112 Part III: Service Management Technical Foundation
An integral part of IT governance is juggling various tasks: meeting customer expectations, optimizing business goals, recognizing resource constraints, and adhering to rules and requirements. We discuss this balancing act in more detail in the following section.
Balancing IT and Business Requirements
IT governance is a combination of the following:
Policy
Process
Controls
Consistent data about IT services
The means to control those services
The role of IT governance is to do the following with service management:
Implement
Maintain
Continuously improve
IT governance, therefore, has to include the techniques and policies that measure and control how IT systems are managed.
Defining your IT governance strategy is a balancing act. On one hand, it must focus on the key performance indicators of the business. On the other hand, it must balance all the components of the IT environment. You have to look at the relationships among IT and business components to fully appreciate the level of risk to your company.
Although at first glance, IT governance may seem to be a contained approach to providing oversight of IT resources, the range of issues that you must manage and plan is actually much broader. IT governance must be tightly woven with business goals and policies to ensure that services are optimized for customer expectations. As we point out in Chapter 1, however, everything in your business is really a service. Therefore, it isn’t surprising that we urge you to look at IT governance from a holistic business perspective.
Effective service management requires constant vigilance and intricate choreography to ensure a balance among business priorities, customer expectations, available resources, and limitations on cost. IT is responsible for giving
Chapter 10: Governing the Service Universe 113
all internal and external customers and partners the resources they need, when they need them, without overstepping certain boundaries of resource and cost limitations. This focus has to be within the context of corporate governance requirements and an organization’s key performance indicators (KPIs). A philosophy focused on continuous improvement in service management will help you optimize your IT infrastructure and business performance under the overarching umbrella of governance.
Measuring and Monitoring Performance
Measuring performance as a means to help improve performance is a concept that is well understood by competitive athletes. Imagine the countless hours spent during training measuring, recording, and monitoring changes in time and distance. But what if the runner were taking steroids? Was she in compliance? Clearly, even if all other measurements were positive, breaking the rules changes everything.
How does this example apply to IT governance? The principle really is the same.
Although measuring and monitoring may help you improve performance, that performance is irrelevant if you don’t follow the company’s governance rules.
Measurement methods
You can measure business performance by comparing production, sales, revenue, stock price, and customer satisfaction with your goals. You can measure IT performance by comparing server, application, and network uptime; service resolution time; budgets; and project completion dates with your goals. Businesses use all these measures to rate their performance compared with that of competitors and the expectations of customers, partners, and shareholders. But how can you measure the impact of IT performance on business results? It takes some fact-finding and true collaboration between IT and the business to settle on performance measures that support governance in service management.
A governance committee should answer the following types of questions to get started:
How can IT performance measures support the business?
What should management measure and monitor to ensure successful IT governance?
114 Part III: Service Management Technical Foundation
Are customers able to get responses to requests in the expected amount of time?
Is customer transaction data safe from unauthorized access?
Can management get the right information at the right time?
Can you demonstrate to business management that your organization can recover from anticipated outages without damaging customer loyalty?
Are you able to monitor systems proactively so that you can make repairs before faulty services affect rules and regulations?
Can you justify your IT investments to business management?
Proactive communication
Writing down key performance measurements is easy, but achieving them is complicated. Ironically, when IT manages services successfully from a business perspective, the business doesn’t even notice. This outcome is like an old joke we like to tell:
Johnny was a quiet kid who never talked to his parents. One day he said, “This food is terrible!” His parents were shocked to hear his voice. “How come you never spoke before?” they asked. Johnny replied, “Up until now, everything was perfect.”
What’s Johnny trying to tell you? Maintain a clear dialogue with business management to understand what the business needs. When IT services are in perfect harmony with business objectives, you may never hear a word. But you certainly will hear many words loud and clear when a service failure leads to business disruptions. A much better policy is to take a proactive approach to demonstrate that IT management is paying attention. Good IT governance doesn’t happen by accident.
Making Governance Work
Having a lot of oversight and collaboration with the business is important, but it won’t be enough if you can’t meet your goals. You need to measure results by monitoring IT goals based on business goals, such as whether customer complaints went down by 10 percent or the company increased sales by installing customer kiosks at all its stores.
Chapter 10: Governing the Service Universe 115
In this book, we don’t focus on how well your servers are performing in your data center. The reality is that management cares about the business results and making sure that the supporting characters, such as the data center, do their parts.
Don’t get too comfortable, though: It isn’t enough to monitor performance in isolation. In the corporate world, many organizations advance performance and achieve compliance by increasing automation, but automating everything makes it easy to lose sight of the human element in managing service the right way.
Standardization and automation help remove some risk and potential for error, but not all of it, because employees and other businesses stakeholders make decisions every day that put companies at risk. No amount of control in the health care industry, for example, ensures that patients will be given the correct medicines 100 percent of the time. The human element plays a big role in all governance issues.
Making governance work requires a combination of the following:
Automation
Optimization of processes
Focus on KPIs
Attention to the human element
This work sounds hard — and it is — but leveraging standards and best practices can help, as we discuss in the following section.
