FASTtalk January 2008
The long awaited revision of ITIL®, launched in June 2007,
presents a rigourously updated source of best practice on IT
Service Management.
Within 2 weeks of it's launch, 50,000 hard copies of ITL v3 were
sold - quite a bestseller! The development of a new service
culture, the ITIL framework surrounding IT, it's role is supporting
IT in a compliance and risk environment, and how software
solutions - whether best-of-breed or integrated - should
evolve to enable IT, were discussed at the recent FASTtalk CEO
roundtable. Participants included ITIL author Shirley Lacy,
Federation members Centinnial, Landesk, Numara Software and
Hornbill, industry analysts and FAST client WSP Group.
Service is high on the business agenda
Today’s businesses are facing a multitude of challenges: global
sourcing of products and services, changing architectures such as
service virtualisation, a climate of compliance, the need to
balance stability against customer responsiveness and process
innovation, and having to measure IT in business value
outcomes.
There is no doubt that companies are under increasing pressure
to adapt quickly to the needs of the business and their customers’
demands, so managing IT as a service to the business is the
watchword for IT departments. It is no longer enough to wish for IT
and business alignment - it must be ‘true’ IT and business
integration, glued together by IT asset management.
Enabling this service culture is ITIL, a customisable framework
of best practices and the most recent version, v3 was released
earlier this year. Its co-author, Shirley Lacy, Director of
ConnectSphere, believes the version meets the needs of today and
tomorrow. “3 years of global input has gone into v3 reflecting a
business environment which has to cope with globalisation and
business integration, the challenge of moving towards
virtualisation, and a surrounding compliance and risk culture.
IT service management is not just about the IT assets and
liabilities and unauthorised changes. It’s about managing your
complexity and risk and taking an integrated approach to that. With
ITIL, you can start from anywhere. In a global environment, some
may want to stick with v2. Or, if you’re new to ITIL, you can move
up to the highest level in an efficient way. It doesn’t really
matter where you start from. What v3 is about is a services
lifecycle.”
ITIL adoption - Europe versus US
Europe is well advanced in its adoption of ITIL and understands
more fully how it can and should be used. However, its acceptance
and usage is not the same around the world, where ITIL compliance
is regarded more as a ‘tick box’ for vendors.
Andy White, Managing Director for Numara Software EMEA &
APAC, says both organisations and countries certainly differ in
their understanding of and approach to ITIL. “There are 3 types of
ITIL customer: those who need ITIL for compliance; those who think
they need ITIL but don’t; and those who don’t need it. US markets
will ask if you’re ITIL compliant and that will be all they’ll ask.
Yet in European markets, we frequently get into the nth degree of
ITIL elements.”
Analysts David Norfolk from Bloor Research and Martin Atherton
from Freeform Dynamics agree that ITIL is important for
organisations to adopt, but disagree on the extent of its adoption.
“Only the top 5% of organisations really get service, and ITIL
v3 is incredibly useful in understanding it,” says Atherton.
“Everybody needs bits of ITIL,” counters Norfolk. “But you don’t
need to adopt the whole thing.”
Andy King, Area Director EMEA North for LANDesk admits that for
some organisations, even ITIL may not be enough to counter the
human factor. “Humans are the unfortunate by product of IT. ITIL
will not prevent you doing stupid things, but it will help prevent
you from doing it consistently.”
The role of IT
Buzz Albats, Quality and Compliance Manager at construction
group WSP, has gone down the certification route for ISO Standards
such as ISO 27001, and previously BS 7799. Although he has no
specific knowledge about ITIL, he accepts ITIL’s role in managing
the business’s compliance and risk through an IT service framework.
However, he doesn’t see IT as a special case when it comes to
supporting the business. “IT is like HR or Marketing. Our
philosophy is to align the delivery of IT to the business. IT is
simply part of the costing for the services we offer. We try and
get out of the silo mentality, so we treat IT as just the same as
the cost of 3 engineers for a project.”
When it comes to aligning the delivery of IT to the business,
how should solutions be adopted? Choosing so-called ‘best-of-breed’
packages, or adopting an ‘integrated solution’? Andy Burton, CEO of
Centennial, believes the answer lies somewhere in between,
depending on the size and maturity of the organisation. “There is
no one straight answer between best-of-breed and integrated. Even
with best-of-breed, you’ll come across alliances between vendors.
