents and problems on business that are caused by errors within the IT infrastructure, and to prevent recurrence of incidents related to these errors.
  • Configuration Management—The goal is to track all the individual Configuration Items (CI) in a system, improving IT management consistency throughout the enterprise and ensuring necessary IT actions do not get lost through the cracks.
  • Change Management—The goal is to ensure that standardized methods and procedures are used to most efficiently handle all changes, minimizing the impact of change-related incidents and improving day-to-day operations.
  • Release Management—The goal is to consistently and most efficiently roll out software changes and new software, ensuring appropriate design, effectively communicating the changes to customers, and controlling implementations to lessen the impact upon business.
  • Service Level Management—The goal is to ensure that the agreed IT services are delivered when and where they are supposed to be, coordinating availability management, capacity management, incident management, and problem management to ensure the required levels and quality of service are met throughout the entire business enterprise.
  • Capacity Management—The goal is to match IT resources to business demands to support the optimum and most cost-effective provision of IT services, improving and making more efficient budget expenditures.
  • IT Service Continuity Management—The goal is to ensure the availability and rapid restoration of IT services in the event of a disaster, improving the time it takes for the enterprise to get back to business as usual.
  • Availability Management—The goal is to sustain IT services availability to support the business at a justifiable cost, resulting in improved availability of all IT services when and where business needs it.
  • Financial/Operational Management for IT Services—The goal is to meet customer satisfaction and employee satisfaction goals, along with costs/productivity goals and organizational maturity, improving decision-making, financial compliance and control, and operational control, and ensuring proper funding for IT to best support business.

ITIL V2 Service Management processes provide practitioners with the framework to align business needs and IT provision requirements, and include the following processes:

  • Security Management—The goal is to incorporate information security throughout the entire IT management organization to ensure, as much as possible based upon risk, information safeguards are in place, improving compliance and risk reduction. ITIL V2 based the security management upon ISO/IEC 17799, which has since been renamed to ISO 27002.
  • Infrastructure Management—The goal is to recommend best practices for requirements analysis, planning, design, deployment, and ongoing operations management and technical support of the IT infrastructure, improving IT, which in turn improves business.
  • Deployment Management—The goal is to provide a framework for the successful management of design, build, test, and rollout of IT projects to improve the time to production while improving the quality of the IT products and helping to ensure the fewest problems possible related to the deployment.
  • Operations Management—The goal is to provide effective day-to-day technical supervision of the IT infrastructure to improve the delivery of IT services and ensure service level agreements (SLAs) are met, thus supporting business objectives.
  • Technical Support—The goal is to provide a range of IT specialist functions, such as Research and Evaluation, Market Intelligence, Proof of Concept and Pilot engineering, specialist technical expertise, and documentation creation. Effective enterprise Technical Support improves systems and applications availability and helps business work continually and efficiently.
  • The Business Perspective—This ITIL V2 process volume provides best practices to address issues often encountered in understanding and improving IT service provisioning and improves IT personnel's understanding of how their work actually impacts the business.
  • Application Management—The goal is to improve the overall quality of IT software development and support through the life cycle of software development projects, with particular attention to gathering and defining requirements that meet business objectives.

ITIL V3 is easier for IT managers to follow and implement because it corresponds more closely to the life cycle of how business operates and is managed. It provides more of a roadmap for IT leaders to follow. The ITIL V3 publications update most of ITIL V2 in addition to extending the scope of ITIL in the domain of service management.

