ISF’s Threat Horizon 2012 report highlighted infrastructure failure as one of its top 10 threat scenarios. The report highlights how companies have come to rely on Internet only sales channels and mechanisms, to the extent that most people only have one way to perform their day-to-day transactions. Poor Internet resilience, especially at pinch points in the network, results in frequent and sustained regional Internet outages and prolonged loss of service. The threats to business come from loss or damage to communications links or services – often as a result of under-investment in infrastructure – and from malfunctioning equipment, associated with a lack of resilience.

The impact of such outages is a direct loss of business, and increased costs to provide ‘work arounds’, potentially leading to reduced transaction integrity and associated fraud. In addition, there may be a loss of trust in the Internet, and customers moving to competitors able to offer an easy alternative. While the threat of infrastructure failure is a future scenario, there are very real issues confronting organisations that want to move to cloud and Internet-based sales channels today.

Organisations that increasingly rely on the Internet to conduct business, or serve the public, will require some kind of quality of service (QoS) guarantees – which will add cost, as well as run into issues over net neutrality. Also, who is going to fund the necessary investment in Internet infrastructure to deliver the capacity and intelligence it needs, and what is the payback for anyone who does?

Another issue for Internet-based critical communications and online transactions is that networks are always susceptible to physical damage. Internet channels are only as resilient as their weakest link. Wireless Internet access has got people used to the idea of ‘always on’ connectivity. While this helps staff work more efficiently off-site, few consider how secure these connections are, so organisations need to ensure security is made easy for staff.

Finally, a vital element in the successful deployment of cloud computing and Internet based services is supplier trust. Buying cloud computing is just like buying any other service, and organisations must ensure they research and question potential suppliers thoroughly.

What can companies do?

Having established where the critical parts of IT infrastructure lie, and the risks associated with their loss or degradation, organisations should put in place a framework of controls for securing it, recognised at a senior level and based on the participation of critical infrastructure stakeholders – including information security practitioners. Organisations should give special attention to the selection and application of a balanced set of controls to protect systems that support critical infrastructure.  Where it is not possible to apply a balanced set of controls, alternative measures should be used.

In selecting controls, organisations should adopt security architecture principles, such as: defence in depth; least privilege (granting minimum possible privileges to users);  and default deny (denying access to information systems by default to prevent unauthorised access).

Another important element for ensuring the resilience of critical infrastructure is to reduce single points of failure. To ensure that critical infrastructure is available when required, supporting information systems should run on robust, reliable hardware and software, and be supported by alternative or duplicate facilities.

When it comes to outsourced cloud computing services, it is crucial that third parties are well managed. Measures that help reduce the information risks associated with using third parties include reviewing and, where necessary, updating contracts and agreements to include statements regarding security requirements, roles and responsibilities, the right to audit and incident reporting.

Organisations should consider the use of an internationally recognised information security standard, such as ISF’s Standard of Good Practice for Information Security.

While the Internet does have a high degree of resilience, experience shows that we cannot expect 100% uptime. Overall, the Internet is only as good as its weakest link, and preparing contingency plans to operate businesses in the event of failed or reduced Internet service should be a priority.

In 2011 enterprise mobility is truly taking off. Powerful smart phones are becoming the norm, while more powerful tablet PC’s such as the Apple iPad, Android-based Samsung Galaxy Tab and the Research In Motion (RIM) PlayBook are set to make major inroads into the corporate market over the next 12 months. Better, more powerful devices that allow mobility, plus increased bandwidth, have created a platform for mobile business applications.

The companies that will succeed in tomorrow’s economy will be the ones who embrace mobility. Organisational leaders will be able to provide their employees with the resources to work at any time, from any location and from any device.  Enterprise mobility gives employees flexibility, which makes for a happier, more productive staff. However, devices such as smart phones, laptop’s and tablet PC’s only allow mobility. Effectively utilising this mobile capability relies upon there being a platform that allows employees to make the most of the virtual environment.

An Opportunity for Organisational Transformation

After more than two-years of organisational cost cutting there is a growing feeling that spend on IT is beginning to increase. As budgets return, CIOs are looking at existing resources and no longer wish to use the majority of IT resources just to manage and maintain a company’s infrastructure (business as usual). Instead, corporate CIO’s are increasingly looking to free up IT resources and refocus their efforts from maintenance and management to strategy and planning in order to use IT to create a competitive business advantage.

Enterprise mobility is at the forefront of many CIO’s minds for several reasons, such as productivity and pressure from senior executives and mobile workers to adopt new devices. A recent study by analyst house IDG showed that 65 per cent of employees, who use personal mobile devices for business, report greater productivity. Employee collaboration is also a key driver of enterprise mobility due to the increasing internationalisation of the corporate workforce and the need for business travel and communication outside of UK office hours.

Device & Application Development

Enterprise mobility and the growth of new devices go hand in hand. The only constant within the device market is change as new product development continues among the major manufacturers.

Device trends continue to have a real effect on corporate IT due to the ‘consumerisation of IT’, the process of using consumer devices within the corporate market. This pattern continues to grow and as a result, affects enterprise IT business processes. Add to this the rise of new operating systems and the increase in new technologies such as tablet PC’s and it is clear that mobility is here. The challenge is to provide a platform able to utilise this capability.

Whilst in previous years the choice of end user computing devices would have been restricted by the requirement to support the Windows operating systems, we have now had nearly a decade of application development targeting the browser rather than thick clients (full featured computers connected to a network). As such adopting a non-Windows device is no longer the barrier it once was to enterprise application deployments. Indeed many industry professionals are now predicting the end of the traditional 3 year desktop refresh cycle as the focus shifts to simpler, cheaper and lower maintenance browser capable devices.

Mobilising the Enterprise with Google Apps for Business

Google Apps for Business increases corporate mobility through powerful communication and collaboration tools for businesses. The service allows employees to work together in real time on shared documents and sites regardless of location or device through Gmail, Google Calendar and Google Sites.

The service is Cloud based and managed by Google, and it allows employees to access content anywhere, anytime, through cloud based communication and collaboration. According to Forrester Research, Google Apps costs less than one third of competing solutions and significant adoption is being seen to replace traditional corporate messaging platforms and document management applications such as MS Exchange, Sharepoint and Lotus Domino with a platform which is both device agnostic and also supports real time collaboration.

