The last few years have seen organisations look much more closely at their energy consumption and in particular, the largest drain on energy resources, IT infrastructure. However, the recession has impacted the speed by which organisations have sought to develop more green IT and many data centres remain the energy gluttons, wasting costly – and limited – energy resources.

Adding to actual hardware costs is the increase in energy prices that has seen the cost to power data centres in Western Europe rise significantly, with IDC estimating the cost increasing 13 percent year on year in 2008 to reach €4.9 billion. For some low-end servers with an average three year lifespan it will cost more to power these machines than to actually acquire them. Consequently it’s clear that the data centre is a major consumer of power, not to mention a major contributor to any company’s energy bill.

But the pendulum may finally be swinging back as confidence returns. Industry commentators and analysts believe that green initiatives have started coming back onto the agenda because of the rise in costs for both IT and energy. As a result, CIOs and IT directors have turned their attention to the latest technologies for ways to reduce costs and build greener IT infrastructures. Attracting considerable attention is virtualisation.

A step in the right direction

Virtualisation consolidates the workloads of individual servers and runs them on a single, efficient server, requiring fewer physical servers and lowering electricity and cooling requirements. Many organisations have an abundance of home-grown or legacy applications running on individual, underutilised servers. Virtualisation allows enterprises to consolidate them on less expensive commodity hardware without having to rewrite old applications. For example, Sony Italia replaced 12 older physical servers with just two new ones running SUSE Linux Enterprise Server with Xen virtualisation, reducing its costs and freeing up valuable space in the data centre. The company avoided having to buy, maintain, power and cool ten new machines – and with 64-bit virtual servers running on the highly tuned SUSE Linux Enterprise Server platform, the new two-server cluster offers all the performance Sony Italia needs.

Why do many organisations have too much computing capacity in the first place? The answer is that historically IT has acquired a server for each application with a net result of creating huge server farms where each server has a utilisation rate of only about 20 percent. With virtualisation, IT can substantially increase the compute-capacity utilisation by using the same hardware to run multiple applications independently. This means that utilisation rates can rise towards 80-90 percent, allowing IT to reduce the number of servers. For example, Essent, the Dutch energy company, undertook a major data centre consolidation project, virtualising a large number of servers to reduce costs and energy consumption. As a result, Essent believes that the solution saved them about £2m for the data centre consolidation project alone.

If it sounds too good to be true…

While the case for virtualisation has been made industry-wide, its benefits come hand in hand with more complex server management issues. This benefit and cost offset has inhibited the full utilisation of virtualisation. Today, each virtual machine is managed as if it were physical. In order to achieve the lower power consumption and cooling costs virtualisation promises, organisations must also incorporate automated virtualisation management.

Implementing virtualisation alone is like assembling an orchestra without a conductor. You can have the best violinists, trumpet players and harpists in the world, but without an experienced conductor, chaos will ensue. Similarly, with virtualisation, a single point of management keeps all systems working together and supporting the business. Ironically, while attempting to reduce physical server sprawl, organisations can inadvertently create virtual server sprawl. Doing so likely means a host of unanticipated capacity and resource allocation issues. Understanding how to manage and allocate effectively is vital to optimising the new arsenal of virtual machines. This is where automation tools come in to play.

IT regularly ‘brings down’ a server for updating or servicing. While an inconvenience, workers have come to work around this procedure. With virtualisation housing a number of tasks and applications on one server, many aspects of the business are going to be affected by these downtimes. And on the off chance there is a server failure, there is a risk that a large portion of the business is completely ‘off-line’.

This scenario is a nightmare from an organisation’s perspective but especially so for businesses that are prediction orientated such as manufacturers since any downtime in the supply process caused by downed servers can lead to lost output, unsatisfied customers or lost sales. It would take only one of these ‘offline’ instances for executives to reverse their position on virtualisation in their data centres to avoid these disastrous situations.

Automated management alleviates the heavy manual process of moving files and applications. Not only does this help avoid an ‘offline’ situation, it enables effective server maintenance without risk. And if a server, either physical or virtual, fails there is automatic, rapid deployment of services for business continuity. Organisations can plan scheduled maintenance with confidence and reduced hassle, while keeping the business running smoothly. All the while ensuring cooling and power consumption savings and reducing the impact of the data centre on the environment.

Putting it into practice

Pernod Ricard Pacific, a wine and spirits company, is a great example of this in practice. The company was moving to new premises in Australia with a much small data centre and energy capacity. By migrating existing physical servers to virtual machines on SUSE Linux Enterprise with Xen, and provisioning new virtual servers instead of buying new hardware, the company eliminated or avoided buying a total of 50 servers. Instead of the projected 58kW, the company is operating all existing and new services inside the 32kW limit imposed by the new data centre and still has room for growth in terms of floor space, power and cooling.

In addition to reducing hardware acquisition and maintenance costs, Pernod Ricard Pacific manages the physical and virtual infrastructure from a single solution which automatically provisions new environments based on the available resources. Moreover, the increased utilisation of the hardware resources means that the company can accomplish more useful work within a smaller power envelope reducing operational costs and cutting the carbon footprint. It estimates that with Xen virtualisation on SUSE Linux Enterprise Server, it is saving 625 tonnes of CO₂ emissions equivalent to planting 2,250 trees.

Virtualisation has been on a crusade the last few years but with the emphasis returning to both cost reduction, IT efficiency and greening of the data centre, its importance will only rise further in the coming years. While virtualisation can be a tremendous boost to an enterprise’s productivity and environmental policy, without the proper automated management tools in place, it will threaten the very benefits sought in the first place.

Virtualisation’s promises of reducing sever sprawl, heating and cooling costs, and power consumption are enticing, but they cannot be attained without effective management in place. With orchestrated management tools that automate critical data centre processes, organisations can make virtualisation a central component in their green IT strategy.

www.novell.com

What challenges are businesses facing in IT right now? Business is all about how to make money and save money and the recent recession has had a drastic impact on how businesses go about doing this while ensuring ongoing customer loyalty and satisfaction. Economists define a recession as six consecutive months of negative growth in gross domestic product (GDP). Whatever definition you use the economic results are always the same: job losses, a decline in real income, a slowdown in industrial production and manufacturing and a slump in consumer spending.

This consequently has a significant effect on where businesses, large and small, focus their efforts. Recession forces businesses to look far more closely at their business models and question assumptions about whether they are in the right business, how they attract and retain customers, how they allocate their assets to improve profitability and service and whether or not they are as efficient as they can possibly be.

In tougher economic times, business managers are forced to scrutinise their organisational structure and people to see whether or not they have the right team to address the changing and emerging landscape and to see how they can carry out work more efficiently while ensuring and improving customer satisfaction.

Managers need to reappraise current ways of working  in order to see if there are aspects which could be carried out better by a third party organisation, whether IT can be used to enhance the customer experience more cost effectively through increasing the productivity of staff. Typically this will entail identifying areas where time can be saved through better processes and automation.

It is important for business managers to look carefully at where staff resources and money is potentially being wasted or lost and ask the question “can I automate these tasks to save time and money as well as maintaining good customer service?” more often than not the answer is yes.

Automating repetitive and mundane tasks frees up organisations to target and align their workforce more appropriately on important, front line customer facing responsibilities and ensuring day to day business standards are maintained and consistent. This allows higher level business goals to be achieved by ensuring staff are not distracted by unimportant yet urgent tasks.

What are the challenges?

Not only do organisations have to cope with the obvious implications of a recession, they also have to cope with the inevitable reduction in government spending and also the potential cost impact of new Government legislation. One such piece of legislation is the Carbon Reduction Commitment (CRC), a new Government-backed legislative carbon emissions trading scheme that came into effect on April 1.

The CRC is a mandatory climate change and energy saving scheme in the UK and its aim is to improve energy efficiency and reduce the amount of carbon dioxide emitted in the UK. This is vital to achieving the Government’s targets of reducing greenhouse gas emissions by 2050 by at least 80 percent. Organisations that use a certain amount of electricity will be obliged to participate in the scheme and monitor their emissions. They will have to buy allowances from the Government for each tonne of CO₂ they emit creating a significant incentive for organisations to reduce their emissions and in turn saving money by not wasting energy.

