Stormy Weather Ahead for Service Management?

Even as we settle in for smooth sailing, courtesy of a successful service management program, the storm clouds are gathering, ready to rain down new technologies and the challenges associated with supporting them. ITIL and other service management frameworks are flexible enough to help you manage all manner of computing environments. The trick is to take a service-oriented approach and stay on top of the trends. Two of the most recent trends that are worthy of our attention are the use of mobile devices and the rise of cloud computing.

Mobile Computing

Twenty or thirty years ago, PCs were just beginning to sneak into mainframe-based companies. Users were frustrated with the lack of flexibility of the mainframe computing world and found they could crunch numbers and be more productive with PCs. Their IT organizations were challenged by the change and many were slow to adjust.

Much like the rise of the PC, smart mobile devices have become powerful enough to play an important role in today’s business. People are finding that mobile devices increase their productivity in much the same way PCs did during the mainframe era. Savvy organizations are leveraging this technology to provide remote access to revenue-generating services. This is one of those areas where IT can embrace the technology and manage the services they make available, or continue fighting their rise. For organizations that choose to embrace the technology, they must do so in a cost-effective, manageable way. Adopting a service-oriented approach and defining service level agreements can help them accomplish their goals.

While this may sound more involved and complex than is strictly necessary, a service-oriented approach and defined SLAs will help your organization determine which devices the business needs to support and the extent to which you will support them. Casual device use demands a far different level of support than devices being used for revenue generation and each should be treated according to their priority, like every other service you provide.

The first step to providing service excellence in the arena of mobile devices is to look at all the places in the business where they are used, determine why they are being used and what for, and treat them like any other service provided by IT.

As an example, imagine your sales force uses the iPhone and associated applications to take orders on the road. To fully manage this remote sales service, you would meet with business owners of the service and determine the type of support users need, the impact if the service is down, and the critical times the service is needed. You would review the carrier’s support documentation and the internal components that make up the full service. You would set service level agreements with the business for service requests and incidents (both minor and major), and apply your full suite of service management processes to this service, just like every other service you provide. You would even provide support metrics to understand your effectiveness at supporting the service.

Thus, in taking a service-oriented approach to mobile computing, your service strategy could include the following steps: 

• Determine all areas of the business in which mobile devices are used; 
• Define the services being used; 
• Meet with the service’s business owner(s) to understand their support needs; 
• Create service level agreements for these services; 
• Determine request and incident management procedures; and 
• Include these services in your service catalog. (Note: E-mail services will likely be the most challenging, due to the variety of devices that support e-mail. In this case, the business could define position-based service levels to ensure that executives and other employees who travel frequently are provided with appropriate support.)

By adopting a service-oriented approach, you will no longer be intimidated by the prospect of supporting a myriad of individual devices, because you will have found that mobile support can be categorized and prioritized just like any other service you provide. The key here is that you are supporting the service, not the device. In conjunction with a properly designed service catalog, users will have a clear understanding of what IT supports and who to call for the items that are not supported by IT. Additionally, the service-oriented approach will make it clear that IT is serious about providing support for the services its customers need, regardless of the technical environments in which they operate.

Cloud Computing

Cloud computing is not as daunting a prospect as it sounds. For the purpose of this article, let’s focus on three types of cloud computing:

• Private cloud: Virtual, cloud computing environment located in your own data center, operated and supported by IT. 
• Third-party cloud services: Cloud services provided by a third party as part of a contracted service. Another commonly used term for this is “Software as a Service” (SaaS). 
• Public cloud: Applications and services available via the Internet, for small fee or no fee.

While the private cloud environment offers some new challenges, it’s really no different from a service management standpoint. There are some process adjustments that will need to be made, but a good service management program will make it easier to operate a stable cloud environment. This environment will be transparent to ITs customers, but the ability to access business resources via the Internet at virtually any time of day (or night) will impact how IT does business. Some key areas to consider include: 

• Maintenance windows: In an “always available” model, there may still be times when services are unavailable due to maintenance on components that are not redundant.
  Thus, during service initiation and design, you will still need to define maintenance windows. While they may only be utilized once or twice a year, IT needs to know when it can perform maintenance that impacts availability and there needs to be a good plan in place for communicating these events. The critical factor here is that IT needs to adjust to running services in a 24×7×365 environment, where this might not have been the case before. 
• Downtime: Problem and configuration management become a bit more complex in an environment with virtual servers and server farms, where automatic failover occurs. If there’s a performance issue or if components generate alerts, IT needs to understand the environment better than ever before, and some adjustments to the CMDB will be required: 
• Processes for logging alerts/incidents and tying these to specific components for problem management; 
• A strong service design and service transition program that includes documentation for the full environment of each new service or for existing services being moved into a cloud environment (Note: Translating the documentation into appropriate CMDB or CMS entries with the correct relationships and information about failover is critical); and 
• Incident record adjustments, to ensure that they are logged against the appropriate CIs once an incident or alert has been investigated (this will support problem management efforts).
• Reporting: Reporting on service availability is still important, as it demonstrates the successful design and operation of the cloud environment. However, you will also need to run some internal reports to identify any weaknesses in the environment that need to be addressed before they impact users.