Enterprise Mobility & Security

Ask any company CIO about their concerns regarding enterprise mobility and the single word most will utter is: security.  Mobile security fears plague CIOs. A 2010 study by analyst firm Ovum found that eight out of 10 CIO’s report that data breaches are their top security concern and say smart phones increase their organisational vulnerability.

Recent high profile incidents of international data loss have done little for the reputation of IT security. However, the mismanagement of company data by some organisations should not deter others from mobilising their own workforce.

Google Apps for Business offers world class security and reliability and is designed around industry best practice concerning data centre management, network application security and data integrity. Data storage and management facilities have a dedicated security operations team who focus specifically on maintaining the security of the environment. The platform supports enterprise security features such as two factor authentication, integration with single sign-on solutions, device management and remote wipe. As the service is browser based with data held in the cloud rather than on the device itself there is a significant reduction in the potential for data loss if the end user devices themselves are lost or stolen.

Reliability is another key issue and Google Apps comes with a 99.9% guaranteed uptime service level agreement that includes no planned downtime, so employees are more productive and there are no concerns regarding system downtime.  Automatic disaster recovery means that you can be sure that your data is accessible when you need it. In practice Google are significantly exceeding their SLA and in 2010, Gmail recorded uptime was 99.984%.

Conclusion

Regardless of industry or size, mobilising the enterprise is imperative for businesses. Organisations are considering mobile initiatives in order to increase employee productivity, help corporate innovation and aid employee collaboration.

Early adopters in the UK and Europe who have benefited from Google Apps for Business include SpecSavers, Jaguar Land Rover, The Telegraph Group and Ahold; plus many other significant corporates from a variety of sectors are preparing to embrace enterprise mobility.

Innovative new cloud based technologies aren’t just a case of fascination with the latest technology. Instead these are powerful, game changing business drivers, inspiring enterprises around the globe to integrate enterprise mobility into their IT strategy and leverage IT to create a competitive business advantage. Although consumer devices are already used across the corporate world, they alone will not transform the business model; it is the platform used to support these devices and leverage their capabilities that is the key to unlock true enterprise mobility.

The rush to embrace the outsourcing model started in the USA with the Insurance Industry’s decision to promote commodity pricing and as everyone knows, when your core product becomes a commodity you have to slash costs. The industry then moved to reduce expenses by outsourcing their IT operations and the trickle soon became a flood that embraced all industries.

Outsourcing has worked well for some companies, but it can also lead to business damaging disasters. The problem is, if outsourcers fail, you’re left holding the baby without the resources to care for it. There is little margin for error in choosing an outsourcer as we found in a recent survey at InfoSecurity 2011. LINK. We discovered that 77% of IT professionals surveyed said that their outsourcers had made up work to earn extra money.

This was echoed in a news article about the survey by Lance Whitney, Techzone360.com which reinforced the survey findings. Whitney wrote: “External consultants often don’t have the vested interest in a company that an internal staffer may have. I recall one particular project at my former IT job where we hired an external contracting company to help us with a long term Windows migration project. The people brought in to assist us were paid by the day. There were sometimes days where their contributions were lacking or they performed simple, almost meaningless tasks that were not at all critical to the project.”

There are clearly some rules needed here to help avoid the type of situation highlighted by Lance Whitney. Here are my five golden rules to ensure your outsourcing lifeboat doesn’t sink mid-stream.

1. 1. Make a transition plan and stick to it

You should expect IT outsourcing to disrupt your entire organisation in ways you may not expect. Your plan should include a change management module, a detailed and well-argued case to your staff outlining how you intend to make a smooth transition and a well-documented process to let your customers know that you have the outsourcing process well under control.

1. 2. Get your outsourcing plan  in writing

Larry Harding, founder and president of High Street Partners, a global consultancy that advises companies on how to expand overseas, has seen many outsourcing horror stories, from corrupt general managers “with all sorts of conflicts of interest” (such as service providers getting kickbacks from landlords on the leased space) to projects torn apart by huge turnover rates. “You end up with project teams that are hugely inconsistent. You might have a good team in place, but a month later, three quarters of the team has ‘transitioned’ to another project,” he said.

You need to see the outsourcers’ plan in writing, particularly their crisis management plan. In the written report make sure you add capital asset budgets for the acquisition of software to improve operational efficiency and provide better coverage of security. Make sure that there are disincentives for contractors to avoid using or impairing the usage of software tools to improve things even if they reduce billable hours. Also make sure you allow for the embrace of better tools for labour saving. Do not allow the fox to guard the henhouse.

1. 3. Transparency with respect to security practices.

According to Ephraim Schwartz of Infoworld Magazine, outsourcing is not for the faint of heart because when things go wrong, they tend to do so rather dramatically. “The companies who’ve lived through outsourcing horrors have two things in common,” Schwartz said: “lack of preparedness going into a new relationship and lack of communication once the project gets under way.”

You will have to place special emphasis on choosing an outsourcer that has a proven track record for delivering quality security services to a similar range of industry sectors over a long period of time. They will need the ability to accurately correlate, analyse, and interpret large volumes of network security inputs in real time and be able to separate legitimate threats from a welter of false starts. An outsourcer should have multiple security operations centres that run 24x7x365. Having two or more data centres allows for redundancy and may ensure constant compliance with security standards. Your outsourcer should have security experts in place to monitor and analyse data from customers on a global basis. This level of intelligence will help your outsourcer issue real time alerts and recommend fast reactions to unforeseen events.

Anticipate security breaches, you will have to plan for emerging threats and the need to purchase both software and hardware to respond to threats as well to improve compliance and security. Don’t allow the outsourcer to select their own tools as they will pick those that maximize their revenue, not your security. You cannot predict the future: provide slack to change your contractor’s mission as business and the security landscape change.

1. 4. Know their financial status, compliance standards, history, and audit points.

What is your future security partner’s financial status? For publicly traded companies, Gartner estimates that annual run rates of more than $40 million per year in managed security services contracts indicate a sufficient base of revenue to support growth and enhancement of services. For the biggest outsourcers management experience should include defence, government, and a range of industrial sectors. This is an important consideration because it indicates an outsourcer’s ability to meet wide security management needs, including the monitoring of all industry standard security products.