How are businesses tackling these issues?

The best organisations confront the reality of the situation they see in front of them, adapt quickly and constantly look to refine and improve their recipe. They are always looking at ways to improve, satisfy their customers and become more efficient. They realise they have to do more, better with less. Many IT departments in large organisations, such as Local Authority Education Bradford, are already realising this ongoing reality and are looking to technology to assist them.

Education Bradford wanted to ensure its teachers and IT technicians were not distracted by unimportant yet urgent tasks such as SIMS SQL upgrades, security patch deployments and device management all of which can be very time consuming. The LA thought it best to employ SERCO a business services company based in North Hampshire, which holds a 10 year contract with Bradford Metropolitan Council to manage and operate the local education authority.

The LA needed SERCO to completely manage and maintain over 800 devices in 180 schools. SERCO in turn realised that it would need a device management technology to help it provide efficient services and save time by automating mundane and repetitive tasks. By implementing CentraStage, a technology which provides remote device management, the LA/SERCO created an overall efficiency gain of 20 percent by offering schools the ability to turn off PCs and optimise power settings, giving Education Bradford the potential to reduce its carbon emissions by up to 223 tonnes for the first year in line with the requirements of the CRC Energy Efficiency Scheme.

The LA has been using CentraStage for over 12 months and has calculated the annual cost savings to be over £55,000 per annum. It is now able to offer new services to schools without having to take on additional staff and has calculated that over 2,500 hours of school ICT ‘downtime’ has been avoided along with support call times reduced by 4.5 minutes on average, allowing staff to use their time more effectively and focus on teaching instead of monitoring and managing school technology.

What needs to change?

One of the main areas for business has to be getting better value for money from IT. For years the IT industry has been dominated by large organisations, with well known and trusted brand names, selling expensive kit and licenses to business customers that do not need them. Only now are organisations beginning to realise the amount of money that has been wasted over the years on idle equipment and unused licenses. Customers have of course realised this and with capital budgets being cut or frozen they are now looking at ‘pay as you go/grow’ services and solutions. IT service providers need to change their culture and realise that customers are no longer interested in being sold IT software and hardware but need an On Demand service backed by a good service level agreement (SLA).

This demand is fuelling the growth of Software as a Service (SaaS) and allows end users to save money by only paying for services as and when they use them. The channel needs to be responsive to this and understand that their old ways of providing bespoke and unique services for each individual need of a customer is not sustainable and profitable in the long term. They need to offer excellent, on demand repeatable and scalable services backed by a strong SLA as CIOs are being far more scrupulous about the services and results they get for their money.

Prepared for change

The IT channel must be prepared for this change in customer demands by being more versatile. Channel partners offering siloed services will struggle to compete as the economic recovery brings aggressive competition. To stand out in this supplier saturated market IT service providers must filter out this noise on behalf of their customers and position themselves as a one stop, on demand shop for end users. The ‘value add’ is crucial in securing longevity as a service provider and it’s important to offer direct support as well as a substantial return on investment to be able to compete with larger organisations.

www.redstor.com

IT certifications promise numerous benefits, from bolstering CVs to assisting in job retention. Although there’s debate over whether vendor-independent or vendor-specific programmes are best, there’s little doubt about the role they have to play in boosting professional standards within the IT sector. Given the pace of change and emergence of new technologies such as cloud computing there is today more than ever a need for IT professionals to be armed with not only the knowledge, but also the skills and expertise needed to drive change and improve efficiencies across the business. As a result, it’s crucial that IT certifications reflect real-world developments in order to prepare professionals for the challenges they will face in the workplace. IT executives that simply take tests after studying a book may have a wealth of knowledge but will find it difficult to achieve any real success in driving forward change at work.

The need for professionalism

The European Commission (EC) recently warned of a potential 350,000-plus shortfall in IT practitioners in the region by 2015 and criticised the UK for failing to adequately promote professionalism in the industry. According to EC principal administrator André Richier, although Europe has approximately four million IT practitioners, 50 percent are not IT degree qualified.

While there’s a case to be had for ensuring IT practitioners have an appropriate education, more important is ensuring IT practitioners in the workplace are continually improving and developing their skills and capabilities – both as technical experts and as project managers.

Developments in technology combined with the economic climate are having a profound impact on the day-to-day lives of IT professionals, forcing them to speak the language of business and ensure IT is closely linked to business objectives. Given such challenges it’s not surprising certification is being seen as more important than ever in the IT world. Organisations can’t afford to take risks with employees that aren’t fully prepared, and who don’t possess a certain sensibility about the business. It’s for this reason alone that MI5 recently announced it was ditching staff lacking the computing skills necessary today.

The importance of standards

There are three main stakeholder groups concerned when it comes to IT certification: employers, individual IT professionals, and vendors. Bearing this in mind, what is the ultimate goal of standards-based certification? For businesses, standardised certification ensures that individuals meet the hiring criteria they require. Beyond possessing a standard base of knowledge proven by passing an exam, hiring managers are increasingly showing preference for talent whose actual skills and experience match globally accepted standards. For the individual, certification is about acquiring the skills necessary to be an attractive employee and prove it. For vendors, certification is about ensuring that their solution can be easily implemented and used by organisations to bring maximum benefit.

Standards for certification need to be set not just by one technology vendor but also by the organisations that use technology to meet their business and infrastructure goals as well as independent third parties. Why? As business operations become more geographically dispersed, organisations across the world are faced with numerous IT challenges as they evolve to remain competitive, particularly in coming out of the current economic downturn. These pressures are, in turn, placed on IT professionals, forcing them to evolve their skills in order to remain competitive in the job market.

This is why standards for certification are so important. Certifications (and hence the training) need to be relevant not just for the technology vendor but most importantly to the organisations that are hiring and the IT professionals themselves. The skills and experience IT professionals gain throughout their careers should be transferable across organisations and not just limited to one particular technology, product or skill set.

In addition, one of the things we have learnt through interactions with our members is that, although technical skills are important, simply studying a book of technical specifications is not enough in the modern world. IT professionals must not only be able to show their ‘book smarts,’ but they also need to show that they have practical experience implementing those smarts ‘on the street’. Incidentally, this is also why a vendor-neutral approach to certification is important; organisations and individuals need objectivity and a wider world view to effectively deliver a service to their stakeholders.

IT street smarts trump book smarts

It’s crucial that IT certification programmes focus on demonstrating competence in actual engagements. Simply taking tests after studying a book does not fully prepare executives for the business challenges they’re expected to address through IT. In addition to real world experience, enterprise architects and IT specialists, for example, will of course have mastered skills specific to their disciplines. However, to be successful they also need to master skills borrowed from ‘other’ disciplines, and they need skills that allow them to work productively in a particular employer and client context. These so-called soft skills, including communication, listening, leadership and teamwork, cannot be learned in a book nor measured in an exam.

The three most relevant disciplines with which enterprise architects and IT specialists share skills are project and programme management, business strategy and consulting. These skills are important when you consider the pace of change within the business world and the need for IT investments to meet specific business goals.

After all, without these additional skills, technical knowhow alone will not unlock the full potential of an organisation’s IT infrastructure. To draw an analogy, knowing how to build a bike (technical skills) does not mean that you can ride it, or indeed know if it is a cross-country bike or a road racer (business skills).

Certification and the cloud

If we look at the nascent cloud category, this exemplifies many of the points made above. It is important that organisations hire IT professionals with the necessary qualifications and skills if businesses are to reap the cost saving and efficiency benefits cloud adoption promises. The big challenge with cloud right now, of course, is that the industry is still in the early stages of developing standards that address the technical as well as the business requirements for being successful in this environment.

CIOs want to understand what the move to cloud computing could mean to them and what it’s going to do for them. Business leaders want to understand the business benefits and key organisational requirements for getting started. Enterprise architects need to have the technical know-how to make cloud computing a reality.

