ITSM Roundtable April 2007
With ITIL V3 about to debut, Chief Architect Sharon Taylor chairs an exclusive roundtable to discuss what the new version means for ITSM, business and the CIO with representatives of CA, Oracle and BMC|
Sharon Taylor: In May of this year, the core practices of the new version of ITIL will be published. The new series, entitled ITIL Service Management Practices, is based on a service lifecycle approach and consists of six core books: Service Strategy, Service Design, Service Transition, Service Operation, Continual Service Improvement and Introduction to the Service Lifecycle.
|| Sharon Taylor
|| John Aisien
|| Ken Turbitt
|| Brian Johnson
During its development, this library has come under intense public and media scrutiny. Experts, sceptics and the public are either hailing the new version of ITIL as the long-awaited ITSM Holy Grail or the end of what we know ITIL - or knew - to be.
The author team and I believe that the truth lies somewhere in the middle of this hype; ITIL practices are at last coming of age and expanding the horizons of IT service management. This is what the ITSM community has been asking of ITIL for years now.
The current version of ITIL is recognised globally, mostly for two of the nine book set, Service Support and Service Delivery. They offer a process-focused view, largely operational in nature. Some say this is what ITIL should continue to be. Others say that has been part of the problem with ITIL.
One thing is certain and that is there are polarised views circulating about what the new version of ITIL will look like and what it must be to meet the consumer’s need. ITIL popularity continues to grow globally, as do the formal qualifications that support the practice. A large, global, heavily-invested industry has grown around ITIL.
What will a shift in the ‘ITIL way’ mean for the industry? What will happen next with a new approach and a new release of ITIL on the heels of business? For the community that lies in wait, these aren’t the only questions they are eager for the answers to. Below, industry experts and I attempt to provide them.
Many members of the ITSM community have commented on the need to keep a process-based focus for service management and have criticised ITIL V3 for moving to a lifecycle view. Do you think the changes coming to ITIL will result in improvements to ITSM? Do you think a service lifecycle approach fits with the industry direction?
Brian Johnson: Improvements are difficult to predict and it will be harder still to verify claimed improvements, as any metrics will need to be in place and tracked over a reasonable period in order to know for sure.
The second part I can only answer by saying the approach has always been available (look at ‘software lifecycle support’ and ‘testing software for operational use’ in ITIL version 1). The principal hurdle is that operations cannot mandate the ITIL method on development, so how much impact will revisiting the concept have? Few organisations were either mature enough in process to embrace software lifecycle support as a process, or had any way to materially influence development back in the nineties. Today, many organisations continue to struggle with immature processes. Theoretically the change is beneficial; practically it is going to be a challenge to demonstrate.
The process based focus will not go away. It remains part of V3; it has, however, been emphasised within parts of a broader lifecycle.
Ken Turbitt: The current version of ITIL was about IT-to-business alignment and this is something many organisations, large and small, are still grappling with. So many with this focus will wish to use the current version. Many customers and potential customers that I talk to are still implementing ITIL in silos to address immediate pain points and so they reach for, say, the Service Support book and dig into the section on Incident Management or Change Management.
Now we know the real value is in implementing many sections together in an integrated manner. Change and Configuration Management together, Incident and Problem Management together, for example. Today this serves to get many onto a best practice route and begin to stabilise their IT operations, moving from a state of chaos to being reactive. Now, with ITIL V3, the service lifecycle approach is still valid and some organisations will want that focus, as opposed to or in combination with, the IT-to-business alignment.
However, the good news is that many actually implement on a service-by-service basis, so having a lifecycle approach will aid this, provided they can select the services they wish to implement one by one and not be driven to all or nothing. Many cannot afford that disruption to their current operations, let alone the cost. So I think initially both have a place. Moving forward, confusion will exist with two versions of ITIL and we need to keep evolving to cater for both perspectives, IT-to-business alignment and service lifecycle, ensuring people can implement in a phased approach, not a big-bang approach.
John Aisien: The history of enterprise IT has, as a primary prevalent theme, the highly successful use of software to automate key functional business processes, for example, ERP, HR, SCM, finance, etcetera. However, IT operations are themselves primarily about processes, many of which are repeatable, and are thus prime candidates for automation. While there are numerous successful examples of such IT process automation, there is still a tremendous commercial opportunity for IT itself to focus further inwards and establish standards that could serve as a foundation for an ‘ERP for IT’.