An outsourcer should be able to provide documented standards and policies for handling typical and atypical operations and threats. They must be able to show that they employ security specialists with certified expertise across a broad range of security products from a variety of vendors. This allows a company the freedom to select best of breed solutions.

The outsourcer must also have facilities, processes, and procedures in place that are validated and certified by a third party auditor. Compliance can be a side effect of good security, or a gigantic make work scheme for the outsourcer. Put yourself in the outsourcer’s position – why fix the problem on thousands of machines in an hour using a security management tool, when they could bill for months reimaging systems? The organisation should take ownership of its own security and not outsource its direction. Pick the best of breed security solutions, do not use checkboxes to select solutions, nor should you allow purchasing to select your security solutions. You don’t pick a doctor by the lowest price, you find the one with most expertise and history of success. You should do the same for your security: don’t allow it to be selected by your contractor or low level employees.

1. 5. Find experts in the areas you need.

In the role of subject matter expert and experienced implementer of systems, the right outsourcer can be a godsend if you can find them. The key is to know how much specialised value your outsourcer can add to your organisation and how quickly they can do it.

So those are my five golden rules. But remember – my position is that outsourcing as a means solely to reduce costs is a fraud since these cost reductions are achieved by gutting the organization of its talent and providing its customers with the poorest possible support at the lowest cost. Ultimately outsourcing for cost savings alone leaves a company weak and ill prepared to respond to emerging threats and opportunities. On the other hand, outsourcing to provide unique talent that is otherwise unavailable or impossible to train can provide your company with distinct competitive advantages. Outsource when there’s expertise to be gained (through contracting of specialists), not lost (through abandonment of loyal staff). Happy outsourcing.

Imagine being able to control the whole IT estate – in all its every increasing complexity – using a single visual management suite. This is what ASG is offering with its Enterprise Automation Management Suite (EAMS) solution. VitAL editor Matt Bailey spoke to ASG VP marketing and communications Tony Perri about the capabilities of EAMS and a milestone metadata  management project at eBay.

In this era of ever-increasing complexity, with cloud and private cloud layers now being overlaid onto the traditional IT estate, the concept of a single automated control system for an organisation’s entire suite of IT software and hardware is a powerful idea.

According to Naples, Florida, USA-based ASG’s VP marketing and communications, Tony Perri, the company’s Enterprise Automation Management Suite (EAMS) solutions offer a practical approach to managing the ever-increasing complexity in today’s IT environments. “In a nutshell, we help customers with their IT complexity, and provide a visualisation tool for managing the end-user experience. After all, you can’t manage what you can’t see.”

As companies add new platforms, technologies, applications, and people to support delivery of IT and business services, complexity continues to grow. This complexity has led to challenges in accessing the appropriate real-time information to make critical business decisions. Likewise, deployment of new services while trying to proactively manage the quality of existing services can be a challenge. “Our EAMS solutions provide a foundation technology that automates access to critical enterprise information; leveraging data from any automation tool, data store, or application to provide better decision support, avoid costly outages, manage risk, and manage the health of IT and business services,” says Perri.

A visual representation of the IT estate

If that sounds like a silver bullet solution, the real value is added in the detail: “EAMS is not a typical automation solution,” says Perri. “It concerns the management of information from assets across the IT estate. It extracts this information, stores it and displays it as a visual representation in a dashboard format. It provides a detailed visual representation of your IT environment allowing the user to radically improve the delivery of service to employees and customers. For instance, it allows the IT staff to see when application performance and availability is affected (red, yellow, green indicators) and all the dependencies of that asset to take corrective action before a failure occurs. The result is a proactive approach to service delivery. .”

Using the system, a bank’s IT service team, for example, can ensure that when staff turn on their PCs, they do exactly what they are meant to according to the service levels agreed. And beyond the company’s own personnel, when a customer uses an ATM or the bank’s online services from their home PC, the system is telling the IT services team the status of the ATM and whether the online service is available and delivering to the agreed-upon service level.

A complex environment

“We now have an extremely complex global IT environment with people relying on each other and on their hardware and software systems as never before to deliver their services,” says Perri. “You need some central control system to get an overview and really make sense of this environment. We provide an architecture with connectors. We add a foundation technology that can link to existing or new tools and systems. And even if we don’t have an existing interface, we can create field developed adapters within a day or two which will integrate these tools into our foundation technology.”

EAMS provides dashboard views down to switch or point solution asset level where you can click and get detailed status information. You can click on any assets – if it’s a server for example, you can see what service it delivers and which other assets it interacts with, repairing malfunctioning units or re-allocating resources before a failure occurs.

“ASG has more than 70 offices worldwide, and our own CIO manages ASG’s complex IT and business environment with a custom-built EAMS solution that leverages information from both ASG and third-party products,” adds Perri. “By providing a real-time view of how IT is supporting our critical business and IT services, our CIO proactively takes action on issues before they become critical, conducts impact analysis to determine other services that could be affected, and avoids costly outages that could impact the business.”

Metadata management

ASG also is an industry leader in metadata management. The core strength of ASG’s offering here is that it preserves the integrity of knowledge assets and promotes software component and object reuse. For mainframe or distributed environments, these ASG solutions simplify metadata utilisation for data warehousing, development processes, systems, networks, and Business Service Management.

ASG employed its ASG-Rochade metadata management solution – which it describes as the World’s leading metadata repository – at its client eBay. Rochade is a scalable, strategic, enabling technology that manages information about data and systems across the enterprise. It uncovers complex relationships between information technology assets, facilitating what-if impact/risk analysis and increasing the productivity of business and IT.

Case study: eBay

eBay is one of the biggest names in the IT world. Gartner has published a case study by Mark A. Beyer entitled: eBay Accelerates Project Delivery With its Metadata Management Strategy (available at: http://www.gartner.com/technology/media-products/reprints/asg/article1/article1.html) from which the following is extracted.