However, these drivers cannot exist in isolation of each other. This means collaborating across the entire ecosystem and applying training street-smarts to ensure that cloud solutions are fit for purpose and that the IT professionals that have been trained in a manner that will allow them to deliver results. This is all the more important when you consider that what constitutes a cloud service is up for debate; it could be infrastructure or software as a service, or it could be point-of-service with advertising, or be extra processing power or secure environments for scaling up or testing.

As enterprise cloud adoption matures, the standards and best practices being charted right now by industry consortia and working groups such as The Open Group and British Computer Society will be central to the effectiveness of cloud-focused certification programmes.

Towards a more professional approach to IT

Certification can play a key role in improving the professionalism of the IT industry; but to have any real impact there must be standards that are relevant and useful to all the key stakeholders: IT professional, employers and technology vendors. What’s more, if certification programmes are to have any real role in advancing professionalism within the IT industry, they must show that IT professionals have real-life experience.

Developments in technology such as cloud computing are forcing IT departments to speak the language of business and align their activities with an organisation’s key objectives. Those that don’t have the necessary skills and experience will struggle to keep up and risk undermining professionalism of the industry. At a time when IT has such an important role to play in driving efficiency and improving productivity no one can afford to underestimate the value of IT certifications that are based on globally accepted standards.

www.opengroup.org

The IT industry loves its acronyms, why is anyone’s guess – maybe it’s a speed thing, perhaps it’s the whole idea of writing code or overcome language barriers, I’ve even heard “it’s to do with saving bandwidth”, whatever! What I do know is it’s confusing for those on the outside to keep up when the IT crowd are in full flow – a typical discussion would be ‘what’s the difference between SED and FDE and which is better?’ If you found you reworded the question to ‘what is’ then read on – I’m going to give you a sneak peek inside the mind of a geek.

Today, every business utilises technology in some form. However, this miracle of science has a split personality – a silent evil slashing an enterprises’ artery and haemorrhaging sensitive data, while the other is white knight reversing the tide and stemming the flow of bad blood generated with each data breach.

WIIDWID?

So let’s begin with IT security and why it is doing what it’s doing. First is the realisation that it’s not alone in its penchant for acronyms, regulators have affection for them too, resulting in a common ground between the board room and the IT domain with compliance a significant driver to both:

DPA – The Data Protection Act 1998 is a UK Act of Parliament and the main piece of legislation that governs the control and protection of personal data.

PCI DSS – The Payment Card Industry Data Security Standard is a worldwide information security standard created to prevent credit card fraud through increased controls around data and its exposure to compromise.

HIPAA – The Health Insurance Portability and Accountability Act of 1996 is a set of US federal standards that requires healthcare organisations to implement security standards that protect (and keep up to date) patient data and to standardise on electronic data interchange.

SOX – The Sarbanes-Oxley Act of 2002 is a US federal law. The bill was enacted as a reaction to major corporate and accounting scandals. It covers issues such as auditor independence, corporate governance, internal control assessment and enhanced financial disclosure.

WATDIW?

Okay, that’s why, so the natural progression is what are they doing it with?

FIPS 140-2 – a U.S. government computer security standard used to accredit cryptographic modules. It defines four levels of security, simply named “Level 1″ to “Level 4″ however, it does not specify in detail what level of security is required by any particular application so it should not be considered as a guarantee that the product is secure.

Common Criteria – is a framework in which users can specify their security functional and assurance requirements, vendors then implement and/or make claims about the security attributes of their products, and testing laboratories evaluate the products to determine if they actually meet the claims. As with FIPS, just because a product is Common Criteria certified, does not necessarily mean it’s completely secure.

The Cloud – describes a new supplement, consumption and delivery model for IT services over the Internet.

Keylogging – tracking the keys pressed on the keyboard in a covert manner to steal passwords, banking details, etc. Previously a piece of malware, there are now hardware instances – for example a keyboard that looks legitimate so this is a diversifying threat.

DLP – data loss prevention refers to systems that identify, monitor, and protect data in use (eg, endpoint actions), data in motion (eg, network actions), and data at rest (eg, data storage) through deep content inspection, contextual security analysis of transaction and with a centralised management framework.

Encryption – the conversion of data into a form that cannot be easily understood by unauthorised people. Decryption is the process of converting it back to its original form.

FDE – Full Disk Encryption, does what it says on the tin, using disk encryption software to encrypt every bit of data that goes on a disk or disk volume (excepting the Master Boot Record, which most FDE solutions leave unencrypted)

SED – a Self Encrypting Drive is a hard drive based on the Trusted Computing Group’s specifications, it can lock-down data automatically in less than a second and can be immediately and completely erased in milliseconds. SEDs are easily deployed and managed cost effectively and are interoperable across PC platform types. It is an emerging technology so watch this space to see if it delivers.

BitLocker Drive Encryption – a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft’s Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It’s designed to protect data by providing encryption for entire volumes.

U3 enabled – U3 Smart Drives are regular USB flash drives with a twist. Programs can be installed on them that launch independently of the machine it’s inserted into and the data from those programs travels on the device – leaving nothing behind. While beneficial in the fight against data leakage, it has a malicious persona – for example, if it’s preloaded with malware and plugged into a logged on PC it could inject a virus into the system that is untraceable.

Black List – a list or register of items, for whatever reason, that are being denied a particular privilege, service, mobility, access or recognition.

White List – similar to a black list but instead of denying, you stipulate which are accepted so it’s easier to build up from a security perspective than eliminating backwards.

SAM Database – the Security Accounts Manager database, used by Windows (and possibly other OSs), manages user accounts. It’s implemented as a registry file that is locked for exclusive use while the OS is running. If its contents were discovered by subterfuge, the keys are encrypted with a one-way hash, making it difficult to break. Some versions have a secondary key, locking the encryption to that copy of the OS.

TPM – Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It includes capabilities such as remote attestation and sealed storage.

An industry ideosyncrasy

Acronyms may be confusing but are not designed to make the user sound superior, they’re just an industry idiosyncrasy, we all have them. However, the threat against data is serious and we mustn’t let language cause a misunderstanding that thwarts our efforts – after all, it’s not a necessity it’s a requirement.

Whatever the service currently being delivered, the provision of a helpdesk/support desk is now an established and crucial element of any organisation’s day-to-day operational management, be it internally and/or externally focused. Customers can be served more proactively and employees can be more productive, if the quality of support they receive is faster and more effective. It is also a huge influencer on the user community’s perception of the IT services delivered within an organisation.

Gartner surveys have shown that 50 percent of an end user’s perception of the IT services they receive is directly influenced by the quality of the support they experience. Therefore, provision of a quality service desk operation is no longer an option, it is essential. So defining and delivering the appropriate service offering, selecting and implementing the best software solution is something every organisation needs to get right, especially in today’s financial environment. Which as of today, I believe is leading to many organisations reassessing their current support services and the software tools being used.

Switching to service desk

For those organisations operating a traditional helpdesk, the move to a Service Desk environment can be a daunting transition, as the requirements have become significantly more involved than offering a simple ticketing/call logging service. Alternatively, there are those early adopters of the ITIL-based service desk and with the introduction of ITIL v3 the requirements for delivering ITIL-based services has changed considerably.

In principle the requirements and issues involved with the deployment of an IT Service Desk are well documented by the ITIL, given that it has been developed over many years to provide best practice guidelines based on the experience of many organisations that have gone before. That old saying of ‘Not reinventing the wheel’, should be the mantra for anyone involved with or considering such a project. However, my experience over the past 18 years clearly shows that the ‘wheel’ is being constantly reinvented for a variety of reasons. Therefore, it is evidently clear that one size does not fit all and the project to deploy or upgrade an organisation’s Service Desk, albeit helped by the ITIL framework, is different for everyone.

Does size matter? Irrespective of the size of an organisation the principles of deploying an IT Service Desk should be basically the same. What is different will be a) the level of sophistication required, b) whether ITIL is a driving force, c) specific business drivers that are deemed important for such a project and finally d) The need to drive financial cost savings.