Such a solution could take the form of an integrated, logical IT services ‘container’ for an enterprise, which exposes standards-based interfaces for the key IT processes that lend themselves to automation. This container would, of course, need to be integrated with existing underlying technologies that provide the required functions, such as security administration and systems monitoring, again via standards to enable maximum reuse of enterprises’ expensively incumbent solutions.
Another significant contributor to the ever-increasing portion of the budget expended on routine operations is the cost of automating routine operations that typically span multiple applications. For instance:
These are some examples of the myriad tasks on the to-do lists of IT operations, which, due to the inflexibility of most traditional enterprise applications today, drive increases in cost and complexity. Services-Oriented Architecture (SOA) has as its design centre the abstraction of business processes from the underlying logic that execute or automate the tasks that consist of these processes. The increasing pace at which this architecture is being adopted by all the participants of the enterprise IT value chain provides me with confidence that we’ll observe a reversal of this trend over the next few years, as SOA principles become increasingly well-understood and thus widely and successfully deployed.
- Modifying business processes across typically heterogeneous applications in response to routine business events
- Getting real-time access to business insight from multiple applications to serve as decision support for a key, but routine task
- Executing increasingly onerous compliance enforcement processes associated with ensuring that only the right users have access, or access privileges to the right IT resources
What are the key ITSM issues that you think face us in the next three years that ITIL V3 must address to be successful?
Ken Turbitt: I think the first issue will be how to deal with pervasive computing. Change and configuration management needs to be able to handle always-connected, complex mobile devices and applications. Interfacing more with some of the Telco best practices like NGoss and eTom will help, as they have experience in this kind of complex environment.
The second issue will be service supply chain management, as many organisations will outsource some or all of a service, which may only be a part of a larger business service. The potential problems will include how to manage that end-to-end service supply chain in terms of technology, service levels, process, procedures and roles and responsibilities.
Lastly, moving to service management, regardless of whether it’s IT or business, all being treated in the same management manner could be challenging. For example, the business ERP and IT ERP (often referred to as BSM) converging under the same management protocol or standard. Part of this will be service portfolio management with project portfolio management and applications portfolio management.
John Aisien: These two views can absolutely be aligned. Measurable cost reduction is a proven and significant driver for ITSM across the enterprise IT landscape, but not by any means the only one. Some other examples of ITSM project drivers, and thusly-realised benefits, include cost avoidance, risk reduction and business enablement, for example providing the necessary foundation for a corporate initiative that has successfully generated revenue growth.
Brian Johnson: Capacity, costs, business continuity, availability and service management must all be mature. Integrating project management with RFC lifecycles is also key. The project management world does not use ITIL for guidance and, similar to the challenges with development communities using some of the ITIL guidance, there must be cross-pollination of ideas between communities for progress to be made.
There is a new qualification scheme being developed to support ITIL V3. Many think this is an opportunity to address current gaps in the depth, quality and delivery of ITIL education. What key improvements do you feel are necessary for ITIL education that would lead to an increase in the potential of ITIL certifications?
John Aisien: The oft-stated ‘gap between business and IT’ remains real and contributes to such misconceptions. IT departments are providers of a bundle of services that, while increasingly critical to the business, is one of multiple services that businesses depend on to create value for their owners. Yet, partly as a result of the relative youth of IT as such a critical service to business, the difference in lingua franca with which the business describes its ever-evolving requirements, and that which IT uses to implement these requirements is at the heart of the reason for existence of this gap. One of the solutions, the establishment of a common language across business & IT, is one that will require a long lead time for realisation, and will require a combination of organisational buy-in, enabling technology and institutionalised process rigour to achieve.
Brian Johnson: The Manager qualification (sometimes incorrectly called the ‘Masters’) has become devalued in the eyes of some because inexperienced (but smart!) people can pass the exam and become ‘consultants’. Similarly, Foundation provides basic knowledge though the real benefit is in awareness and commitment. More advanced qualifications and more practitioner qualifications would be good.