At eBay, there are effectively two IT delivery organisations. The corporation has a traditional IT organisation responsible for back-office transactional management and financial analysis, as well as shareholder reporting, human resources and so on. In addition, a second IT organisation is responsible for the delivery of computing and data resources to support the technology-driven business units. As such, there are two levels of innovation in all areas of the eBay IT organisation. This case study is concerned with the metadata programme initiated in the customer-facing, business delivery unit IT organisation.

In the first three quarters of 2009, eBay’s data architecture and modelling team received 600 plus change requests and requests for 14 additional subject areas, resulting in 646 new database tables in the enterprise data warehouse. The EA team determined that a metadata and model management initiative which creates central design repositories and documents critical decisions was one key to assuring a rapid response to continuously updated business needs.

As an organisation, eBay exhibited mature IT capabilities in application development, database design and management, Web services architectures and the deployment of service-oriented infrastructure. The speed of deployment considerations and the relative independence of the business delivery IT organisation combined to create a fragmented approach to metadata management. As a result, eBay teams were able to accomplish standardised design and delivery approaches using the time-honoured method of manual efforts, team meetings and the personal skills and tenacity of the EA team.

Senior management and the EA team were already seeing delays in some deliveries of application functionality to the business units, and further anticipated growing maintenance issues as long as central design standards remained absent. The EA team, along with senior business unit leaders, determined that a principle first step to remedying their immediate needs and mitigating future risks was the initiation of an enterprise metadata project intended to standardise the early design efforts on subsequent projects. eBay’s primary goal was to introduce a metadata management approach to data warehousing and business intelligence (BI) efforts.

While the business case was understood, no quantifiable metrics existed to create a justification for deploying a more complete metadata management approach. As a result, members of eBay’s EA team presented the case for their proposed solution to the senior business unit managers, who then assisted in the joint development of the approach. eBay had the advantage of senior business unit managers also being accomplished IT technologists. With the business value anticipated to be high, but as yet unquantified, EA managers determined their overall goals and developed a solution architecture.

The EA team at eBay realised that the enterprise data warehouse was the logical focal point of an enterprise metadata project. The warehouse represented the highest concentration of various data domains in the organisation, and one of the highest reuse cases of information assets. Additionally, by focusing on only the data warehouse and the connected BI systems, eBay’s EA team was able to control the overall delivery scope and keep the initial effort appropriately sized. Simultaneously, a second team was heavily engaged in the development of data and application processing services under an enterprise services-oriented architecture initiative. While the two teams pursued their metadata efforts separately, a similar solution was designed for both data models and services metadata.

Results

eBay deployed a mature metadata/model management process using a tool-enabled flow which linked Sybase PowerDesigner with ASG-Rochade. In the new process, all the steps and tasks took place within the tool solution as it was deployed.

Modelling exercises have been reduced to hours from days and even weeks. Prior to the metadata project and the resulting metadata management programme, developers in the business units reported that modelling efforts were greatly reduced. Development teams had to identify various documents and models, validating their accuracy, updating the information and then effectively creating a new set of documentation. Estimated savings are approximately 25 to 50 percent of absolute savings in effort. Indirectly, eliminating churn in the workflow between tasks and team members was reduced by the enhanced documentation, reducing the modelling and verification process elapsed time on each project by almost 80 percent and allowing eBay to avoid longer change delivery or having to hire additional staff.

Lessons Learned

Do not confuse tools with methodology. Early in the effort, eBay determined that some tools were inadequate to the task and halted efforts. It revisited other contending tools and made the decision to change its metadata repository tool. Initially, the depth of the Rochade tool was confused with requiring an extensive methodology — when in fact metadata management is an extensive methodology. Tools selection is complementary in that it must support methodology and approach — but when tools begin to limit the scope, it is most likely the wrong tool.

Leverage vendors’ knowledge of their tools sets and their practice areas. During the project, eBay, Sybase and ASG completed an integration of the two vendor toolsets. In the implementation, services were developed which updated the Rochade repositories with models maintained under PowerDesigner when the check in/out is used in PowerDesigner, without any further import/export needed to update the metadata in Rochade. This was critical because other design tools historically do not have good integration with metadata management tools, and this leads to reluctance from designers and users to maintain the metadata.

Soft benefits converted to hard metrics after delivery. Many organisations never revisit the soft benefits. Gartner maintains that there is no such thing as a “soft benefit” for metadata. Nearly all benefits can be monetised in some way, such as in this case, wherein eBay determined benefits to delivery times and overall staffing commitments.

Tackling the complexity

With its EAMS and metadata management capabilities, ASG now has the ability to provide both a visualisation solution to help manage service delivery and metadata management to support the integrity of customer data and its governance.

With the prominence of the cloud growing and threatening to add further layers of functionality to the IT estate, any organisation that is contemplating this complexity with trepidation should assess what these technologies can do to liberate their beleaguered IT teams.

www.asg.com 

The last few years have seen organisations look much more closely at their energy consumption and in particular, the largest drain on energy resources, IT infrastructure. However, the recession has impacted the speed by which organisations have sought to develop more green IT and many data centres remain the energy gluttons, wasting costly – and limited – energy resources.

Adding to actual hardware costs is the increase in energy prices that has seen the cost to power data centres in Western Europe rise significantly, with IDC estimating the cost increasing 13 percent year on year in 2008 to reach €4.9 billion. For some low-end servers with an average three year lifespan it will cost more to power these machines than to actually acquire them. Consequently it’s clear that the data centre is a major consumer of power, not to mention a major contributor to any company’s energy bill.

But the pendulum may finally be swinging back as confidence returns. Industry commentators and analysts believe that green initiatives have started coming back onto the agenda because of the rise in costs for both IT and energy. As a result, CIOs and IT directors have turned their attention to the latest technologies for ways to reduce costs and build greener IT infrastructures. Attracting considerable attention is virtualisation.

A step in the right direction

Virtualisation consolidates the workloads of individual servers and runs them on a single, efficient server, requiring fewer physical servers and lowering electricity and cooling requirements. Many organisations have an abundance of home-grown or legacy applications running on individual, underutilised servers. Virtualisation allows enterprises to consolidate them on less expensive commodity hardware without having to rewrite old applications. For example, Sony Italia replaced 12 older physical servers with just two new ones running SUSE Linux Enterprise Server with Xen virtualisation, reducing its costs and freeing up valuable space in the data centre. The company avoided having to buy, maintain, power and cool ten new machines – and with 64-bit virtual servers running on the highly tuned SUSE Linux Enterprise Server platform, the new two-server cluster offers all the performance Sony Italia needs.