ITIL V3 basically includes all the ITIL V2 processes and the addition of significant other processes into five defined phases of IT services management:

  • Service Strategy—During this phase, you establish the overall strategy for IT services and IT Management, providing guidance for how to view IT service management as not only an organizational capability but also a strategic asset.
  • Service Design—This phase is used to take the Service Strategy plans and turn them into roadmaps and blueprints for actually delivering IT services to meet business objectives.
  • Service Transition—In this phase, you establish the capabilities for transitioning new and changed services into production service operation.
  • Service Operation—This phase embodies the day-to-day IT services management operations, including how to be effective and efficient in the delivery and support of services to ensure the most value for customers as well as service providers.
  • Continual Service Improvement—This phase provides the guidance to create and maintain value for all customers by constantly improving design, transition, and operation of IT services. A feedback system based upon Deming's PDCA model (see Figure 1.1) is used to receive input for improvements from all planning perspectives. The longer organizations use PDCA, the more IT services will improve, and the more mature the program, as outlined by CMMI, will become.

Figure 1.1: PDCA as it applies to ITIL V3.

ITIL V3 Contributes to Continual Improvement

ITIL V3 provides practical and actionable methods to evaluate and improve the quality of IT services, advancing the overall maturity of the IT service management life cycle. Continual improvement can be made and measured within three enterprise levels:

  • Overall IT services management health
  • Continual alignment of the IT services portfolio with current and future business needs
  • Continual maturity advancement of the IT processes necessary to support business processes

By using an integrated IT service life cycle, IT leaders can review, analyze, and make improvement recommendations for each of the five life cycle phases. ITIL V3 also focuses on using classic use cases and processes to define required IT functionality and objectives as well as to design tests.

As defined by the Office of Government Commerce, use cases "define realistic scenarios that describe interactions between Users and an IT Service or other System."

ITIL V3 summarizes the continual improvement process in six steps:

  1. Understand the high-level business objectives and align the IT services management vision with these objectives along with the IT strategies.
  2. Assess the current IT services management situation to establish an objective baseline for where the organization is currently. This baseline assessment should include analysis of the current business posture, organization operations, people, processes, and all technologies used. 3. Understand and agree upon the improvement priorities to establish specific goals and realistic timelines.
  3. Document a detailed continual services improvement plan to support more effective and mature high-quality IT services provisioning through the use of IT service management processes.
  4. Ensure measurements and metrics have been established to track milestones as they are achieved; ensure process compliance is at an acceptable, and high, level; and ensure business objectives and priorities are successfully being met as defined by SLAs. 6. Ensure the IT services management changes are embedded throughout the enterprise and within all processes.

Consider the Service Desk

The Service Desk is progressively more often seen as a business function rather than a technical function. IT service management leaders must ensure that the Service Desk is aligned accordingly.

Service Desk operation must contribute to the enterprise business goals, demonstrating that it is not simply an overhead or cost center, but that it is a true front-line business asset that allows for the quick and efficient gathering of data from network users over time to not only solve problems on a call-by-call basis but also improve IT service management by eliminating those problems at the source and improving IT services in support of business needs. The Service Desk can dynamically provide data as a part of a process of continual IT service management change and improvement.

The Service Desk is a critical component of the IT department and is the single point of contact of IT customers on a day-to-day basis. The Service Desk typically handles all incident and service requests, and usually uses specialized software automation tools to log and manage all these events.

The Service Desk is often underappreciated, but it is important for IT leaders to understand that a good Service Desk can, and often does, compensate for deficiencies throughout other parts of the IT organization. Likewise, a poorly managed and executed Service Desk, or even the absence of a Service Desk, will reflect poorly on the rest of the IT organization, even if the IT organization is in all other ways effective.

The primary goal of the Service Desk is to restore normal service to the IT customers as quickly as possible with minimum business impact. Businesses can use ITIL V3 concepts to improve their Service Desk service and value to the organization. For example, restoring normal service may involve fixing a technical fault, fulfilling a service request, or answering a query.

By viewing their responsibilities in terms of supporting business, and as promoted by ITIL V3 concepts, a Service Desk becomes more valuable to the business by consistently logging and documenting incident and service request details, providing first-line investigation, resolving the issues that they are able to, and escalating incidents and service requests that they cannot resolve within an agreed-upon timeframe. Without consistently performing these processes using a welldefined framework such as ITIL V3, the typical workday for Service Desk members will be performed on an ad hoc basis, and they will essentially be reinventing the wheel with each call that comes in, even for oft-reported problems and incidents.