If you’ve purchased any outsourced services or hosted software solutions in the past, your IT service management program most likely has processes in place for managing external service providers. The danger with cloud computing and SaaS purchases is that the business could technically purchase these without IT support. Three areas that could be jeopardized in this case include: 

• Service level agreements: IT and the legal department both need to review all underpinning contracts and service level agreements to ensure that they are acceptable to the business and that the service will be properly supported.
• Architecture and technical support: More than likely IT will need to ensure connectivity to the service and to help configure/set up the software. 
• Data center and continuity management: Signing on with a vendor without performing a “due diligence” assessment of their ability to meet service levels in the event of a serious issue in their data center puts the business at risk. This should be completed before signing any service contracts.

Where IT is working with the third party, these areas and others will be considered. Depending on your organization’s size, you may even be able to include vendor participation in your service management processes as a requirement for the contract. If not, ISO/IEC20000 certification is something to consider. As an international standard for IT service management, ISO/IEC20000 certification is now required by many governmental agencies, making it easier for you to find certified service providers. Otherwise, SAS 70 certification ensures that a data center meets the minimum physical and security requirements, even if the organization is not following service management best practices.

One of the things to consider when purchasing third-party cloud services is that IT may benefit from hosting some of these services internally, like standard productivity services (i.e., e-mail, file storage, online PC backups, etc.). This might actually enable the organization to deliver basic services in a more cost-effective manner. Conversely, it may not be worth the investment in equipment and staffing to run these services, and purchasing a third-party service will transfer the cost burden to the consumer (it won’t be IT overhead) and free IT up to manage the organization’s more proprietary services. In this case, IT will need to establish and maintain a strong relationship with the service provider to make sure it is meeting the IT organization’s standards of service excellence.

The most challenging environment may be public cloud services, like those being advertised by Microsoft, Google, and others. As with mobile devices, your business users will see the advantage of some of these services and will want to use them, both for personal productivity and for collaborative projects. Once again, a service-oriented approach can help here. Begin by identifying at-risk services (i.e., services that can’t be moved to the public cloud) and “safe” services (i.e., services that are appropriate for the public cloud environment), and add them to your service catalog. Then start working with the business to define a service strategy for introducing cloud services and making the business aware of the services that are and are not approved for use. As with mobile devices, there are some standard steps you can take to evaluate these services: 

• Find out how the business unit plans to use the service, what they hope it will do for them, and what the impact would be if the service was unavailable (i.e., the level of criticality).
• Set service levels for support, just as you would for an internally provided service (be sure to account for the fact that the vendor may not have service levels, or even a customer service department to support the service; customers need to understand the difference between cloud services that have no available support for service restoration and those that at least provide service level agreements). 
• Determine whether secure data will be stored on the site and perform a “due diligence” assessment to make sure the proper levels of security are in place; think about the
  following questions: 
• How secure is the data? What happens to it if an employee leaves the company? You will need to have processes in place to ensure the security of data being transmitted from one associate to another. 
• What data is allowed to be stored externally? Do your users understand data protection policies? 
• How will use of these services impact financial and governance audits? 
• Are you in an industry where customer data may need to be protected? 
• Develop a service catalog for all cloud services available to employees for business use and define the ways in which they are allowed to use them. If some data may be shared via public cloud services, identify it specifically; likewise, provide a list of data that may not be placed in the cloud. If you have a corporate policy against these applications, make sure it is clearly stated and documented in the service catalog.

With a new generation of tech-savvy college graduates entering the workforce, IT can either play catch up or it can leverage these resources to get ahead of the curve, making recommendations to the business on those devices and services that will give the business a competitive edge. Whether it’s cloud computing or mobile devices, business alignment and a service-oriented approach will help you get there.

Phyllis Drucker, president of EZ2BGR8 Service Management, is an experienced and accomplished leader in the IT service management industry. Before founding EZ2BGR8, Phyllis was the director of consolidated service for AutoNation, Inc., where she built their technical support program and was the company’s ITIL champion, owning many of the core processes and the PMO office. When Phyllis left AutoNation, it was to become the director of operations for itSMF USA, where she was able to put her ITSM knowledge to use, building content and services for the itSMF USA member community. You may contact Phyllis by e-mail or by visiting her company website .