by Roy Atkinson
Date Published March 8, 2019 - Last Updated December 17, 2019

HDI’s SPOCcast is your single point of contact podcast for service management and technical support insights. For Episode 11, I interviewed Phyllis Drucker via Skype to hear her thoughts on innovation, self-service portals, enterprise service management, and much more. What follows is excerpted; for the full impact, I encourage you to listen to the entire 30-minute podcast.


RA: In a recent SupportWorld article, you talked about getting the workforce “innovation ready.” Can you describe some of the prerequisites to creating the readiness?

PD: As we talk about workforce innovation, what I’m really looking at is that technology is changing, and organizations need the ability to both use new technology, but also to support the changes. In that article, the precursors that I talked about were culture, operating model, and continuous learning. So, from a cultural perspective, to be innovative you have to have the ability to fail. You can’t be in a “blame culture.” You have to have the freedom to try new things, try new technologies, and fail at them.

To be innovative, you have to have the freedom to try new things, try new technologies, and fail at them.
Tweet: To be innovative, you have to have the freedom to try new things, try new technologies, and fail at them. @msitsm @ThinkHDI #servicedesk #ITSM #HDIConf #SPOCcast #podcast

I always like to get people back to Thomas Edison. We would never have a lightbulb if he worked for a modern company that shut down his experiments, telling him he was using too much glass, would we?

RA: No, we would not.

PD: No, we would not. So you’ve got to be able to fail to be able to succeed at innovation. So that’s the first thing is creating a culture of that.

The other is the operating model. And operating models basically enable organizations to manage initiatives with the right policies, standards, and procedures. They give people a place in which they can work. And the VeriSM framework is a great primer on building operating models that work across an organization, not only involving IT. And that’s what’s so beautiful about it is the operating model can be an enterprise-level operating model.

And then the third one is continuous learning, because obviously, nobody knows anything about the new technology, right? So we’ve got to give them an opportunity to learn about every new technology that comes out, to continually be training themselves in new frameworks, to really have that culture that we always want to keep learning.

RA: That’s one of the things that HDI kind of prides itself on is providing the community with information through training and classes and that part of it, but also through the other things we do, including the podcast. We like to keep people informed and educated.

PD: But you’ve got to give people time to do it, right? You’ve got to give them time to take advantage of those great opportunities that you’re doing.

RA: Amazingly important, and a lot of organizations don’t. And as we know, when there are budget cutbacks or changes in the economy, usually the first thing that goes is training and education, right? That’s the first thing they cut.

In one of your articles in SupportWorld, you gave a lovely definition of innovation:

“Innovation can be defined simply as a new idea, device, or method; however, innovation is often also viewed as the application of better solutions that meet new requirements, unarticulated needs, or existing market needs.”

That’s a really nice definition. Thank you for including that.

PD: It’s really funny because back in the old days, I worked for one of the largest [car] dealership groups in the country, and they were a very innovative company. They were the first company that sold cars via the internet and other things. I remember that IT was looked at as unnecessary overhead, until we started selling cars over the internet, and until we came up with a web portal that delivered a virtual desktop. And this was way back, before virtual desktops were even heard of. And when we were able to do those two innovative things, it completely shifted how the business viewed IT. All of a sudden, we became a partner. So, it’s so important to have the environment that pushes innovation.

RA: You made a case there for something that a lot of folks in our line of work have been talking about, which is being a business partner. Not just being a service provider but really partnering with the business to find those new solutions and understand the needs of business units better and provide them what they need in terms of technology and innovation to move ahead.

PD: And it took something, right? It took some of the executives from IT going out to a dealership and buying a truck. And they looked at every aspect of the experience of buying a truck, from how long it took to do contracting to how many pieces of equipment were on the dealership desks that they moved back and forth between. And that’s where we started to build some of the things that we built for them and make those recommendations. But the first thing you have to be is educated about your business.

The second thing you have to be able to do is operate your existing technology and services in a stable manner. If everything is down all the time, they’re not going to put more technology in. So we had to first clean up our act. Once It was viewed as being able to operate our key strategic systems, then we were able to start talking about innovative ideas.

RA: [A] very popular topic in our world these days [is] self-service. Many companies and organizations are struggling with adoption. You’ve written a lot about building portals designed with the end user in mind. Can you tell us a little bit about why it’s important and a little about how to do it?

PD: Let’s set the stage. Because I’m a consultant and implement tools for clients, I’ve seen a lot of service portals, and I’ve designed a lot of service portals—probably more than most practitioners would design in a lifetime. So, I see what works in them, and I see what doesn’t work in them, and then I talk to the users, and do focus groups. So I’ve learned a lot out of having all that experience.

The reason (I think) that portal adoption is a problem is because we fail at portal design. When I look at some portals, and the customer is having trouble getting adoption for that portal, usually what I see is the portal itself is horrible. It might be very lackluster, no images, no really exciting things that you can do in portals nowadays. They’re laid out in a way that’s very IT-centric, typically. They have language that’s IT language…I’ll go back to my examples again.