Increasing IT's Value to Business

Consider this scenario: you work at a small regional bank with three full-service customer locations and a Web site for bank transactions and for checking customer accounts. Your bank offers

  • Traditional banking services
  • Real estate mortgages
  • Personal loans
  • Business loans
  • Savings packages and retirement packages

Your IT organization supports all five of these business units.

What would you do first if you were given responsibility for the entire IT organization? Put ITIL V3 to work for you to increase IT's value for your business. When doing so, you should first create a comprehensive strategy to satisfy all your many kinds of customers. Answering the following questions will help you to create a workable and valuable strategy.

What Are You Already Doing?

What are the unique differentiators between your business units? What services cannot be easily substituted? For our scenario, differentiators include:

  • Personal banking in organization-owned physical locations
  • Regulatory requirements, such as the Gramm Leach Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Financial and Accurate Credit Transactions Act (FACTA), Red Flags Rule (requirements for preventing identity theft under FACTA), and others
  • Local product knowledge
  • Legacy systems supporting mission-critical business functions
  • Managed information services are outsourced for the bank's Web site, along with the associated Service Desk functions
  • All other business units maintained internally with IT operations housed onsite in the largest and oldest bank facility that the organization owns, and the Service Desk for the related IT services are located and managed in-house
  • Not all business services and products are created equally; you need to identify and clearly understand the services and products the business provides and depends upon in order to best provide exceptional IT service management leadership, and know the areas where IT services have the most impact to the services and products that impact the business bottom line the most.

How Profitable Are Each of the Business Units?

For our scenario, consider that the following are, in order, the most-to-least profitable business units considering those that bring the business the most revenue:

  • Traditional banking services, including checking accounts
  • Personal loans
  • Business loans
  • Savings and retirement packages
  • Real estate mortgages

Again, it is important to know your business unit services and products so that you can know the importance of the IT services you provide to each. By knowing the profitability for each, you can examine how the IT services you provide may be impacting this profitability. By knowing this, you can do some analysis around how your IT services impact profitability. For example, you can determine whether you are providing appropriate levels of IT service availability or whether business profitability could be made better by improved IT service levels. Or perhaps you could increase profitability within the least-profitable business units by implementing some of the same IT services that the most profitable business units are using.

Which of Your Business Unit Customers Are Most Satisfied and Why?

After some checking and analysis, you determine that the most satisfied business units are personal loans and business loans: Why? Because of

  • High availability of the IT applications and resources necessary to perform business processes. This results in more time for business processing.
  • A very low number of problems and incidents. This results in less downtime for business processing.
  • Easy-to-use IT systems and applications. This results in less frustration and high productivity by business customers.
  • Superior positive experiences with the internal IT Service Desk, which uses a variety of automation tools. This results in a higher value of IT services by business customers.

A couple of ways to determine customer satisfaction with IT services is to survey customers through an online or physical form, whichever works best for your own particular organization; interview key business unit leaders who are also your customers.

Knowing why your customers are satisfied will help you to know the IT services that are being managed most successfully and providing the most value to the business.

Which of Your Business Unit Customers Are Least Satisfied and Why?

Surprisingly, after your checking and analysis, you determine that the traditional banking services division is the least satisfied. Why? Because

  • Online transactions often are slow, timeout in the middle of the transaction, or return errors to the customer. This results in customers calling in and often being transferred to the business unit to report the situation.
  • Problem reports from their area often do not get any replies. This results in customers viewing the IT Service Desk as being unresponsive and having no value to business.
  • Mission-critical applications are often unavailable when the business unit personnel need to use them because of maintenance, problems, or a variety of other reasons. This results in inefficient business and viewing IT as being a liability to business.
  • The IT services support and management chargeback costs are often higher than what was expected. This results in business customers viewing IT services as being undependable and costly.
  • Knowing why your customers are unhappy will help you to determine the IT services that are least effective and viewed as providing little to no value to the business. You note that the poor performance of the outsourced managed services vendor is creating a significant negative business view of IT services in general.

