The ITIL framework fosters an approach to IT service management that is based on the development of a tight link between business and IT. CBR investigates how IT governance can help deliver the key principles of ITIL.
As enterprises have focused their attention in recent years on creating a greater link between the IT department and the business strategy, ITIL, the IT Infrastructure Library framework for service management best practice, has gained in popularity and is now driving new rounds of investment in enterprise IT service management projects.
Originally developed by the Office of Government Commerce in the UK, ITIL is a set of procedures that covers various aspects of IT service delivery from development, through systems management, availability, and maintenance, to the support of business services through helpdesk and service centres. In providing a set of comprehensive and coherent processes, ITIL underpins the delivery of IT services that are reliable, consistent, and of optimum quality.
But is ITIL, and business service management, missing out on a critical piece of the puzzle in delivering IT systems that are responsive to the needs of the business? IT governance software vendors certainly think so, including Mercury, which cites recent Meta Group research to support its view.
Amnon Landan, Mercury chairman and CEO
Meta Group anticipates that through 2005, more than half of IT organisations will invest in formalised IT business plans governed by service level agreements (SLAs). But according to Mercury, less than 10% of IT organisations have a well-defined service-level management process in place that can consistently communicate relevant service levels to business units.
"One of the things our IT governance solution brings to this is that at the heart of it is a business process engine through which you can apply best practices," says Roger Gilheany, Mercury's market development director for IT governance. "It automates the process as well with a service level applied to it and adds things like testing and configuration management."
Mercury is not alone in believing that IT governance software has benefits for ITIL-based service management that is not currently being offered by the systems management vendors' business service management approach.
"Historically, what CIOs have talked to finance directors about were technical things, such as uptime. They wanted to understand the business value or lack thereof coming from IT," says Josh Pickus, Niku's CEO.
"Where Niku is focused is not the infrastructure, which by and large runs very well, nor in service management. The real issue people are struggling with today is connecting those IT services to the business," he says. "There is a disconnect between the way business does its planning and IT does its planning."
Which is not necessarily to say that the IT governance vendors are pitching their solutions as alternatives to the business service management solutions on offer from the likes of BMC and Hewlett-Packard, however. "The focus has to be on business, rather than on service management, which I think is pretty good already," says Pickus, citing Niku's relationship with systems management heavyweight, Computer Associates.
BSM, as delivered by the systems management vendors, is said to help minimise the risk to the business by enabling proactive management of the IT systems that the services depend on. And by detecting problems before they impact end users, it can help improve the overall quality of business services, lower operating costs, and in some cases actually lead to increased revenue.
Where IT governance vendors have something to add, they say, is in providing the business more knowledge of its overall IT portfolio, as well as the application-centric view of system performance.
"ITIL and COBIT [the Control Objectives for IT framework that maps to COSO, the financial control framework that has emerged as the foundation to many compliance efforts] are really related to the way in which IT operates internally," says Pickus. "Once you have those standards you have a structure for a conversation, but if you are not responding to the needs of the business, you are not getting anywhere."
Pickus uses the example of a service management system monitoring application metrics such as uptime, performance and responsiveness, but missing the key measure of whether the application is actually core to the business.
"You have got all that information and you completely miss the business point, in that the application should not exist at all," he says.
Ken Turbitt, BMC global practices director, sees things slightly differently. "You can measure and monitor the responsiveness of the application, but how do you put the controls in place to keep the service up? What happens to capacity planning?" he asks.
Turbitt turns Pickus's example on its head, citing the case of a major high street retailer that launched an online retail campaign in the run up to Christmas that was too successful for its own good, crashing the company's systems and driving potential customers away. "The availability management measurement means nothing and speed of response means nothing," he says.
"Traditionally IT has had its own little empire and we have looked at everything from an IT perspective. The aim is to not only manage the infrastructure but also tie in with the service support model and tie in with the business processes to know what the impact on the business application will be. We have automated a lot of those ITIL processes into our business service model."
The ITIL approach fosters an approach to IT service management that is largely based on the development of an understanding between business and IT elements, and in the wider scheme builds on the use of a central configuration management database, or CMDB. In this schema, the CMDB becomes the hub and repository of all information gained by all other systems management processes.
This central repository allows systems administrators the appropriate access levels to be able to query from a single logical location all relevant information about any configuration item. Increasingly, the CMDB is seen as having a pivotal role in the sales proposition of service management vendors. It is also a foundation of vendor proposals for BSM (business service management) as it is the notion of the adaptive IT infrastructure, which is intended to link IT provisioning and IT service delivery to business needs.