Ken Turbitt: Foundation, Practitioner and Manager are all good in their own right for the level of skill necessary for various individuals. In my view, team certification is required to not only train and accredit an individual, but collectively teams that could work together in delivering and supporting a service. It would also be helpful for continual improvement of the individuals that some scheme similar to the BCS or IMIS be taken into account so points are awarded continually when people have external education on related topics, either through formal training or as part of presentations or events. Maintaining a ‘current qualified’ level of points ensures that these people keep their knowledge up-to-date and relevant. Finally, as IT is such an important, indeed endemic, part of business today, the certifications should be made a part of any university degree on service management.
ITIL V3 is said to have content targeted to a C-level audience. Do you think CXOs care about ITIL? Should they? Why or why not?
Ken Turbitt: This is an interesting point. All CXOs would be impacted in some way by either the lack of ITIL deployment or when full ITIL is deployed. However, they do not necessarily need to know about the best practice called ITIL, only the benefits, improvements and results it will bring. So, if you mention ITIL to a CEO or CFO, they may glaze over, and rightly so. But if you mention protection of profits (reducing unplanned downtime via mis-managed changes), you would grab their attention. I think if we get away from IT service management and look at service management, then elements like the service strategy will strike a chord at the CXO level to ensure the corporate strategy is reflected in how all the services that make up a business are delivered.
Only at this level should the CXO be aware; except for the CIO/CTO, anything else would be too much information and needless detail. After all, the CEO will know of GAAP and what is pertinent to him, but he may not know all the details - he would expect the CFO to know all this. What they do need to know is that, like accounting and finance, IT has a best practice which aids compliance to regulations and stabilises IT operations, ready for new projects.
Brian Johnson: V1 had an entire business perspective series (three books) and V2 had the update on those books; however (as with the project management and development domains), persuading a new audience that something from another domain is relevant is difficult.
John Aisien: Open source, one of the models by which enterprise software is developed, is often depicted in conventional wisdom as necessarily meaning ‘free’ or ‘cheap’. This is not always the case. For example, what Oracle has done with its recent announcement of support for Red Hat Linux is, at its heart, a strategically important initiative in that it enables us to offer the marketplace access to, support for, and the benefits of, pre-integration across the entirety of the enterprise software stack from a single vendor.
This has nothing to do with the model of development for the operating system software that we’ve chosen to distribute and support, or how we price these services. In fact, we expect that there will be elements of our addressable market and existing customer base that would perceive significant value from the opportunity to reduce their operations and integration costs via a partnership with Oracle across the entire stack, and would thus be willing to pay incrementally for such benefits. Ultimately, enterprise software development is a highly capital-intensive business, which requires scale and scope to execute properly. Having said that, significant innovation has already commenced in the specific methods by which software vendors get compensated for the value that they create for their customers, independent of software development model.
Since the current version of ITIL was published, CobIT, Six Sigma, Sarbanes Oxley and similar frameworks and legislated requirements have crept into the IT service spectrum. There is now even an ISO/IEC 20000 standard for service management. Must ITIL now compete for attention in this arena now or is there a reason that we would continue to need ITIL with all this?
Brian Johnson: Yes. ISO in particular is gaining ground; some organisations want a badge, or some recognition of achievement for the enterprise. ISO compliance for the organisation is tangible; ITIL unfortunately is not. ITIL can help with ISO and with other frameworks that require process good practice, like CobIT. So ITIL is valuable and will remain so; it is, however, not a standard and does not do everything. How could it? It is a process framework. Sometimes ITIL is unfairly criticised for failing to address some things; it is not, and never was, intended to be a universal panacea for IT and it is unreasonable to expect that from a single framework.
John Aisien: The fact that ITIL has been so successful in securing mindshare across the business software value chain bears testament to the benefit that arises from those that live and breathe the problems that standards purport to solve being involved in their conceptualisation and development. This is not to say that there’s anything wrong with a specification or a standard being initially vendor-conceived. For example, at Oracle, primarily because we’re leveraging our own middleware to build the next generation of our business applications, we’re uniquely placed to identify valuable opportunities for standardisation. However, it goes without saying that for these standards to gain widespread acceptance, leadership from the ultimate recipients of their value is a key pre-requisite.
Ken Turbitt: At present, of the frameworks mentioned, Cobit, Six Sigma and ISO 20000 are complimentary to ITIL and so do not compete. MOF does compete, though it is heavily based on ITIL v2. ITIL has, to date, international acceptance as the IT best practice for delivery and support of IT services. Therefore this position has to be nurtured and maintained, especially as many have aligned with it already. Many vendor applications have automated processes based on ITIL and a new competing framework would cause confusion in the market. After all, going back to the GAAP, we only have one. Now, we do need more collaboration between the other related/complimentary standards out there to assist ITIL followers and implementers.