Which of Your IT Services Are Most Effective and Why?

Your research and analysis, coupled with the consideration of your customer satisfaction, reveals that your internal business continuity services, applications services, and internal Service Desk are most effective. Why? Because

  • The business applications are available whenever necessary for the business customers. This results in high business processing productivity.
  • The internal Service Desk has high ratings from the business customers. This results in the Service Desk having a high value to business.
  • The applications are easy to use and IT rarely receives any negative feedback about functionality. This results in more productive business customers.
  • Knowing which IT services are most effective will help you to know the associated characteristics and features of those IT services that may be used to make the other IT services more effective.

Which of Your IT Services Are Least Effective and Why?

Research and analysis reveals a significant problem with the organization to which you outsource your online ecommerce activities, revealing this is a major area of ineffectiveness.

Why? Because

  • The online applications are not dependable. This results in inefficient business processing and, often, lost business.
  • The online applications are not always available when needed. This results in frustrated customers and the perception of poor IT service management.
  • The Service Desk for the online applications and systems, which is part of the outsourced vendor and relies heavily upon manual tools and processes, are unreliable and often unavailable. This results in business processing delays, lost customers, and lower revenues.
  • The time to resolve online Web site problems is consistently longer than what is acceptable. This also results in business processing delays, lost customers, and lower revenues.
  • The Service Desk for the online applications and systems does not meet their SLA specifications. This, too, results in business processing delays, lost customers, and lower revenues.

Knowing which IT services are least effective will help you to know the associated characteristics and features of those IT services that need to be improved, changed, or replaced to make IT services more effective.

Using the information from the answers to these six questions, you can now create a strategy to address the significant issues revealed. It is likely you will scrutinize the outsourced vendor, which has been shown to be a big problem, and consider whether to find another outsourced vendor to replace it. Alternatively, considering internal IT service is so good, you may decide to train your existing IT staff, or expand your staff, and bring the Web site ecommerce IT services management functions in-house.

Create Your Own Strategy

When answering these questions, think about your IT strengths and weaknesses related to business strategies (such as new target customers, new business services, new services delivery options, and so on), what defines success, what are the threats, what are the vulnerabilities, what are the possible service differentiators, and so on. Knowing the answers to these, you can create a strategy to provide the best service and deliver the best value to your customers. It will also help you to prioritize your resource investments in IT services.

Creating an effective strategy will help you to transform IT services management into a strategic business asset, becoming truly more like business service management. Those reading and hearing your strategy will be able to see the relationship between each of the business services and the corresponding IT systems and processes that support them.

To effectively and successfully manage the IT organization, you must not only know IT well but also have solid knowledge of your business unit services and products, operations management, marketing, finance, information security, organizational development, industrial engineering, and compliance.

After creating your strategy, determine whether your strategy addresses questions similar to the following:

  • What kind of IT services should you offer, and to what customers?
  • How can IT services be used as differentiators from your competitors?
  • How can IT services create more value for your customers?
  • How do you define IT service quality?
  • How do you efficiently allocate resources across the portfolio of IT services?
  • How do you resolve conflicting demands for shared IT resources?

The Importance of Creating a Well-Thought-Out Strategy

To be successful with IT service management, IT leaders must think and take actions strategically. Creating a well-thought-out strategy will have many benefits to enable this strategic thinking:

  • Aligning IT with business goals and objectives
  • Driving the operational efficiencies to meet the expectations of the business
  • Driving the operational efficiencies to lower maintenance costs, providing resources to invest in innovation

By following an effective strategy, IT leaders will turn strategic management into a strategic asset.