Why do many organisations have too much computing capacity in the first place? The answer is that historically IT has acquired a server for each application with a net result of creating huge server farms where each server has a utilisation rate of only about 20 percent. With virtualisation, IT can substantially increase the compute-capacity utilisation by using the same hardware to run multiple applications independently. This means that utilisation rates can rise towards 80-90 percent, allowing IT to reduce the number of servers. For example, Essent, the Dutch energy company, undertook a major data centre consolidation project, virtualising a large number of servers to reduce costs and energy consumption. As a result, Essent believes that the solution saved them about £2m for the data centre consolidation project alone.

If it sounds too good to be true…

While the case for virtualisation has been made industry-wide, its benefits come hand in hand with more complex server management issues. This benefit and cost offset has inhibited the full utilisation of virtualisation. Today, each virtual machine is managed as if it were physical. In order to achieve the lower power consumption and cooling costs virtualisation promises, organisations must also incorporate automated virtualisation management.

Implementing virtualisation alone is like assembling an orchestra without a conductor. You can have the best violinists, trumpet players and harpists in the world, but without an experienced conductor, chaos will ensue. Similarly, with virtualisation, a single point of management keeps all systems working together and supporting the business. Ironically, while attempting to reduce physical server sprawl, organisations can inadvertently create virtual server sprawl. Doing so likely means a host of unanticipated capacity and resource allocation issues. Understanding how to manage and allocate effectively is vital to optimising the new arsenal of virtual machines. This is where automation tools come in to play.

IT regularly ‘brings down’ a server for updating or servicing. While an inconvenience, workers have come to work around this procedure. With virtualisation housing a number of tasks and applications on one server, many aspects of the business are going to be affected by these downtimes. And on the off chance there is a server failure, there is a risk that a large portion of the business is completely ‘off-line’.

This scenario is a nightmare from an organisation’s perspective but especially so for businesses that are prediction orientated such as manufacturers since any downtime in the supply process caused by downed servers can lead to lost output, unsatisfied customers or lost sales. It would take only one of these ‘offline’ instances for executives to reverse their position on virtualisation in their data centres to avoid these disastrous situations.

Automated management alleviates the heavy manual process of moving files and applications. Not only does this help avoid an ‘offline’ situation, it enables effective server maintenance without risk. And if a server, either physical or virtual, fails there is automatic, rapid deployment of services for business continuity. Organisations can plan scheduled maintenance with confidence and reduced hassle, while keeping the business running smoothly. All the while ensuring cooling and power consumption savings and reducing the impact of the data centre on the environment.

Putting it into practice

Pernod Ricard Pacific, a wine and spirits company, is a great example of this in practice. The company was moving to new premises in Australia with a much small data centre and energy capacity. By migrating existing physical servers to virtual machines on SUSE Linux Enterprise with Xen, and provisioning new virtual servers instead of buying new hardware, the company eliminated or avoided buying a total of 50 servers. Instead of the projected 58kW, the company is operating all existing and new services inside the 32kW limit imposed by the new data centre and still has room for growth in terms of floor space, power and cooling.

In addition to reducing hardware acquisition and maintenance costs, Pernod Ricard Pacific manages the physical and virtual infrastructure from a single solution which automatically provisions new environments based on the available resources. Moreover, the increased utilisation of the hardware resources means that the company can accomplish more useful work within a smaller power envelope reducing operational costs and cutting the carbon footprint. It estimates that with Xen virtualisation on SUSE Linux Enterprise Server, it is saving 625 tonnes of CO₂ emissions equivalent to planting 2,250 trees.

Virtualisation has been on a crusade the last few years but with the emphasis returning to both cost reduction, IT efficiency and greening of the data centre, its importance will only rise further in the coming years. While virtualisation can be a tremendous boost to an enterprise’s productivity and environmental policy, without the proper automated management tools in place, it will threaten the very benefits sought in the first place.

Virtualisation’s promises of reducing sever sprawl, heating and cooling costs, and power consumption are enticing, but they cannot be attained without effective management in place. With orchestrated management tools that automate critical data centre processes, organisations can make virtualisation a central component in their green IT strategy.

www.novell.com

What challenges are businesses facing in IT right now? Business is all about how to make money and save money and the recent recession has had a drastic impact on how businesses go about doing this while ensuring ongoing customer loyalty and satisfaction. Economists define a recession as six consecutive months of negative growth in gross domestic product (GDP). Whatever definition you use the economic results are always the same: job losses, a decline in real income, a slowdown in industrial production and manufacturing and a slump in consumer spending.

This consequently has a significant effect on where businesses, large and small, focus their efforts. Recession forces businesses to look far more closely at their business models and question assumptions about whether they are in the right business, how they attract and retain customers, how they allocate their assets to improve profitability and service and whether or not they are as efficient as they can possibly be.

In tougher economic times, business managers are forced to scrutinise their organisational structure and people to see whether or not they have the right team to address the changing and emerging landscape and to see how they can carry out work more efficiently while ensuring and improving customer satisfaction.

Managers need to reappraise current ways of working  in order to see if there are aspects which could be carried out better by a third party organisation, whether IT can be used to enhance the customer experience more cost effectively through increasing the productivity of staff. Typically this will entail identifying areas where time can be saved through better processes and automation.

It is important for business managers to look carefully at where staff resources and money is potentially being wasted or lost and ask the question “can I automate these tasks to save time and money as well as maintaining good customer service?” more often than not the answer is yes.

Automating repetitive and mundane tasks frees up organisations to target and align their workforce more appropriately on important, front line customer facing responsibilities and ensuring day to day business standards are maintained and consistent. This allows higher level business goals to be achieved by ensuring staff are not distracted by unimportant yet urgent tasks.

What are the challenges?

Not only do organisations have to cope with the obvious implications of a recession, they also have to cope with the inevitable reduction in government spending and also the potential cost impact of new Government legislation. One such piece of legislation is the Carbon Reduction Commitment (CRC), a new Government-backed legislative carbon emissions trading scheme that came into effect on April 1.