Take CobIT, for example; ITIL does not go into detail about what should be reported on, or which controls should be set in place for auditing. Working with ITIL and CobIT together would assist (many controls have ITIL headings for ease of reference already). Six Sigma is not a best practice for IT services, however it is good at removing defects in the service delivered and is part of the continual improvement arena. So, in short, showing the complimentary elements of the main best practices in conjunction with ITIL will greatly assist the business and hopefully avoid a new ITIL emerging and competing with the one we’re currently upgrading.
A myriad of ITIL-based products and services exist in the market today, many claiming to be ITIL compliant. Do you think the release of a new version of ITIL will send vendors scrambling to engineer new products for the ITIL market space?
John Aisien: I don’t think that a one-size-fits-all approach to the establishment of an organisational structure for process ownership makes sense across all businesses. Much more important than how process discipline is institutionalised organisationally is the degree of executive support, agreement of common notations for process definition, successful implementation of a common repository for business processes and, very importantly, organisational & technical integration between this common process repository and the technologies that actually execute & optimise these processes at runtime, typically via functions provided by the organisation’s critical business applications.
Ken Turbitt: That’s a good question to put to a representative of a major vendor! The vendors are keen to understand what is within the ITIL v3 (Editor’s note - this interview was conducted before ITIL V3’s release). We already know that what is in V2 will be in V3, so many of the products are protected from that standpoint. However, we also know that new areas are emerging and enhancements to existing areas are going to be made. The vendors will review and assess and will enhance their ITIL-aligned applications and systems, and if necessary bring out new ones for the ITIL V3 elements. I have to say that I’m not sure about there being a “scramble”, but vendors will be keen to help consumers by aligning with the new version where appropriate.
This will only benefit the customers who are intending to align and implement ITIL V3, though, as the vendors will continue to work on improvements, making it easier to upgrade and implement the new processes. As always, the key issue to watch out for will be which vendor has the best integration for the delivery of the full solution at a process level.
Brian Johnson: Development costs would preclude attempting to adhere to the very broad church that is ITIL. It will catalyse some improvements, no doubt (closer coupling of related tools perhaps), and almost certainly there will be marketing around having v3 compliant offerings. However, because ITIL is not a standard, compliance is just not possible and with so many variations on the interpretation of the ITIL content, issues with regard to software will remain and more will arise.
Gartner has predicted that a major future growth area for ITIL is the small to medium enterprise. Sceptics predict that ITIL V3 with its service lifecycle approach caters only to the large, deep-pocketed consumer. Do you agree with this? Can’t small and medium enterprise benefit from a lifecycle approach?
Brian Johnson: Anyone can benefit; the issues will always be the evidence to validate a business case, organisational readiness (maturity) and the ability to make the investment.
Ken Turbitt: The debate on this has been ongoing since the release of ITIL V2. Many small to medium organisations are said to find it too much to handle. Yet we know that many actually carry out the functions by accident, unaware that ITIL describes it. The difficulty arises in determining what you call small to medium. In the US, a business defined as an SME would be considered large or even an enterprise in many parts of EMEA, so it becomes difficult to answer.
The obvious response is that the content will be of value regardless of size; even if you do not implement, one will have learnt and put some beneficial changes into place. My view is that ITIL V3 will be mostly for the large enterprises, especially when it caters for outsourcers, but the information will still be relevant for SMEs, too, though full adoption may not occur. Actually, full adoption in many large enterprises of the existing version of ITIL has yet to happen!
John Aisien: The bigger question in my mind is why these areas aren’t being monitored in the first place. Monitoring of critical business activities, which are typically supported by IT systems, is one of the most powerful services that the CIO and IT manager can provide to the business. Access to real-time information from in-flight processes provides the entirety of the business, including IT itself, with the ability to respond to contextual changes, such as a supplier’s costs exceeding pre-agreed thresholds, or key applications’ performance degrading below acceptable limits, within the shortest possible period of time. Technology now exists, from Oracle and other vendors, which provide this sort of powerful business activity monitoring capability that CIOs can mandate as a requirement for all ITSM and SOA initiatives.