So, what dictates the sophistication, it is not an organisation’s size. Over the years I have seen many small service desk implementations that have had very intricate and detailed customisation and integration requirements, whilst many larger systems have been quite basic in their solution needs. It just depends on what is important to the operational requirements of an organisation. ITIL is not a focus for everyone, it might be deemed to be too costly and bureaucratic for many companies. However, to have the benefits of best practice should still be very beneficial, so why not take advantage if you can?

Every organisation is different and although there may be similar business drivers within market verticals, the individual needs of any organisation will be different to those of their peers and competitors. Finally, many legacy service desk solutions are very expensive to maintain and manage, whereas new technology will be less expensive, easier to manage and more flexible. So it might not be a case of ‘reinventing the wheel’ per say, more a creative utilisation of the ‘wheel’ based on specific needs.

What is driving the need to change?

When planning a project to implement or upgrade an IT Service Desk, a key criterion is to review and identify the primary business processes that already exist and what new innovation the project could/should deliver. What is driving the need to change, what if any are the constraints and limitations of an existing solution? It is highly possible that any existing solution is based on legacy technology; is limited in its functional capabilities; has little or no capacity for customisation or scalability, all of which severely constrain the ability of the service desk personnel to deliver timely, efficient and effective support services to their organisation.

Having identified the critical business processes that need to be developed and initiated via the Service Desk team, it is then necessary to re-evaluate any incumbent software solution(s) being used as to their suitability for the new requirements. It is no good having scoped and designed the greatest processes in world, if the means by which they are to be delivered is not just capable of delivering the end result, but more importantly adding significant value, the flexibility to meet changing business needs and future scalability.

In either deploying or upgrading a service desk the de facto standard is now for organisations of all size and type to adopt the best practice framework and recommendations offered by ITIL v3. To what extent an organisation is prepared to undertake the considerable investment required to fully adopt ITIL is a commercial decision they need to make for themselves. However, the benefits of the best practice framework cannot be denied but it is not necessarily right for everyone.

Some organisations may want to have the recommended best practice embedded in whatever solution they may purchase but not invest in the professional training and certification. At least this way they are able demonstrate best practice by having the required management processes inherent in the software they use.

But let’s not beat around the bush here, for any organisation to fully invest in ITIL and especially the v3 release, can be a very daunting and costly undertaking for any organisation. Which is why industry experts such as Malcolm Fry, recognise the issues and concerns. Malcolm says “Many organisations will start the ITIL journey but not complete it, while others undertake the journey knowing they won’t ever complete the implementation. Therefore, organisations need to make sure they have the right basics for implementation at the beginning to ensure they maximise ITIL v3 at implementation and that it is fit for purpose.” To this end, levering his experience and many years of practical experience Malcolm has launched a new initiative, he says “ITIL Lite is an approach to implementing key components of ITIL v3 to ensure a sound basis for IT Service Management either as a starting point for full implementation or as a deliverable for those not wishing to fully implement ITILv3.”

Entering a mine field

An obvious crucial consideration has to be the service desk software deployed and its capabilities of helping to deliver ITIL best practices in an efficient, coordinated and effective manner. There are many solutions available with numerous vendors extolling the virtues of the products and their credentials for being ITIL compliant. This is where it can become a mine field, as all service management solutions are far from being equal. Therefore, careful consideration and evaluation is required to determine the type of solution will best suit an organisation.

There are low cost solutions that can provide breadth of ITIL capability but offer little depth of functionality and require bespoke services for future customisation. At the other end of the scale are the ‘enterprise’ solutions which can offer everything an organisation might need but at a cost, both from an initial purchase perspective, ongoing management overheads and specialist development resources. However, recent years have seen the emergence of new players offering new technology that is able to readily deliver ITIL best practice, allied to ‘enterprise’ functionality that is easy to deploy and no longer requires expensive ongoing management overheads.

So it really is a case of ‘caveat emptor’ (buyer beware), as the solution choice you make could severely affect the success or otherwise of a project and once deployed it is almost impossible to reverse that decision and start again. So work hard to get it right first time and remember it is not just about features and functionality, or the initial project cost, the cost to your organisation over a three to five year time frame has to become a prime consideration.

People, processes & technology

So back to the original topic ‘deploying the IT service desk’. Having made a decision about to what extent, if any you are going to adopt ITIL best practice and then selecting the best software solution to meet the requirements of your organisation, the project focus should be around ‘people, processes and technology’. It is not the intention to this article to provide detailed chapter and verse about project management and deployment but here are some tips for consideration.

Project Initiation Document (PID): The Project Initiation Document brings together the key information needed to start the project on a sound basis. It should be conveyed to all stakeholders and agreed and signed off by the business sponsors. In short, this is the, “who, why, what, when and how”, part of the project. It defines all major aspects of a project and forms the basis for its management and the assessment of overall success.

Methodology: For any Service Management project to be successful, the supplier should have a proven track-record of delivering successful projects on-time and to budget. To do this, they should have a clear, documented, methodology encompassing all phases of solution deployment including scoping, installation, customisation, data migration, training (both for administrators and users), provision of documentation, user acceptance testing, project sign-off and go-live support.

Statement of Work (SOW): As with any complex project, effective scoping followed by a detailed Statement of Work is key to ensuring that projects are delivered on-time and to budget. All stakeholders/business sponsors should have visibility of the Statement of Work document before signing it off.

Phase Sign-Off: Each phase of the deployment should be signed-off by both the supplier and the customer representatives (stakeholders and business sponsors) based on the scope of work. Any issues would be escalated to the project manager and addressed before the given phase is signed off.

Risks

Then there are the risks that accompany any project. In many instances, not enough focus is applied to risks that may affect the project. This should be a key consideration when developing the Project Initiation Document. Any potential risks identified will need to be mitigated to ensure that the project can progress smoothly. Risks can fall into a number of categories including:

Project Risks: Estimates that are excessively inaccurate, too aggressive a schedule, poor management, scope creep (poor change management), large projects not staffed appropriately.

Schedule Risks: Project dependencies, parts delays, estimation errors, decision delay, hardware delay.

Resource Risks: Outsourcing delays, lack of funds, attrition of resources, people joining the team late, scarcity of skills.

Failure to identify and mitigate risks is likely to be a major factor in any failures or delays that occur.

Scope creep

Finally, the hidden curse of any well planned project, ‘Scope Creep’. Although a well executed Statement of Work is designed to provide focus on the core deliverables for a project, project managers/project executors must be disciplined enough to refer customer contacts back to the Statement of Work, negotiating project extensions and additional funding, if required.

The ultimate objective of deploying an IT service desk has to be to enhance business value, through the delivery of competitive advantage from improved customer service and/or increased productivity of an organisation’s employees, while reducing overall business costs. Although this might seem a high ideal, it is possible with the right planning and choice of software partner.

www.cherwellsoftware.com

At a recent conference, a senior executive at a Global 500 company was overheard to say: “If only we could pick up all the money we are spilling in negotiation. It’s a huge number, definitely in the tens of millions.” He went on to describe how his company was in the early stages of negotiation development and still lacked a consistent approach. He could not disguise his real concern: “Our failure to develop the skill of our negotiators across the company will not be evident until it is too late.”

Other businesses too have recognised the importance of negotiation in improving bottom line profitability and as a result have put together large-scale training programmes. However, too many still lack a clearly-defined strategy in driving such initiatives.

Today’s best-performing IT companies show that the key to success is both simple and fundamental. In every case, they have transformed negotiation from an individual competency into an organisation-wide capability. So the importance of process is clear, but in implementing such enterprise-wide change, IT companies should not lose sight of the fact that fully-developed behavioural skills remain vital for those members of the sales or business development team on the negotiating front line.

The contrast in performance could hardly be more stark: between 2007 and 2008, the net income of the world’s top 2,000 companies declined by over 30 percent. Over the same period, the top 25 percent of companies adopting a systematic approach to negotiation achieved an average net income increase of nearly 43 per cent. These companies were identified as world-class on the Huthwaite International/IACCM (International Association for Contract and Commercial Management) ‘negotiation maturity’ benchmarking scale.