The CRC is a mandatory climate change and energy saving scheme in the UK and its aim is to improve energy efficiency and reduce the amount of carbon dioxide emitted in the UK. This is vital to achieving the Government’s targets of reducing greenhouse gas emissions by 2050 by at least 80 percent. Organisations that use a certain amount of electricity will be obliged to participate in the scheme and monitor their emissions. They will have to buy allowances from the Government for each tonne of CO₂ they emit creating a significant incentive for organisations to reduce their emissions and in turn saving money by not wasting energy.

How are businesses tackling these issues?

The best organisations confront the reality of the situation they see in front of them, adapt quickly and constantly look to refine and improve their recipe. They are always looking at ways to improve, satisfy their customers and become more efficient. They realise they have to do more, better with less. Many IT departments in large organisations, such as Local Authority Education Bradford, are already realising this ongoing reality and are looking to technology to assist them.

Education Bradford wanted to ensure its teachers and IT technicians were not distracted by unimportant yet urgent tasks such as SIMS SQL upgrades, security patch deployments and device management all of which can be very time consuming. The LA thought it best to employ SERCO a business services company based in North Hampshire, which holds a 10 year contract with Bradford Metropolitan Council to manage and operate the local education authority.

The LA needed SERCO to completely manage and maintain over 800 devices in 180 schools. SERCO in turn realised that it would need a device management technology to help it provide efficient services and save time by automating mundane and repetitive tasks. By implementing CentraStage, a technology which provides remote device management, the LA/SERCO created an overall efficiency gain of 20 percent by offering schools the ability to turn off PCs and optimise power settings, giving Education Bradford the potential to reduce its carbon emissions by up to 223 tonnes for the first year in line with the requirements of the CRC Energy Efficiency Scheme.

The LA has been using CentraStage for over 12 months and has calculated the annual cost savings to be over £55,000 per annum. It is now able to offer new services to schools without having to take on additional staff and has calculated that over 2,500 hours of school ICT ‘downtime’ has been avoided along with support call times reduced by 4.5 minutes on average, allowing staff to use their time more effectively and focus on teaching instead of monitoring and managing school technology.

What needs to change?

One of the main areas for business has to be getting better value for money from IT. For years the IT industry has been dominated by large organisations, with well known and trusted brand names, selling expensive kit and licenses to business customers that do not need them. Only now are organisations beginning to realise the amount of money that has been wasted over the years on idle equipment and unused licenses. Customers have of course realised this and with capital budgets being cut or frozen they are now looking at ‘pay as you go/grow’ services and solutions. IT service providers need to change their culture and realise that customers are no longer interested in being sold IT software and hardware but need an On Demand service backed by a good service level agreement (SLA).

This demand is fuelling the growth of Software as a Service (SaaS) and allows end users to save money by only paying for services as and when they use them. The channel needs to be responsive to this and understand that their old ways of providing bespoke and unique services for each individual need of a customer is not sustainable and profitable in the long term. They need to offer excellent, on demand repeatable and scalable services backed by a strong SLA as CIOs are being far more scrupulous about the services and results they get for their money.

Prepared for change

The IT channel must be prepared for this change in customer demands by being more versatile. Channel partners offering siloed services will struggle to compete as the economic recovery brings aggressive competition. To stand out in this supplier saturated market IT service providers must filter out this noise on behalf of their customers and position themselves as a one stop, on demand shop for end users. The ‘value add’ is crucial in securing longevity as a service provider and it’s important to offer direct support as well as a substantial return on investment to be able to compete with larger organisations.

www.redstor.com

IT certifications promise numerous benefits, from bolstering CVs to assisting in job retention. Although there’s debate over whether vendor-independent or vendor-specific programmes are best, there’s little doubt about the role they have to play in boosting professional standards within the IT sector. Given the pace of change and emergence of new technologies such as cloud computing there is today more than ever a need for IT professionals to be armed with not only the knowledge, but also the skills and expertise needed to drive change and improve efficiencies across the business. As a result, it’s crucial that IT certifications reflect real-world developments in order to prepare professionals for the challenges they will face in the workplace. IT executives that simply take tests after studying a book may have a wealth of knowledge but will find it difficult to achieve any real success in driving forward change at work.

The need for professionalism

The European Commission (EC) recently warned of a potential 350,000-plus shortfall in IT practitioners in the region by 2015 and criticised the UK for failing to adequately promote professionalism in the industry. According to EC principal administrator André Richier, although Europe has approximately four million IT practitioners, 50 percent are not IT degree qualified.

While there’s a case to be had for ensuring IT practitioners have an appropriate education, more important is ensuring IT practitioners in the workplace are continually improving and developing their skills and capabilities – both as technical experts and as project managers.

Developments in technology combined with the economic climate are having a profound impact on the day-to-day lives of IT professionals, forcing them to speak the language of business and ensure IT is closely linked to business objectives. Given such challenges it’s not surprising certification is being seen as more important than ever in the IT world. Organisations can’t afford to take risks with employees that aren’t fully prepared, and who don’t possess a certain sensibility about the business. It’s for this reason alone that MI5 recently announced it was ditching staff lacking the computing skills necessary today.

The importance of standards

There are three main stakeholder groups concerned when it comes to IT certification: employers, individual IT professionals, and vendors. Bearing this in mind, what is the ultimate goal of standards-based certification? For businesses, standardised certification ensures that individuals meet the hiring criteria they require. Beyond possessing a standard base of knowledge proven by passing an exam, hiring managers are increasingly showing preference for talent whose actual skills and experience match globally accepted standards. For the individual, certification is about acquiring the skills necessary to be an attractive employee and prove it. For vendors, certification is about ensuring that their solution can be easily implemented and used by organisations to bring maximum benefit.

Standards for certification need to be set not just by one technology vendor but also by the organisations that use technology to meet their business and infrastructure goals as well as independent third parties. Why? As business operations become more geographically dispersed, organisations across the world are faced with numerous IT challenges as they evolve to remain competitive, particularly in coming out of the current economic downturn. These pressures are, in turn, placed on IT professionals, forcing them to evolve their skills in order to remain competitive in the job market.