Those who read the newly created IT service management strategy should be able to clearly see the relationships between each of the IT services, systems, and processes and the business services, objectives, and goals that they support.

IT service management supports and improves business processing. To be most effective, IT service management leaders need to create an IT service management strategy. The following are the types of business relationships that should be clearly documented within an effective IT service management strategy to show the impact IT services have upon business:

  • Optimizing outcomes, availability, and costs for more efficient IT and less IT risks results in efficient and business-aligned IT services health management.
  • Business innovation results from redirecting costs from maintenance activities to growth activities through repeatable IT services processes.
  • Using a standard, repeatable, and auditable process to manage IT changes effectively and efficiently results in less downtime and more time to perform business processing.
  • Improving IT governance also improves the IT compliance posture and information security, reducing the risk of bad audit reports, fines, penalties, and even civil suits and jail time.
  • Benefits of automation across all IT management—including process workflows, troubleshooting and problem isolation and reconciliation, release deployment, configuration management, and so on—make IT more reliable, which makes business more reliable.
  • Automating IT services can result in consistent IT processes, lowering the overall maintenance costs of IT as well as reducing change risks and being able to quickly detect and resolve service disruptions. These efficiencies allow IT more time to focus on more strategic business projects.
  • Using technology efficiently can help enable business growth and be a strategic differentiator for expanded business opportunities.

Automating IT Operations

In recent history, IT leaders have been fortunate to have new technology solutions to allow IT personnel to immediately be notified of incident, problem, configuration, change, and release processes automatically, and through the use of centralized automation management. This has led to a reduction in operational costs, improved service delivery, and ensured compliance and ITIL best practices through repeatable automation methods.

Many organizations are reluctant to invest in automation tools for IT operations, though, because they believe IT services are being delivered good enough without them, that automation is an expensive waste of money that has no significant positive improvement upon business, or some other reason. However, as the previous scenario pointed out, a failure to automate key IT services, such as the Service Desk, may be a significant reason business customers are dissatisfied with IT services and view IT operations as being inhibitors, instead of facilitators, of business.

Just a few examples of how IT services can be automated include the following:

  • Incident management process automation—Automation allows for earlier detection so that incidents can be handled as soon as possible, which improves response time, ensures SLAs are met, and reduces support costs. Automation improves business by providing for earlier detection of service loss or degradation. Automation also allows for better incident prioritization and escalation workflow.
  • Problem management process automation—Automation of maintenance and remediation routines reduces operational costs and ensures service availability. Automation improves business in many ways, such as by automating work assignments, transferring known errors to the knowledge base, providing more effective coordination across IT functions, and so on.
  • Change management process automation—Automation tools integrate systems, automates change requests and approval processes, and subsequently improves service delivery. Automation improves business in many ways, allowing for automatic detection of new and changed configuration items (CIs), identifying unplanned changes, identifying change compliance violations, and so on.
  • Configuration management process automation—Automation can integrate data center tools and be used to automatically update system information, resulting in a reduction of service interruption. Automation improves business in many ways, for example, by allowing for automatic detection of new and changed CIs, detecting service dependencies and relationships of CIs to business services, identifying unplanned changes and change compliance violations, and so on.
  • Release management process automation—Automation of rollout procedures and verification processes improves availability and speeds delivery. Automation improves business by automating the deployment of new systems, servers, storage devices, network devices; by automating record changes to meet compliance requirements; and so on.

There are many benefits to automating IT services. In general, IT service management automation results in IT becoming more predictable, reliable, and accountable. Automation improves and supports IT governance and mitigates risk. IT services automation also supports a wide range of compliance requirements, improves IT processes, and makes them more efficient. Automation makes feedback easier and more valuable.

Let's take a closer look at how automating active monitoring of CIs can help to determine current status and availability at any point in time. Table 1.1 shows how monitoring some specific CIs related to backup processes can provide valuable information to IT services personnel, in addition to clearly showing the relationship of the CIs with the business's security, privacy, and compliance requirements and impacts.