People and groups have countless opportunities to make mistakes — deliberate or unintentional — that interfere with adherence to corporate, industry, and government rules and policies. No company can expect technology to correct for or protect against all instances of human error or fraud. Increasing use of IT service management in combination with increased standardization and automation of workflows, however, can help organizations govern with confidence.
Developing Best Practices
Putting IT governance into action by following industry best practices helps you manage IT services with greater control and consistency. To put IT
116 Part III: Service Management Technical Foundation
governance into action, your company should develop its own best practices, such as the following:
Define the process flows. The process must do these two things:
•Involve both business and IT professionals at three levels: corporate, departmental, and IT.
•Measure how effectively each service delivers business value.
This measurement helps you answer questions about meeting service-level agreements (SLAs), such as whether IT understands the business process well enough to set up SLAs that make sense and whether it can meet SLAs in such areas as mean time to repair.
Identify the roles and responsibilities of everyone involved. Companies typically establish best practices by learning from mistakes. False starts in service management strategies are likely to be associated with inappropriate plans for change. You should know how you will implement
a consistent change management process with tighter communication among all parties who need to know about the change. In addition, you should be proactive about change, such as requiring submission of notice about a service change early enough to decrease incidents associated with the change.
For more insight into the service management and IT governance strategies of real companies, we suggest that you read the case studies in Part V of this book.
The following sections discuss several important IT governance best practices.
Establishing a governance body
It’s important for IT to understand two things: the objectives of the business and the effect of service disruptions or outages on these objectives.
Creating a governance board consisting of representatives of corporate, departmental, and IT management will help encourage communication — the kind necessary to link IT service management and the business.
This governing body should be an ongoing concern that has authority across the enterprise and that has a mechanism for communicating businessobjectives changes to the IT folks who manage the services.
Chapter 10: Governing the Service Universe 117
Monitoring and measuring
IT service performance
Many companies implement a service dashboard, which holds the different services and shows how your performance measures up to your goals. In addition to leveraging the governance board (refer to the preceding section), your team can use the dashboard to answer the following types of questions:
How are we performing according to our established KPIs?
How does our performance now compare with last week’s or last year’s?
What are the goals of our KPIs?
What are we aiming for?
Are rules and processes implemented correctly?
Does each service meet technical standards?
Cataloging control and compliance data
Many organizations use a service catalog as a record of IT services. The catalog can include information like the following:
Whom to contact about a service
Who has authority to change the service
Which critical applications are related to the service
Outages or other incidents related to the service
Information about the relationships among services
Documentation of all agreements between IT and the customer or user of the service
A banking institution’s service catalog, for example, may contain information about the company’s online banking service, the KPIs for that service, and the SLAs between IT and the online banking business. If an outage occurs, the bank’s IT service management team can read the service catalog to locate the root cause of problems with the service.
118 Part III: Service Management Technical Foundation
Governance resources
Check out these organizations for information on how IT can collaborate with the business to improve service management and governance:
The Information Technology Infrastructure Library (ITIL) for certification programs (www.itil-officialsite.com)
The International Organization for Standardization (ISO) for standards on governance (www.iso.org)
In addition to ITIL and ISO, many companies implement service management applications
to automate and monitor IT controls. These applications can help companies ensure that the right IT controls are established to support the compliance requirements of regulations such as the Sarbanes-Oxley Act of 2002 and the Health Insurance Portability and Accountability Act (HIPAA).
For an introduction to service management standards and best practices, as well as more information on ISO, refer to Chapter 4. For more information on ITIL, see Chapter 5.
Part IV
Nitty-Gritty Service
Management
In this part . . .
From a practical perspective, the nitty-gritty is every service management process that we haven’t dis-
cussed yet. In this part, we take you on a journey from managing the data center to planning its evolution. In the course of this journey, you visit the desktop, mobile devices, data management, virtualization, the cloud, IT security, and business service management. It’s quite a journey, with many interesting stops on the way.
Chapter 11
Managing the Data Center
In This Chapter
Understanding the silo concept
Optimizing and managing the data center
Handling hardware, software, and work processes
We have spent a lot of time talking about the fact that a business itself is a set of services focused on achieving the right customer experi-
ence. In the case of an automated teller machine (ATM), the customer wants to walk up to the machine and in quick order get a wad of cash. If the customer has the right card, the right security code, and enough money in the bank account, everything works like magic.
If only magic were possible! Reality is much more complicated. When we speak of managing the data center, what we really mean is managing the whole corporate IT resource — which, for the vast majority of organizations, has its heart in the data center.
In this chapter, we focus on the optimization of all the service management processes that constitute the operational activities of the data center. An inherent conflict exists between highly efficient use of assets and a guaranteed customer or user experience.
Understanding the Siloed Nature
of the Data Center
A data center isn’t a neatly packaged IT system; it’s a messy combination of hardware, software, data storage, and infrastructure. The typical data center has myriad servers running different operating systems and a large variety of applications. In addition, many organizations have created multiple data centers over time to support specific departments or divisions in different geographic locations.