This is why standards for certification are so important. Certifications (and hence the training) need to be relevant not just for the technology vendor but most importantly to the organisations that are hiring and the IT professionals themselves. The skills and experience IT professionals gain throughout their careers should be transferable across organisations and not just limited to one particular technology, product or skill set.

In addition, one of the things we have learnt through interactions with our members is that, although technical skills are important, simply studying a book of technical specifications is not enough in the modern world. IT professionals must not only be able to show their ‘book smarts,’ but they also need to show that they have practical experience implementing those smarts ‘on the street’. Incidentally, this is also why a vendor-neutral approach to certification is important; organisations and individuals need objectivity and a wider world view to effectively deliver a service to their stakeholders.

IT street smarts trump book smarts

It’s crucial that IT certification programmes focus on demonstrating competence in actual engagements. Simply taking tests after studying a book does not fully prepare executives for the business challenges they’re expected to address through IT. In addition to real world experience, enterprise architects and IT specialists, for example, will of course have mastered skills specific to their disciplines. However, to be successful they also need to master skills borrowed from ‘other’ disciplines, and they need skills that allow them to work productively in a particular employer and client context. These so-called soft skills, including communication, listening, leadership and teamwork, cannot be learned in a book nor measured in an exam.

The three most relevant disciplines with which enterprise architects and IT specialists share skills are project and programme management, business strategy and consulting. These skills are important when you consider the pace of change within the business world and the need for IT investments to meet specific business goals.

After all, without these additional skills, technical knowhow alone will not unlock the full potential of an organisation’s IT infrastructure. To draw an analogy, knowing how to build a bike (technical skills) does not mean that you can ride it, or indeed know if it is a cross-country bike or a road racer (business skills).

Certification and the cloud

If we look at the nascent cloud category, this exemplifies many of the points made above. It is important that organisations hire IT professionals with the necessary qualifications and skills if businesses are to reap the cost saving and efficiency benefits cloud adoption promises. The big challenge with cloud right now, of course, is that the industry is still in the early stages of developing standards that address the technical as well as the business requirements for being successful in this environment.

CIOs want to understand what the move to cloud computing could mean to them and what it’s going to do for them. Business leaders want to understand the business benefits and key organisational requirements for getting started. Enterprise architects need to have the technical know-how to make cloud computing a reality.

However, these drivers cannot exist in isolation of each other. This means collaborating across the entire ecosystem and applying training street-smarts to ensure that cloud solutions are fit for purpose and that the IT professionals that have been trained in a manner that will allow them to deliver results. This is all the more important when you consider that what constitutes a cloud service is up for debate; it could be infrastructure or software as a service, or it could be point-of-service with advertising, or be extra processing power or secure environments for scaling up or testing.

As enterprise cloud adoption matures, the standards and best practices being charted right now by industry consortia and working groups such as The Open Group and British Computer Society will be central to the effectiveness of cloud-focused certification programmes.

Towards a more professional approach to IT

Certification can play a key role in improving the professionalism of the IT industry; but to have any real impact there must be standards that are relevant and useful to all the key stakeholders: IT professional, employers and technology vendors. What’s more, if certification programmes are to have any real role in advancing professionalism within the IT industry, they must show that IT professionals have real-life experience.

Developments in technology such as cloud computing are forcing IT departments to speak the language of business and align their activities with an organisation’s key objectives. Those that don’t have the necessary skills and experience will struggle to keep up and risk undermining professionalism of the industry. At a time when IT has such an important role to play in driving efficiency and improving productivity no one can afford to underestimate the value of IT certifications that are based on globally accepted standards.

www.opengroup.org

The IT industry loves its acronyms, why is anyone’s guess – maybe it’s a speed thing, perhaps it’s the whole idea of writing code or overcome language barriers, I’ve even heard “it’s to do with saving bandwidth”, whatever! What I do know is it’s confusing for those on the outside to keep up when the IT crowd are in full flow – a typical discussion would be ‘what’s the difference between SED and FDE and which is better?’ If you found you reworded the question to ‘what is’ then read on – I’m going to give you a sneak peek inside the mind of a geek.

Today, every business utilises technology in some form. However, this miracle of science has a split personality – a silent evil slashing an enterprises’ artery and haemorrhaging sensitive data, while the other is white knight reversing the tide and stemming the flow of bad blood generated with each data breach.

WIIDWID?

So let’s begin with IT security and why it is doing what it’s doing. First is the realisation that it’s not alone in its penchant for acronyms, regulators have affection for them too, resulting in a common ground between the board room and the IT domain with compliance a significant driver to both:

DPA – The Data Protection Act 1998 is a UK Act of Parliament and the main piece of legislation that governs the control and protection of personal data.

PCI DSS – The Payment Card Industry Data Security Standard is a worldwide information security standard created to prevent credit card fraud through increased controls around data and its exposure to compromise.

HIPAA – The Health Insurance Portability and Accountability Act of 1996 is a set of US federal standards that requires healthcare organisations to implement security standards that protect (and keep up to date) patient data and to standardise on electronic data interchange.

SOX – The Sarbanes-Oxley Act of 2002 is a US federal law. The bill was enacted as a reaction to major corporate and accounting scandals. It covers issues such as auditor independence, corporate governance, internal control assessment and enhanced financial disclosure.

WATDIW?

Okay, that’s why, so the natural progression is what are they doing it with?

FIPS 140-2 – a U.S. government computer security standard used to accredit cryptographic modules. It defines four levels of security, simply named “Level 1″ to “Level 4″ however, it does not specify in detail what level of security is required by any particular application so it should not be considered as a guarantee that the product is secure.

Common Criteria – is a framework in which users can specify their security functional and assurance requirements, vendors then implement and/or make claims about the security attributes of their products, and testing laboratories evaluate the products to determine if they actually meet the claims. As with FIPS, just because a product is Common Criteria certified, does not necessarily mean it’s completely secure.

The Cloud – describes a new supplement, consumption and delivery model for IT services over the Internet.

Keylogging – tracking the keys pressed on the keyboard in a covert manner to steal passwords, banking details, etc. Previously a piece of malware, there are now hardware instances – for example a keyboard that looks legitimate so this is a diversifying threat.