The entrance of ITIL V3 into the market will offer opportunities to innovate new products and services to the ITIL consumer. What buyer-beware advice would you give to the average consumer about early product hype that might knock on their doors?
Ken Turbitt: As with any hype, even as indicated in the Gartner Hype Cycle, it raises inflated expectations. Therefore, as always, it is best for the consumer to read the new books covering the new product or service area being investigated and ask appropriate questions of the vendor. This will both show that the consumer understands what they are looking to acquire and test the vendors’ knowledge of ITIL and their products or services. The benefits from ITIL come from the integration of the processes, the life-cycle automation, so always test how well integrated the new product or service is to the existing elements at a process level.
John Aisien: Every significant organisational change is inherently difficult and, to an extent, disruptive, so in that sense the fears are well founded. I think that all organisations have to evolve at the appropriate pace, typically driven by much more important factors than advice from a representative of a software vendor! Successful, well-led organisations have a well-tuned ear to changes in prevalent context and what steps to take to react to these changes. For many organisations these steps would include the adoption of ITSM for the direct benefits that it provides and for the foundation that it establishes for greater corporate agility.
Brian Johnson: There is no recognised certification for compliance to V3 and if the books are released on time on May 30th, how long does it take to become an expert in the ‘new’ guidance? Who certifies that expertise – there are only ten authors – and who trains the trainers and how is that validated? Finally, how can you be a consultant on new ITIL, all of a sudden, after reading about some theoretical good practices? ITIL V3 will offer a research and knowledge centre aimed at involving the community and partners in maturing and evolving ITIL practice going forward.
Currently there is no formal research, analysis or knowledge management evolution managed by ITIL. Do you see this as an area that ITIL should continue to develop going forward? Could (and should) this become a centre of innovation for ITSM?
Brian Johnson: I think organisations such as the itSMF, HDI and even Gartner have tried to do this. Perhaps APM Group, the administrators of ITIL examination and qualification since being awarded the role last year, may be more successful given the media interest in V3. However, to be viable it will need to be open. I think that a worldwide, multi-national community of authors could form such a body for the betterment of ITSM.
Ken Turbitt: This is a great idea. However, many of these activities are currently carried out by organisations other than the owner of ITIL (OGC). Such as the ITSMf and BCS, for instance, plus analyst organisations like Gartner and Forrester, and many vendors, too. Many of these organisations will not want to hand over this information to a new body creating an ITSM knowledge centre. However, a facility of coordination with links to key information from all of these sources would be of great value. I notice that ITP Global has been trying to facilitate such a framework recently, and maybe it could become the conduit for this working with OCG and ITSMf and the others I mention, and many more I’ve not. So the idea/concept is good but the issue would be around facilitation and content ownership/access.
Adopters of ITIL have, over the years, claimed major benefits from investing in the best practice. Does the evolution toward ITIL V3 raise issues or opportunities for those with mature ITIL practices today?
Ken Turbitt: If the benefits are already being realised within mature ITIL organisations’ implementations, then one expects to find that many of the new enhancements to the existing process in ITIL V3 have already put in place or looking into. If the new services or areas, as yet unknown to us, add value to the delivery and support of all services, then this is good and will be looked at by these organisations. However, the main issue would be gaining new funding for more best practice initiatives when the business budget holders think this project was already completed or is nearing completion.
I do not see organisations clamouring to obtain the new books and start implementing immediately. Yes, they may get the books out of curiosity to see what is new or changed, but will not risk more disruption by moving to the new version if their V2 implementation is mature. In my opinion, the move to V3 will be made over the next three to five years as vendors provide the capability. As V2 content has been moved over and enhanced in V3, then those already implementing V2 will and should continue as the overall objective is not ITIL (V2 or V3), but the stability of IT operations and the ability to change quickly with minimum disruption to current services within the business. Supporting and maintaining the business is the goal, not ITIL itself.
Brian Johnson: The opportunity is to become integral to the development lifecycle with consequent benefits to IT service design. The issues remain around empirical, validated evidence. Telling people what to measure is not the same as having statistics available that back up the measures suggested. Best practice provides an opportunity to improve the status quo. ITIL is an excellent catalyst for change, though it should not be considered the letter of the law; used pragmatically, it can be hugely influential in changing things for the better.