IT governance vendors have also started to implement the CMDB approach to their products. Compuware has partnered with Collation to provide an interface between Collation's CMDB and Compuware's Vantage application service management product. Meanwhile, a CMDB acts as the underling component of Mercury's Business Technology Optimisation suite. "We are actually adopting that approach to manage and monitor from a demand perspective," says Colin Fernandez, Mercury product marketing manager.
"From a BTO perspective I think we are seeing the interest in ITIL grow quite fast and it is fairly mature and being driven by things such as compliance, outsourcing and change and complexity," he adds.
The quality of data within the CMDB can very quickly impact the efficiency of the service management strategy, as all processes feed off and feed into configuration management. The ITIL recommendation is that configuration management is more than a simple registry of physical assets because it includes documentation, service level agreements, service catalogues, warranties and knowledge.
Until now, building the configuration management database has been seen as pretty much a manual and error-prone process, to first identify the elements and interdependencies that exist in the IT environment, and then monitor these over time.
Unfortunately, the process of loading and maintaining the CMDB repository is still far from being fully automated, and there are real challenges associated with keeping the configuration information in the CMDB consistent, complete and accurate.
Niku's argument goes that with a history of IT project portfolio management, it is in a position to supply that information, as well as identify the business requirements that can be met by business service management projects.
"Portfolio management enables users to aggregate the IT portfolio graphically," says Pickus, enabling users to identify spending on old versus new systems, comparing geographies, and comparing high and low-risk spending. "Without that portfolio view you will never get it right," he says.
Mercury's Gilheany agrees that IT governance and portfolio management gives users a head start in meeting an ITIL project. "The challenge is how do human beings run with best practices?" he asks. "Where I have seen our technology really work is in the implementation side. If you start with nothing, embracing something like ITIL is doubly difficult."
Pickus also points to application portfolio rationalisation, which enables companies to identify under-used applications and redeploy resources to more suitable business requirements.
Gilheany also cites this role as an important benefit of the IT governance approach. "One of the key things for us is that the services side is huge from an IT perspective, but what about the strategic initiatives? Where we see a major breakthrough in this area is in new projects and discretionary spend. We capture the information on all of that because it is all demand on the IT budget," he says.
"This is about the things that really make business more efficient. Unless you handle all that demand you cannot be more efficient. Service management is not just about the service level management but also business level management," adds Gilheany.
"Even though we have got all these wondrous efficiencies, most boards do not believe IT is valuable," says Gilheany. "You can show value realisation by repurposing operational savings into strategic projects and discretionary spend."
"You cannot do that unless you can see the portfolio from a business perspective," adds Niku's Pickus. "Our view of all of those [infrastructure service] efforts is that they are very valuable and complementary to what we are doing. We do need that information," he admits. "What we are contributing is a broader view."
There are multiple indications about the growing importance of ITIL to business. Michael Allen, Compuware's global performance director, cites a recent survey of 195 attendees at a Gartner data centre conference, which found that 51% of organisations are planning to start ITIL training and alignment by the end of 2006, with 15% aiming for the end of this year, and 22% the end of 2007.
According to Compuware's Allen, one of the key differentials that IT governance adds to an ITIL-based service management project is the ability to demonstrate the value of that projects in metrics and terms that the business can understand.
"With ITIL it has really been developed in recognition of the fact that business is relying on IT more and more everyday. ITIL is predominantly focused on production, and if you want to guarantee what you are delivering, ITIL is one of the best practices and frameworks," he says.
"IT is no longer seen as a technology environment, it is seen as a provider of service to the business. What was formerly the IT department is being seen as a service broker; businesses are requiring service level agreements these days. It is all about measuring effective, efficient responsiveness. One thing about ITIL is it is not actually explicit about how you go about measuring that," he adds. "Without the measurement you do not know if the problem is being solved."
Allen cites a Forrester survey of 400 IT decision makers at $500m plus companies, which indicated that 73% of the organisations said they find out about IT service delivery problems from the end user, and that only 28% were in a position to act by identifying who or what is affected by the problems. Additionally, only 30% of organisations had repeatable processes in place to troubleshoot the problems.
"The road map to ITIL compliance is a many-year investment and a significant investment, so organisations are saying we see the benefit and the need to do this," says Allen.
"If you are looking at measuring the service delivery to end users you need usable measures that the business can understand. It does not preclude the need to measure infrastructure silos," says Allen, but is about translating that information into a metric that has value for business users.
Despite its popularity, it is still early days for ITIL-based deployments and it is understandable that projects so far have focused on improving the service delivery of infrastructure technologies. If the single biggest issue about CMDB initiatives to date is that the content gathered for the database can be prone to inaccuracies and is very hard to maintain, then the capabilities offered by IT governance technologies and strategies discussed here could help improve the CMDB, ITIL and business service management success rate.