CI

(A)ctive/

(P)assive

Security

Privacy

Compliance

Backup system

A

Yes

No

Yes

Backup application

A

Yes

No

Yes

Backup encryption

A

Yes

Yes

Yes

Backup UPS

P

Yes

No

Yes

Backup inventory

P

Yes

Yes

Yes

Backup data

P

Yes

Yes

Yes

Backup access control

A

Yes

Yes

Yes

Backup version control

A

Yes

No

Yes

Backup server

P

Yes

No

Yes

Backup transport

P

Yes

Yes

Yes

Backup intrusion detection

A

Yes

Yes

Yes

Backup activity

A

Yes

No

Yes

Table 1.1: How backup CI monitoring supports privacy, security, and compliance.

Automated active monitoring, also sometimes called pro-active monitoring, detects events that indicate when a system, service, or process is having problems, may be about to fail, and so on. Automation, done correctly, can simulate the knowledge of experienced IT professionals and allows for pro-active problem management processes.

Automated reactive monitoring, also sometimes called passive monitoring, triggers an action after an event or failure. For example, if server performance falls below a specified threshold value, it can be automatically rebooted.

Automation Supports Accountability and Compliance

Automating IT processes makes IT more accountable. By automating audit trails and activity logs, accountability for actions taken within the IT services environment are not left to chance by human action. This automated control over IT systems and device configurations results in improved compliance and security postures. You can easily validate the settings and history of actions at any point in time. Internal and external auditors alike both like seeing this type of documentation.

Automation Can Support and Enhance All IT Service Management Activities

Automation tools can support a very wide range of IT service management functions. Let's consider just a few examples of how automation can do so, all of which make IT operations more efficient as well as more valuable to business:

  • Provide consolidated event and performance management across an extensive range of IT elements to support operations management and network management
  • Integrate problem and incident processes by using consolidated IT event and performance management tools
  • Provide verification and analysis of how IT operations' time is spent determining whether reported problems are real and if they still exist
  • Discover inter-relationships across applications and infrastructures and reveal related insights to the Service Desk
  • Improve release and deployment management and technologies

Classic Tools Commonly Used in IT Operations

Most organizations use what are often considered classic tools that the IT service delivery team can leverage to help support the IT services management strategy and improve IT operations. These include, but are not limited to, the following:

  • Awareness communications and activities to positively modify work habits and increase understanding and knowledge, improving IT operations as well as business.
  • Targeted training for specific groups throughout the enterprise to ensure IT operations are performed according to policy and following established procedures.
  • Service patch processing is often delivered through automated service contracts with outside vendors, and can be used to help ensure greater IT services availability, ultimately improving business.
  • Trouble/problem ticketing systems and tools provide the documentation of all relevant details necessary to cross-reference incidents and most quickly and efficiently resolve them if they reoccur.
  • Service Desk systems and tools can be used to restore and maintain IT services to business at the most optimal levels.
  • Monitoring systems and tools provide the basis for creating strategy, designing and testing IT services, and providing continual IT services and operations improvement.
  • Configuration tools can improve visibility and control over IT service assets, such as network storage and servers, and help to restore services more quickly when failures or outages occur
  • Change management tools help to ensure all changes are correctly made and documented, reducing business risk by reducing incidents, disruption, and rework
  • Release and deployment systems and tools provide faster changes with less costs and minimized risk, provide consistent implementations throughout the enterprise, and support audit and compliance requirements through the documentation created
  • Integrated change management database (CMDB) systems and tools standardizes the ways in which changes are made throughout the enterprise and creates documentation to make ongoing changes more efficient, reducing overall business risk

It is important to realize that an effective IT service management solution is more than just a set of tools. Organizations have many different tools right now. IT leaders must know and understand how to make them work together to realize the greatest IT operations efficiencies and improved business value.