So how can one explain such a huge variation in bottom line profitability? In the first study of its kind, Huthwaite International and the IACCM interviewed more than 120 major buy- and sell-side practitioners and benchmarked the negotiation maturity of the world’s largest organisations. In particular, it explored how major international companies such as Microsoft, Oracle, HP, Avaya, Invensys and Teradata are trying to improve their corporate negotiating performance. The resulting report – Improving corporate negotiating performance – found one common factor among the most successful of these companies: they have all re-engineered their negotiation capabilities.

Despite this, the survey also found that in too many other companies negotiation performance improvement is being ignored, neglected or ineffectively addressed. For these businesses, negotiation is still seen to be a very personal, ‘soft’ skill.

Such an approach is no longer sustainable. To secure multi-million pound deals in today’s tough commercial arena requires much more than this for, as the survey highlights, companies with no negotiation process suffered an average net income decline of no less than 63 percent between 2007 and 2008.

So what’s the answer? The survey identified ten critical areas which IT companies should address if they are to achieve significant and measurable improvements in negotiation performance. These include standardising and documenting the end-to-end negotiation process, ensuring consistent inter-departmental collaboration and measuring negotiation success.

Though some companies have started on the road to transforming their negotiation practices, few have succeeded in embedding a consistent process across different business divisions or geographic boundaries.

This should come as no surprise, as implementing such in-depth change is not easy. As a sales director of another Global 500 company bluntly put it: “We don’t prescribe how our employees should negotiate – there is no bible for this. We have 45 divisions worldwide and it is impossible to have a standard process.”

Yet the impact of a successful shift is little short of astonishing. One respondent pointed to a saving of $37 million on a single deal following the introduction of a more structured approach to negotiation. And, as another global head of contract management confirmed: “Before the new process was put in place, the average negotiation cycle time on complex projects over $5 million was 12-18 months. Today 75 percent of those deals are done in less than eight weeks.”

In benchmarking the current stage of development of each organisation, researchers adopted a five-phase negotiation maturity model.

At one end of the scale, the weakest companies have no process, are purely reactive and rely totally on individual skills and capabilities. In greatest contrast to this, best practice organisations – identified as ‘world class’ – have a formalised negotiation process which is subject to continuous improvement and incorporated into the broader buying or selling process.

So where do most companies sit? Overall, the survey identified disappointing levels of maturity in global negotiation standards. Fewer than one in five global corporations have any formalised structured planning tools for the negotiation. The end result is badly-prepared negotiators who feel that success will be based solely on individual merit.

In helping businesses improve performance, the research identifies ten critical areas throughout the negotiation process which must be addressed if any transformation initiative is to succeed. Changing the behaviour of an organisation may be difficult, the survey concedes: “However, when companies with no process are demonstrably losing millions of dollars in negotiation, the status quo is not an option,” it believes.

In focusing on process as key to improving the bottom line, the survey recommends, “at the very least, the implementation of strategic cross-organisational negotiation planning from the very start of the sales or acquisition process, in order to have consistently successful outcomes”. Or, put another way, start as you mean to go on.

There is no doubt, of course, that a large number of other factors influence negotiation performance, not least of which is the impact of new web-based technologies and the emergence of professional third party procurement specialists. The directors and senior managers surveyed were in no doubt that the following key performance areas must be addressed in order to ensure the success of any negotiation transformation initiative:

•             Negotiation process;

•             Cross-organisational collaboration;

•             Data collection and analysis;

•             Preparation and planning;

•             Approval and escalation systems;

•             Negotiation training;

•             Measurement of negotiation success;

•             Motivation for negotiation success;

•             Common negotiation standards;

•             Board level support.

Despite the overall emphasis on process in securing a consistent, unified approach to negotiation throughout the organisation, it will not have gone unnoticed in this analysis that skills training for those at the rock face of negotiation – whether buying or selling – remains a central component to broader performance improvement.

Just as the survey found that few global IT or other corporates had any formalised negotiation planning tools, there was a parallel lack of maturity in the area of negotiation training. In particular, just 31 percent of companies questioned have a formalised approach to training, with only five percent reflecting a world class level of maturity.

There is however clear light at the end of this tunnel. Any organisation can easily access cost-effective behavioural skills training solutions which can have a substantial and immediate impact on negotiation performance.

So what separates successful negotiators from their less effective counterparts in securing long-term, mutually profitable partnerships with suppliers or customers? In helping negotiators enhance their ability to achieve win/win outcomes, the best performance improvement programmes have recognised the central importance of behavioural skills, in enabling a creative approach which adds value for both parties.

The following two examples show how this works at the point of negotiation. Counter-intuitively perhaps, skilled negotiators ask twice as many questions as their average peers, in seeking to understand fully the other party’s position, the reasons for this stance and all possible options for reaching a successful agreement.

The best negotiators are similarly twice as likely to test their understanding of what the other party has said, in order to successfully maintain momentum and clarity, and so avoid potential conflict or misunderstanding further into the negotiation.

This highlights a common weakness among lesser negotiators, who tend to see negotiation in terms of straightforward ‘horse-trading’ rather than trying to understand – and so respond to – what is valuable to the person on the other side of the negotiating table.

By contrast, skilled negotiators have a broad behavioural repertoire and the flexibility to adapt their behaviour to suit the situation.

With little cross-organisational planning, today’s negotiators are typically unempowered and so are constantly having to seek approval or authorisation. It is little wonder that, in such circumstances, success depends solely on individual talent.

It may be true that ‘pieces of paper don’t help to generate business’, but as the survey demonstrates, there is no doubt that systems for strategically planning for negotiations are more likely to produce consistently successful outcomes.

Moving to an effective negotiation strategy requires the involvement of suitably-trained staff at all levels and across all departments. Equally, a set of common end-to-end processes and standards should be established, which can be properly documented and measured. This is a world away from a naïve reliance on the mental agility and verbal skills of your best salesman, when complex deals worth many millions of pounds are at stake.

As with any major change process, buy-in at executive level and the negotiation ‘coal face’ is just as vital. In implementing change therefore, start small and grow on the basis of the success stories generated – for mandating a process without adequate explanation of the benefits and potential payoff is doomed to failure.

Each business must therefore be realistic as to the speed and degree of change that can be achieved. They should review their benchmarking data, identify the biggest gaps in current performance and take action on a step-by-step basis.

It may be unrealistic to believe that there will ever be a negotiation director sitting opposite their sales and marketing counterparts at the boardroom table. That said, something of such fundamental importance and required so widely simply cannot be left to chance.

www.huthwaite.co.uk

Most IT managers accept that managing IT is as much about managing people as it is about the technology. Unfortunately, they are often given little opportunity to develop skills for managing and motivating people, other than that learnt through the hard knocks of doing the job, the sink or swim approach to development. Increasingly though, some managers are looking for help in accelerating their management development.

We all have our own perceptual filters through which we see the world. Even as you start to read the following example, you will find it hard not to make assumptions about the characters coloured by your perceptual filters.

Ops manager Bill had a row with his Sys-Admin team leader John. Bill had asked John for a deployment to be done by the end of play today and he refused.

John is always delaying things, it’s not that John is slow and Bill does recognise that sometimes John has some really creative ideas, but when Bill asks him to take action, John always delays. Bill is finding this intolerable and is considering disciplinary action.

Then a friend introduced him to a coach who used a personality profiling tool. The results begin to explain why the conflicts occurred.

Bill‘s profile shows his natural position is to focus on the task and to make it happen now. Making things happen is how he goes about his work, he is an action orientated manager. More than that, his external and internal motivators are also centred on getting the task done. It is therefore not surprising that when others appear to delay action, he gets frustrated. Bill knows he has to sort out today’s critical issue, even if it means having a bigger problem next week, after all, there might not be a next week if we don’t act today.

John’s profile shows his natural position is focused more on the impact of actions on people as well as how the task fits strategically. John is naturally creative and will think through the options before taking action. John knows that the future is just as important as today and will always choose to delay if he believes that his team will have a bigger mess to clear up next week as a result of hasty action today.