As a general rule, smaller organisations will choose an integrated
solution that makes life easier. But bigger organisations usually
need best-of-breed to cope with the multiplicity of environments
they have.”
Graham Browne, EMEA Sales Director for Hornbill agrees it is not
a straightforward choice. “People talk about best-of-breed versus
integrated in all aspects of life, not just IT services solutions.
There is no right or wrong answer.”
Numara’s Andy White says the distinction can go even further.
“What’s emerging in the upper mid-market is that companies want
real value. And that means not ‘best-of-breed’, but
‘best-of-category’. They want something that enables them to take
control of their IT infrastructure. We’re seeing a pragmatic
approach from organisations that want technology that empowers
them.”
Focusing on the end result
LANDesk’s Andy King believes that in many cases, customers don’t
really know what they want, other than that they have a problem
that needs fixing. “Customers usually come to the market because
they’re fire-fighting. What is a differentiator is the number of
people managing their IT assets. Some may have tens of thousands of
assets managed by just 3 people around the world.”
Shirley Lacy agrees that the number of people involved in
service management is an important criteria. “People often don’t
ask the question, ‘How many people do I need to run this?’ One
organisation I came across had 20 people in configuration
management, and one organisation had just 1 person. But when
you get up to 20, you’re reaching a level of complexity.”
Whichever approach is adopted by the customer, the technology
still has to deliver effective management information and achieve a
return on its investment for the business. Good management and
stewardship of information is clearly critical to most
organisations, but can the already pressurised IT director deliver
what the business demands, and remain on the right side of the line
when it comes to compliance? “IT is still too navel-gazing. We have
to look at this infrastructurally, and IT has to be brought into
the decision-making,” says Quocirca analyst Clive Longbottom.
Shirley Lacy believes some organisations, particularly those who
have embraced ISO 27000 and ISO 27001 are providing great service
to their business, but believes others have seen service
degradation with a number of issues over the years. “Often risk
doesn’t manifest itself until 3 or 4 years later. I think
a lot of organisations are now getting back to reducing cost and
valuing risk. But when you have 4 incidents in 3 months,
you’re doing too much business change,” she says.
Inertia towards compliance
Surrounding discussions of ITIL v3, and the role of the IT
department in engaging i, is the environment of compliance and
corporate governance. Companies, particularly those in the City,
are familiar with the compliance regime of Sarbanes-Oxley.
But outside the City, and from
a Software Asset Management and licensing perspective, how many are
aware of the influence of the Gowers Review, and the need to put in
place good processes and control?
Only around a third of British businesses are actually working
towards becoming compliant, FAST admits there is still more of
a shorttermist approach than seismic shift when it comes to
licensing and compliance. “Organisations want to do the right
thing. But senior management has no willingness to change the
culture. They believe that buying a tool fixes the problem. What
they should be looking at is what is in their environment in
totality. Buzz may have found it possible to do it culturally
within his organisation, but in a lot of others there is no senior
person willing to go the whole way.
It is only when security incidents occur such as that which
nearly lost a Japanese Bank $250m, that organisations understand
the need to have a close look at their network and not just the
things they expect to find. Doing this can play an important role
in reducing the risk of security breaches. These things are a true
test of non-compliance, and sadly, a lot of companies do things in
half measures.”
LANDesk’s Andy King agrees. “The culture is certainly that of,
‘I’ve bought a tool, so I can get you off my back for 4 to 6
weeks.’ Unfortunately, it’s that fire-fighting approach again.”
Andy Burton of Centennial says there is an obvious cause and effect
when publishers turn up the heat over licensing. “When Microsoft
makes an announcement, you can see downloads go through the roof.
People want to feel the proximity of the issue, but they’re also
cannily aware of their risk factor.”
FAST believes that ultimately organisations fail to take a
holistic approach to licensing because they’re still not concerned
enough about being compliant. “I think it’s about why you do what
you do,” he says. “I know some will say that nobody does a bad job
on purpose, and that things just drift off. But it’s about knowing
the cost of being non-compliant. It’s about the thing that will run
your business in a better fashion. Do we need additional
legislation? No. We just need to reinforce what we have now, and
the Gowers Review is the impetus to change. For now, people still
only react to the consequences once they’ve happened.