Improving the Service Desk with Classic Tools

We've been examining the Service Desk throughout this chapter as an example of how IT operations impacts the business view and business value of IT services; let's revisit it again to see how the Service Desk can be improved with these classic tools. Typically, the Service Desk is the single point of contact for IT issues. Contact with the Service Desk is typically via phone, email, Web interface, or events such as alarms, pages, and even instant messaging.

The major goal of the Service Desk is to restore normal service to users as quickly as possible. The responsibilities of a Service Desk often include:

  • Logging calls and problems
  • Coordinating communications
  • Performing first-line diagnosis
  • Resolving what can be resolved
  • Escalating incidents, problems, requests, and other issues they cannot resolve within an established timeframe

Organizations can automate the classic tools that exist to support all these responsibilities. To be most effective and efficient, IT leaders can use unified IT service management tools to accomplish all the benefits of these classic tools in a centrally managed and coordinated manner, making IT service management processes even more effective and efficient than before.

Complementary Services

There are a large, and growing, number of tools and practices that can be used to improve upon IT service management that are also used to improve the management of all types of business services throughout the enterprise. These complementary tools and practices can not only coexist within the enterprise they can also be leveraged and used in partnership with other areas within the company in ways to lower the associated costs and make use of existing resources. The following are some of the most common complementary services that IT leaders should consider using to make IT management more efficient and effective, in addition to having synergy with ITIL.

Assessments

There is already a wide range of assessments performed throughout business organizations. IT service management can be enhanced through the use of similar assessments. ITIL makes extensive use of assessments within the framework.

Assessments use review, inspection, and analysis to determine whether a policy, standard, or set of guidelines are being followed. Assessments can enhance IT services management, and business in general, by ensuring records and data are accurate, that effectiveness and efficiency goals are being met, and so on. An audit is just one type of assessment, performed by an independent and objective entity. However, other types of self-assessments can be performed to improve IT services management.

Education

Education, including periodic training and ongoing awareness communications and activities, is absolutely necessary to achieve effective and efficient business goals and success. Each person with job responsibilities must know how to perform those responsibilities according to policies, procedures, and the company expectations. IT service management functions cannot be performed with the most value to the organization if the personnel involved have not been effectively educated for how to do the involved activities.

Consulting, Such as Process Designs and Deployments

Deploying IT services, and any business process, is not a trivial task. Proper design of the systems, applications, and other associated components is essential to successful deployment. Using consultants, either internal to your organization or subject matter experts (SMEs) from outside your organization, can provide the fresh eyes, knowledge, and viewpoints necessary to avoid design, implementation, and management pitfalls. Also, building on the knowledge and experience of others can leverage that knowledge to ensure that key elements of deployment and management are addressed and key risks are mitigated.

Outsourcing

Most organizations now outsource many business functions. The reasons for outsourcing are many. Some include an effort to save money by not having to hire more staff to perform the outsourced functions, or perhaps the existing staff does not have the expertise to perform the activities. Outsourcing IT service management activities requires IT leaders to consider their outsourcing strategy, the role of the outsourced organization, and how to make decisions based upon those activities and functions that are outsourced.

SaaS Approaches

Software as a Service (SaaS) is generally the term used for when applications are delivered as a service using the Internet as the delivery mechanism. One of the quickly growing trends is using SaaS solutions, most commonly it seems for creating backups, doing log management, and for providing protections against all types of malware. These SaaS services typically are delivered and accessed via the Internet. Service patch processing, mentioned earlier, is an example of how SaaS can be used to make IT services more efficient and valuable to business. IT service management leaders must consider the impacts of using SaaS solutions, and how to make business decisions when the active control of these services is in the hands of outside vendors.

For information security practitioners "SaaS" more commonly stands for Security as a Service, and generally refers to the growing trend of delivering information security applications as Internet-based services, on-demand, to consumers and businesses. Probably the most common are antivirus, antispam, and anti-spyware services.