These two profiles have considerable creative tension between them and account for much of the ‘do it now’ versus the ‘do it right’ battles. Both views are valid and actually complement each other, but without understanding why and how they can work together, Bill will eventually decide that John is always being difficult and will need John to move on.

In turn, John will see Bill as short-termist and not caring about the impact of his decisions on the team, which is translated to, ‘does not care about his team’. It is the team that always has to sort out the mess of Bill’s thoughtless insistence on immediate action.

With help from the coach, the fires between Bill and John were put out and they learnt to understand and value the differences between them. Bill now uses John’s creativity to get ahead of problems, bringing action forward and changing the order of actions. This reduced the number of times actions became critical. John now knows that sometimes Bill needs action now, but can explain to the team why it’s now and how they can sort the quick fix out later.

It’s perhaps not surprising then that the use of established tools such as personality profiles is beginning to take a foot-hold, as forward-thinking managers realise the benefits of really understanding their team and are provided with strategies for capitalising on the diversity within that team.

While it is true to say that some people remain sceptical and hesitant to engage with what some see as psycho-babble, increasingly managers are looking for anything that will equip them to do their job more easily. Certainly there are many big and small companies that use profiling tools and see them as invaluable.

When personality profiling tools are introduced, people go through a process starting with anxiety about what it will show, through scorn at the questions; astonishment at the results; desire to compare; anxiety that my insecurities might show and finally genuine enthusiasm in the tool.

However, it is not a fire and forget solution, it needs to be carefully introduced and a minimum knowledge base needs to be established with a strong support package to provide value over time and real changes.

Coaching is a series of private conversations, which enables an individual or team to improve their performance faster and further, than an individual or team could achieve on their own. It is a powerful supporting framework that will keep the profile tool alive until a sufficient knowledgebase is established to make it self-sustaining.

There are many aspects to motivation and its influence on behaviour. Pay, promotion, success, self esteem, credibility, our moral framework and even our dreams and desires, all impact on our behaviour. “Tell me how you will measure my performance and I will tell you how I will behave”

Profiling tools are a tangible way of seeing the relationship between internal and external motivators and usual productive behaviour. The external motivators (Birkman calls them ‘Interests’) give a good understanding of the type of things that will energise and motivate us. However, they are secondary to the internal motivators (Birkman calls these ‘Needs’). This is important because if peoples’ internal needs are met over time, they will behave in their usual productive way.

Conversely, if those internal needs are not met over time, then people are likely to exhibit counter-productive stress behaviour and long-term motivators disappear over the horizon. The Birkman Method is the only tool that reveals these motivators and the relationship between them.  

Taking just one aspect as an example, the Birkman profile analyses the way we relate to people in a group. We know statistically that 80 percent of people will be seen by others as usually very sociable, outgoing and friendly. It is part of our nature to treat people in the same way as we see them behave, and so we are generally sociable and friendly back. At the same time, we also know that most people’s internal motivators require them to have time alone with a few close friends and minimal group meetings.

So when a member of the team suddenly withdraws, becomes a bit unfriendly and avoids meetings, they may be simply expressing their internal need for time alone. This insight gives you a practical way of exploring why they are withdrawing and by addressing this you will see them return to their usual productive self. 

The IT industry in general has a reputation for investing in technical training (database administration courses etc), but typically it tends not to invest in the ‘people skills’ needed for managing teams

Managing and motivating teams is incredibly complex. Although we all know some basics that can encourage or deflate a colleague, a personality profile tool, with coaching and support, does give a much clearer understanding.  Data on a whole team gives a real insight in to the team dynamics, the contrasting motivations and behaviours and how to capitalise on them.

www.dennisadams.co.uk

Economic pressure and technology change is resulting in plummeting support prices. But while it may be cheaper, just what is the effect on the overall quality, timeliness and value of support packages? In the current economic climate it is understandable that many organisations, especially in the not-for-profit and government sectors, are putting annual maintenance and support agreements out to tender. And, driven in no small part by an IT industry that has spent the past 12 to 18 months driving support costs down to an unprecedented low, many of these organisations are opting for the lowest priced contract. Few, however, are achieving the best value for money.

Relationships and the support provider’s knowledge of an organisation’s set-up and systems are not always taken into account if a ‘cold’ procurement department is running the process. Nor can the department differentiate between the quality and expertise of support staff, assess the relevance of proactive support strategies or consider the implications of an increasingly complex technology environment.

But if determining best value cannot be based just on price, what are the other measures? How much weight, for example, can an organisation put on the service level agreement (SLA)?

Potentially, the SLA can be meaningless. Response within ‘x’ timeframe, resolution within ‘y’ timeframe – what does that mean? A response could be an automatic email confirming receipt of call; while resolution could be the support organisation providing the client with a possible resolution to a problem (which may or may not resolve the problem satisfactorily).

Taking into account the many different operating systems in use, database versions, server configurations, hosted locations, VPNs, Internet connections, telecoms plus the myriad of combinations of release numbers/patch-sets/updates across all of these, it is becoming increasingly difficult for any organisation to guarantee timeframes to problem resolution.

Furthermore, without access to the software source code, it is impossible for a VAR type support provider to guarantee any resolution times if there is a program bug – although most are very good at coming up with workarounds.

At the same time, the support requirements of companies have changed in recent years. With a growing acceptance of remote technology in most organisations – with the exception of financial institutions – support providers can typically resolve a greater number of problems remotely.

Combined with an increasing familiarity with technology/computer systems in general, this has resulted in a drop in support call volumes. However, due to the technology complexities, the calls that are received often take much longer to resolve. Fewer calls does not mean fewer staff – it means same number of staff with a higher skill set.

And this is a key issue in attaining value: organisations need to assess both the skills and incentives of support staff. In many companies, support is viewed as a great training ground for consultants. This means that an organisation’s business-critical support is actually delivered by people who are neither experts in the product or technology nor focused on support as a career. Support is viewed simply as a tedious apprenticeship to be served before attaining a real job as a consultant.

But providing support and consulting advice are two very different skill sets. An individual may be an excellent application/technical/business consultant but a very poor support consultant. The support role is a specialist role – and needs a very particular type of personality to do it well. Therefore, providers that recognise the value of excellent customer support have dedicated staff with a clear support-based career plan.

The combination of industry accreditations with a depth of product expertise enables the delivery of consistent levels of support, even when staff are on holiday. A committed, consistent team of people trained to troubleshoot support calls, increases the productivity and resolution of support queries, enabling the software supplier to pledge high levels of support commitment.

Indeed, when it comes to attaining value for money, organisations need to look beyond the SLA towards the attitude of the support provider. And this includes a commitment to delivering proactive support and advice – and not just during the initial sales consultation period.

Despite the availability of remote monitoring solutions, how many support providers include or even consider providing preventative maintenance or proactive support as part of the service offering? After successful completion of a new implementation, the proactive contact from the sales person/account manager diminishes and takes the form of a re-active role. By taking a look at the commission/incentive schemes in place in many reseller organisations the reasons for this change becomes very clear – the primary focus is to sell software – there is no focus on client retention or satisfaction.

As a result, good support is provided at best during the initial software implementation period – but once that is complete and there are no ‘software’ sales left, the service focus is diverted to the next big product implementation.

Yet by seeking out the right attitude to proactive support, organisations attain a partner that is focused on helping the business to get value for money from existing solutions and infrastructure without having to buy more software or spend more money. An attitude that clearly delivers greater value in the long term.

Furthermore, by adjusting commission and incentive structures away from sales-led to client service/consulting staff, a support provider can truly demonstrate its commitment to long term business and customer satisfaction.

Indeed, this ‘customer first’ strategy is proven to boost support provider revenues while also delivering clear customer value. And, in this market, provider stability should be a major concern for any business.

Indeed, as the economic reality begins to bite, support organisations are increasingly recognising that taking a revenue first approach is no guarantee of business success. A number of organisations are now reviewing the costs to support each client and assessing which are profitable.