When Amazon started as a bookseller—yes, remember that—they used to just sell books…When Amazon first started, people didn’t shop on the internet the way they do today. If they had created a shopping site that made it difficult to find the book you wanted, they would have gone out of business, and we wouldn’t have the Amazon that we have today. They knew they had to design something that was attractive, easy to navigate, and easy to buy from. And those are things that we should bring into portal design.

When I talk to people, I say, the first thing you need to do is go shop online. Shop Amazon, shop a department store website, and see how they build things. You would never go to Amazon and have an item called “Books” and a bunch of dropdowns with every book that they sell. Yet people will put software in a catalog under a software request for every piece of software they offer, and then there’s these 250-line dropdowns that people find very difficult to navigate. So, it’s all in the design of the portal. Why I wrote the book, Service Management Online: Creating a Successful Service Request Catalog , is that I wanted to give people a guide to doing it right. I don’t expect everyone to hire a consultant to build a portal; I want them to be able to learn… from reading, and certainly from presentations at HDI Conferences and some the work that HDI does on webinars, podcasts, articles, is a great forum for being able to share those ideas to where they can look at it.

And then the last thing that’s worth mentioning—because it’s not in the book because it really broke out after—which is digital design. For IT people that don’t know a lot about designing a portal, they can engage their marketing department, or people that know how to design in today’s digital design environment or UX (user experience) environment. It’s really understanding the people that are going to be using the portal as personas, what their role is in the organization, how technology savvy they are, and then map the various journeys they’ll take through the portal. And then when you start applying that to portal design, you start to get to a successful level.

RA: One of your sessions at HDI 2019 Conference & Expo is called We’ve Been Hacked: Why Security Needs All Hands On Deck. How should security ops be integrated into IT service management?

PD: Well the first thing is a little story. It’s a story about implementing a security operations vulnerability management tool for a client. And we get to the point where we’re trying to hook up vulnerability management—you know, basically pulling in the potential threats and being able to know which ones you need to mitigate—and we start trying to hook into the CMDB (Configuration Management Database). And the CMDB owner is like, “Well, what are you going to do with my CMDB? What do you mean I have to have everything in my entire enterprise in the CMDB? I have to go global, and I have to go to the desktops? What do you mean?”

So, let’s look at what we mean. There’s two aspects of security operations. The first is the breach prevention, which is taking the databases of known threats and managing the vulnerabilities that they expose. So, in order to manage the vulnerability, you first have to know do you have that environment in your infrastructure? So, if I’ve got a vulnerability in the Linux world, if I don’t have any Linux servers or Linux desktops, I don’t need to worry about it. Well, how do I know if I have a Linux desktop or server if I don’t have a CMDB, and if the CMDB doesn’t include desktops and operating systems? So that’s Number One.

The second piece is security incident management. If a breach does happen, and—let’s stay with Linux—and it involves a Linux vulnerability, how do I find the machines that I need to go segregate, take offline, reformat, address if I don’t know where they are?

So when you think about SecOps vs IT service management, IT service management owns the CMDB, and SecOps is one of its really big consumers. But they live in two divisions, because typically you’ve got your CIO and your CISO (or Chief Information Security Officer) in two separate silos and they operate separately. It starts at the top. We’ve got to break down that silo at the leadership level, and the teams need to be fully integrated. They can report to different people, but their activities need to be fully integrated.

And when you look at ITSM, there is an information security process that lives in Service Design, and it is where SecOps lives in an ITSM world. Its’ just that we don’t implement like that. There are places for them to come together, but they just don’t because they live in different silos. So that’s what this…presentation is about.

Join Phyllis at HDI 2019 for her session We've Been Hacked: Why Security Needs All Hands on Deck.
Join us!

About Phyllis Drucker
Phyllis Drucker is an ITIL®-certified consultant and information leader at Linium, a Ness Digital Engineering Company. Phyllis has more than 20 years of experience in the disciplines and frameworks of IT service management, as both a practitioner and consultant. She has served HDI since 1997 and itSMF USA since 2004 in a variety of capacities including speaker, writer, local group leader, board member, and operations director. Since 1997, Phyllis has helped to advance the profession of ITSM leaders and practitioners worldwide by providing her experience and insight on a wide variety of ITSM topics through presentations, whitepapers, and articles and now her book on the service request catalog, Online Service Management: Creating a Successful Service Request Catalogue. Follow Phyllis on Twitter @msitsm.

Roy Atkinson Roy Atkinson is one of the top influencers in the service and support industry. His blogs, presentations, research reports, white papers, keynotes, and webinars have gained him an international reputation. In his role as senior writer/analyst, he acts as HDI's in-house subject matter expert, bringing his years of experience to the community. He holds a master’s certificate in advanced management strategy from Tulane University’s Freeman School of Business, and he is a certified HDI Support Center Manager. Follow him on Twitter @RoyAtkinson.

Tag(s): supportworld, service management, security management, ITSM, IT service management


More from Roy Atkinson