Any support organisation undertaking a thorough review of calls resolved/time spent/margin earned will often have to face some difficult truths: in this market, it is not sustainable to continue unprofitable support and maintenance contracts, however large. And while it is a tough decision to walk away from any business, providers with a long term commitment are indeed following this strategy, creating ever greater risks for those organisations focused exclusively on cost.

It may be tempting but cost cannot be the prime determinant of a support provider if a business wants to minimise risk and maximise IT value. This is a key relationship – not a simple sales transaction based on support call numbers. If organisations are to get the very best levels of support there must be a willingness to engage with a provider at all levels to develop closer working relationships on a peer to peer basis. And the development of these relationships will definitely result in better support, greater value for money and ultimately tangible benefit to both the organisation and the support provider.

www.eclgrp.com

The effective management of private, personal and confidential information is an ever increasing concern for international organisations large and small, as factors such as remote working, global travel, public wifi availability and the explosion in laptop sales combine to put their employees under imminent threat from data exposure. While on the one hand this threat stems from the indifference of many employees to the security risks posed by use of company laptops in public places, on the other hand many organisations are failing to educate their workforce on best practice for maintaining and improving data protection compliance.

According to a British Standards Institution (BSI) 2009 survey, of over 500 small- and medium-sized businesses, almost one in five has unwittingly breached the Data Protection Act (DPA) at least once. 65 percent provide no data protection training for their staff and nearly half admit that there is no one in their business with specific responsibility for data protection. Fifteen percent are not confident that their data sharing practices conform to the DPA and worryingly, almost five percent frequently share data regardless. Furthermore, 18 percent said that data protection is less of a priority in the current economic climate.

On the contrary, data protection has never been so important and organisations should not let down their guard. Loss of data – whether it is sales and marketing plans, legal cases, customer names, purchasing details, human resource information, salary scales or proposed redundancies – can have potentially damaging consequences to competitive edge and credibility leading to serious financial consequences, loss of customers and reputation.

The number of data breaches and the costs involved for UK organisations is rising at a staggering rate. This trend is reflected in a Ponemon Institute study released in February 2009 (2008 Annual Study: Cost of a Data Breach), which examines the costs incurred by 30 UK organisations from ten different industry sectors after incurring a data breach. The study found that the total average costs of a data breach grew to £60 per record compromised – an increase of 28 percent since 2007 (£47 per record). The average total cost per reporting company was more than £1.73 million per breach (up from £1.42 million in 2007) and ranged from £160,000 to over £4.8 million.

The Information Commissioner’s Office (ICO) has called the amount of data being stolen, lost in transit or mislaid by staff “unacceptable”. Around 33 European countries have passed some form of privacy and data protection legislation, and many of these have a requirement for notification to either the regulatory authorities or those affected by the breach. In the UK, under current legislation, the individual inside an organisation charged with implementing the DPA is responsible for notifying the ICO of any significant breach and deciding together whether there is a need to notify any potential victims. From 2010, companies that recklessly or deliberately break the data protection rules will face fines of up to half a million pounds.

So what measures can be implemented by organisations to defend against losses that can never be quantified? As a first line of defence for employees using company laptops while travelling or in public places security filters that help guard the laptop screen are a simple and cost-effective privacy tool. Such screen filters are ideal for shoulder surfing prevention and help improve data protection compliance. They are easily fixed to laptops, can be removed or replaced instantly and laptops can be closed with the filters in position. They work by restricting the viewing angle of laptop displays so that only users positioned directly in front are able to see the data.

When working on laptops in public places, users are generally unaware of the activity going on in their surroundings, making them vulnerable to curious bystanders, opportunistic criminals or even practiced experts peering over their shoulder to read or record on-screen information. Being the victim of shoulder surfing can make laptop users feel uncomfortable and can impede work productivity if it means shutting down and closing the laptop as a result of being observed. According to research commissioned by 3M United Kingdom plc in 2007, there is an 80 percent chance that laptop users have already been a victim. Almost a quarter of UK computer snoopers do it for the opportunity to read people’s business emails and 16 percent are trying to get a glimpse of someone’s company documents.

The shoulder surfing threat does not only lie in wait outside the office, there is an internal threat in open plan offices as well. By specifying these simple on-screen privacy tools in their security policies, backed up by clearly defined defence strategies, organisations can tighten up on data privacy and ensure effective, practical implementation throughout their mobile and office-based workforce.

www.solutions.3m.co.uk

The financial crisis in the public sector has highlighted how best practice and innovative use of ITSM tools are helping managers to find creative ways to reduce cost. Patrick Bolger, chief marketing officer at Hornbill Systems explains how Government policy is driving investment in technology.

In the last decade, strategic initiatives like e-Government set a progressive agenda for technology in Government, with the mission, as described by Tony Blair, of “ensuring that IT supports the business transformation of government itself so that we can provide better, more efficient, public services.”

Although several eGovernment programmes have received criticism for slow and patchy progress, there can be no doubt that in many ways, technology has made interaction with government a less torturous task. Renewing car tax online is now relatively painless, compared with digging out paperwork and making the trip to the local Post Office to fill out forms and pay by cheque.

One of the six principles of eGovernment was a commitment to “promote global best practice”, which fuelled the adoption of frameworks such as ITIL and the ISO/IEC 20000 standard. While central Government was relatively well versed in ITSM frameworks, it took a little longer for other areas of the public sector to embrace best practice. Today, an ever-increasing number of services are being made available online and with IT being placed directly in the public view, ITIL is now widely adopted by all areas of the public sector to manage service delivery and improvement.

Following Alistair Darling’s Pre-Budget Report in Dec 2009, economists stated that “Whitehall departments’ budgets will be reduced by almost a fifth after the next election – a reduction of almost £36 billion over three years.” The current Public Sector budget deficit of £16.2bn and a net debt figure equivalent to 60 percent of gross domestic product (GDP) are stark figures that require drastic action by whichever political party holds the reins after this year’s general election.

Although the Government does not produce regular figures for its total IT spending, analysts at Cable estimated the figure at around £17 billion for 2007/08. In its study “Operational Efficiency Program,” HM Treasury said “Back-office operations and IT, led by Martin Read, recommends better management information, benchmarking and review of costs, and better governance of IT-enabled change programmes to achieve £4 billion of savings a year on back office operations, and £3.2 billion of savings a year on IT spending.”

It will no doubt be challenging to find such huge savings, particularly when the demand for services in the public sector is increasing and service levels are expected to be maintained and improved. Against a backdrop of anticipated budget cuts and headcount freeze, organisations are looking at innovative ways to maintain service levels and IT service management tools have a critical role to play in delivering efficiencies.

Annual surveys by the Society of Information Technology Management (socitm) show that since 2005, Hornbill has consistently been the fastest growing IT service management software vendor to local authorities, with more than twice as many customers acquired in the sector than our closest competitors. In compiling this article I sought feedback from our customers in separate areas of the public sector and asked whether their investment in ITSM would enable them to cope with reduced budgets.

Central and local Government anticipate a fairly significant reduction in IT spending, but many believe that they will not feel the impact during 2010, as budgets have already been agreed. These organisations believe that continued investment in best practice this year will enable them to cope with the inevitable reality of having to achieve more with less during the next four to five years.

Plymouth City Council has gone live with seven ITIL disciplines and is introducing improvements to existing and new processes using elements of both ITIL v2 and v3 with Hornbill’s Supportworks ITSM. Disciplines already deployed include Incident, Change, Configuration, Problem, Request Fulfilment, Access Management and Service Level Management. The ICT Service Delivery Team is currently working on Release, Event and Knowledge Management.

“Plymouth City Council is committed to using the ITIL framework. It helps us improve service efficiency, improve system availability, allow prioritisation of services, and ensure better quality assurance,” explains Mel Gwynn, operational service delivery manager at Plymouth City Council. “This enables the Council to save money while better serving citizens. Supportworks ITSM has enabled us to implement ITIL in a phased manner. We have now largely completed implementing many of our processes and are looking at where we can adopt elements of ITIL v3 to provide further improvements. This approach allows us to mature our existing ITIL v2 processes and adopt new ITIL v3 processes at our own pace.”

The ICT Team has also implemented the Supportworks Customer SelfService portal where the most frequent service requests are standardised. Callers to the Service Desk are encouraged to use the SelfService facility wherever possible, which reduces the load on the Service Desk and eliminates time wasted requesting further information. “Service delivery performance has definitely improved when compared to our old way of working,” says Gwynn. “This is down to the combination of Supportworks ITSM and the fact that we have revisited our processes, streamlined and automated them using the ITIL framework.”

Customer Service Direct (CSD) is a public-private partnership between BT, Suffolk County Council and Mid Suffolk District Council. The organisation is a joint venture formed to provide a collaborative infrastructure that can support the councils and the services that they provide to the public. CSD has pioneered such a new working partnership to create a shared services model; an approach that has been promoted within several Government reports, to drive efficiencies by uniting resources and expertise.

The organisation provides central HR and ICT support functions based on ITIL best practice to the members of the partnership, in a more cost efficient way. At the heart of the support services is a centralised IT and HR support desk that uses Hornbill’s Supportworks ESP (Enterprise Support Platform). Implementing Supportworks as a central system enables the partners to deliver service at a consistently high performance, while also managing costs.

Initially proven with use by the centralised ICT team to support council employees, Supportworks has also been rolled out for use by the HR team and is now accessible to 500 staff. Using Supportworks as a consolidated service platform enables staff to support over 6,000 PCs used by employees throughout the partner organisations, as well as HR support to over 30,000 local authority staff and a further 40,000 ex-council staff. The system is able to identify different types of customer, so that each receives the appropriate support level.

NHS Connecting for Health (CfH) came into operation in April 2005 with a primary role of delivering the National Programme for IT (NPfIT). NPfIT commits the NHS to lifelong electronic health records for patients, round the clock, with online access to patient records for clinicians and information about best clinical practice. Although there has been some controversy regarding the delay in introducing some of the services, many services have been successfully deployed.

NHS Trusts can choose to support these new services and systems using their own resources, or by contracting with their Local Service Provider (LSP). Although Trusts can reduce costs by providing the service themselves, they must be accredited by CfH to ensure that they are supporting those services and communicating with other service providers using a common language and in a consistent manner. This has driven adoption of the ITIL framework and in financial terms, the NHS would benefit greatly if every trust were to become accredited.

There is no doubt that the National Programme for IT will bring huge benefits to patients through increasing the efficiency and effectiveness of staff and clinicians. However, it brings with it challenges for the IT department, as they are faced with integrating new systems and supporting increasing numbers of users through their organisation. Investment in IT service management technology enables IT teams to provide a more responsive and efficient service to large numbers of end users, without increasing headcount.

Hornbill has gained significant traction within the healthcare sector by providing an ITIL-compatible solution that can be deployed in just days with full support for the CfH minimum data set. This enables NHS and Primary Care Trusts to seamlessly integrate with the LSP and automates reporting of contractual service level agreements (SLAs). NHS Trusts that have already been accredited by CfH using Supportworks CfH solution includes; Buckinghamshire Hospitals, Chelsea & Westminster, and Wirral Health Informatics.

Anglia Support Partnership has adopted a shared services approach, providing IT services to five NHS organisations in the East of England and is using Supportworks ITSM to manage and improve service delivery to over 10,000 employees at 200 locations. The Partnership provides IT support services to staff in its seven partner organisations – NHS Cambridgeshire, Cambridgeshire Community Services, NHS Norfolk, Norfolk Community Health & Care, Cambridgeshire and Peterborough NHS Foundation Trust, NHS Peterborough, Peterborough Community Services, as well as the Strategic Health Authority – NHS East of England.

University Hospital of South Manchester NHS Foundation Trust, a major acute teaching hospital, has successfully utilised Supportworks ITSM to manage the new Registration Authority Smart Card system, part of the National Programme for IT (NPfIT). The trust has over 4,000 security verified users that will be registered with the Authority. The IT team is now using Supportworks ITSM to record the details of every NHS CRS Smart Card issued, including user identifier, access rights and a history of any changes and the expiry date.

“Under NPfIT we are increasingly bringing in new systems to support both administration and specialist departments and our users need support,” says Mark Wright, head of service management at the Trust. “We now have the framework to provide a managed service to end users, as well as the ability to adopt ITIL best practice, a key part of our IT strategy. We can now provide the evidence necessary to become a Connecting for Health Accredited Service Desk. This enables us to provide a seamless service, linking up to our Local Service Provider to streamline support resolution.”

Historically ITIL has had less traction in the education sector, with many institutions believing that the framework was complex and expensive to adopt. However, much has changed in the last few years. Education now faces many of the same challenges as other areas of the public sector; increased investment in technology, coupled with heavier dependency on IT for learning, teaching and administration has driven the need to transform service support from fire-fighting to proactive IT service management.

The Universities and Colleges Information Systems Association (UCISA) is a powerful lobbying voice that represents the whole of higher education, and increasingly further education, in the provision and development of academic, management and administrative information systems. UCISA has published resources and is producing case studies and materials in bite-sized chunks that are easier to digest. The work is intended to assist both institutions new to ITIL and those that have already embarked upon ITIL implementations, helping institutions to look at the ITIL framework to review and improve their service management processes.

IT staff within universities face common challenges from the sheer size of the user populations they support. IT is stretched to deliver service to thousands of academic and administrative staff and students numbering in the tens of thousands. The budget cuts announced by Lord Mandelson in Dec 2009 further increases the pressure on IT to deliver even greater levels of operational efficiency. Hornbill has a significant presence in the education sector and many of our customers are finding innovative ways of getting the most from their investment in service management technology, by extending its use to other departments and faculties.

At the University of Northumbria the reliance on IT has grown exponentially over the last ten years, and increasingly IT systems provide a backbone to the University’s daily business. The 130-strong IT Services department uses Supportworks service desk software to underpin and strengthen the provision of service to staff and students. Originally used for IT service management, Supportworks has now been extended to other areas; Estates Management, Security, Finance, Library & Learning Services and the Academic School Administration offices use the tool to manage and automate an array of different service requests.

By offering a number of interactive services Northumbria has encouraged use of the Customer SelfService portal across the institution. Users can request new passwords by text, with responses sent directly to a mobile phone. Text messages can be sent to advise that day’s menu in the restaurants, or even the availability of computers in the open access areas for students.

Northumbria IT Services operates an out-of-hours service on behalf of NorMAN (North Eastern Metropolitan Area Network), providing first line support to other universities. This service is not viable for individual institutions, given the relatively small number of students requiring help outside core business hours and at weekends. The Out of Hours Helpline now covers 17 universities located in Scotland, Yorkshire, the Midlands, London, the South Coast and South West.

This innovative use of Supportworks has enhanced IT Services’ ability to provide an improved service to increasing numbers of users, without needing to hire additional staff, while income from subscribers to the out of hours service is generating revenue that helps to cover overheads. According to Debbie Figgis, IT customer services manager at Northumbria University; “There is no doubt that we can now provide a better service to our customers, while retaining the same level of IT resource. It has made us more efficient as a team, with reduced duplication of logging and tracking calls. The SelfService option has made our service more transparent, which has also improved our customer service.”

The Gershon Efficiency Review, commissioned in 2003 by central government assessed how the public sector could exploit opportunities for efficiency savings, so that resources could be released for front-line public service delivery. The programme aims to raise productivity, enhance value for money and deliver efficiency gains through reforms that involved ‘Doing the same for less, or more for the same’.

Despite the bleak projections for IT spending, Hornbill anticipates continued demand for technology that enables public sector organisations to operate more efficiently. Against a backdrop of headcount and budget cuts it will be almost impossible for the public sector to sustain momentum without technology that enables these organisations to cope with demand and maintain service levels. The examples above demonstrate that innovative use of service management tools creates efficiencies that enable budget stricken service departments to manage through an economic downturn.

More examples of Hornbill customers in the public sector can be found at: www.hornbill.com/company/success