DLP – data loss prevention refers to systems that identify, monitor, and protect data in use (eg, endpoint actions), data in motion (eg, network actions), and data at rest (eg, data storage) through deep content inspection, contextual security analysis of transaction and with a centralised management framework.

Encryption – the conversion of data into a form that cannot be easily understood by unauthorised people. Decryption is the process of converting it back to its original form.

FDE – Full Disk Encryption, does what it says on the tin, using disk encryption software to encrypt every bit of data that goes on a disk or disk volume (excepting the Master Boot Record, which most FDE solutions leave unencrypted)

SED – a Self Encrypting Drive is a hard drive based on the Trusted Computing Group’s specifications, it can lock-down data automatically in less than a second and can be immediately and completely erased in milliseconds. SEDs are easily deployed and managed cost effectively and are interoperable across PC platform types. It is an emerging technology so watch this space to see if it delivers.

BitLocker Drive Encryption – a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft’s Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It’s designed to protect data by providing encryption for entire volumes.

U3 enabled – U3 Smart Drives are regular USB flash drives with a twist. Programs can be installed on them that launch independently of the machine it’s inserted into and the data from those programs travels on the device – leaving nothing behind. While beneficial in the fight against data leakage, it has a malicious persona – for example, if it’s preloaded with malware and plugged into a logged on PC it could inject a virus into the system that is untraceable.

Black List – a list or register of items, for whatever reason, that are being denied a particular privilege, service, mobility, access or recognition.

White List – similar to a black list but instead of denying, you stipulate which are accepted so it’s easier to build up from a security perspective than eliminating backwards.

SAM Database – the Security Accounts Manager database, used by Windows (and possibly other OSs), manages user accounts. It’s implemented as a registry file that is locked for exclusive use while the OS is running. If its contents were discovered by subterfuge, the keys are encrypted with a one-way hash, making it difficult to break. Some versions have a secondary key, locking the encryption to that copy of the OS.

TPM – Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It includes capabilities such as remote attestation and sealed storage.

An industry ideosyncrasy

Acronyms may be confusing but are not designed to make the user sound superior, they’re just an industry idiosyncrasy, we all have them. However, the threat against data is serious and we mustn’t let language cause a misunderstanding that thwarts our efforts – after all, it’s not a necessity it’s a requirement.

Whatever the service currently being delivered, the provision of a helpdesk/support desk is now an established and crucial element of any organisation’s day-to-day operational management, be it internally and/or externally focused. Customers can be served more proactively and employees can be more productive, if the quality of support they receive is faster and more effective. It is also a huge influencer on the user community’s perception of the IT services delivered within an organisation.

Gartner surveys have shown that 50 percent of an end user’s perception of the IT services they receive is directly influenced by the quality of the support they experience. Therefore, provision of a quality service desk operation is no longer an option, it is essential. So defining and delivering the appropriate service offering, selecting and implementing the best software solution is something every organisation needs to get right, especially in today’s financial environment. Which as of today, I believe is leading to many organisations reassessing their current support services and the software tools being used.

Switching to service desk

For those organisations operating a traditional helpdesk, the move to a Service Desk environment can be a daunting transition, as the requirements have become significantly more involved than offering a simple ticketing/call logging service. Alternatively, there are those early adopters of the ITIL-based service desk and with the introduction of ITIL v3 the requirements for delivering ITIL-based services has changed considerably.

In principle the requirements and issues involved with the deployment of an IT Service Desk are well documented by the ITIL, given that it has been developed over many years to provide best practice guidelines based on the experience of many organisations that have gone before. That old saying of ‘Not reinventing the wheel’, should be the mantra for anyone involved with or considering such a project. However, my experience over the past 18 years clearly shows that the ‘wheel’ is being constantly reinvented for a variety of reasons. Therefore, it is evidently clear that one size does not fit all and the project to deploy or upgrade an organisation’s Service Desk, albeit helped by the ITIL framework, is different for everyone.

Does size matter? Irrespective of the size of an organisation the principles of deploying an IT Service Desk should be basically the same. What is different will be a) the level of sophistication required, b) whether ITIL is a driving force, c) specific business drivers that are deemed important for such a project and finally d) The need to drive financial cost savings.

So, what dictates the sophistication, it is not an organisation’s size. Over the years I have seen many small service desk implementations that have had very intricate and detailed customisation and integration requirements, whilst many larger systems have been quite basic in their solution needs. It just depends on what is important to the operational requirements of an organisation. ITIL is not a focus for everyone, it might be deemed to be too costly and bureaucratic for many companies. However, to have the benefits of best practice should still be very beneficial, so why not take advantage if you can?

Every organisation is different and although there may be similar business drivers within market verticals, the individual needs of any organisation will be different to those of their peers and competitors. Finally, many legacy service desk solutions are very expensive to maintain and manage, whereas new technology will be less expensive, easier to manage and more flexible. So it might not be a case of ‘reinventing the wheel’ per say, more a creative utilisation of the ‘wheel’ based on specific needs.

What is driving the need to change?

When planning a project to implement or upgrade an IT Service Desk, a key criterion is to review and identify the primary business processes that already exist and what new innovation the project could/should deliver. What is driving the need to change, what if any are the constraints and limitations of an existing solution? It is highly possible that any existing solution is based on legacy technology; is limited in its functional capabilities; has little or no capacity for customisation or scalability, all of which severely constrain the ability of the service desk personnel to deliver timely, efficient and effective support services to their organisation.

Having identified the critical business processes that need to be developed and initiated via the Service Desk team, it is then necessary to re-evaluate any incumbent software solution(s) being used as to their suitability for the new requirements. It is no good having scoped and designed the greatest processes in world, if the means by which they are to be delivered is not just capable of delivering the end result, but more importantly adding significant value, the flexibility to meet changing business needs and future scalability.

In either deploying or upgrading a service desk the de facto standard is now for organisations of all size and type to adopt the best practice framework and recommendations offered by ITIL v3. To what extent an organisation is prepared to undertake the considerable investment required to fully adopt ITIL is a commercial decision they need to make for themselves. However, the benefits of the best practice framework cannot be denied but it is not necessarily right for everyone.

Some organisations may want to have the recommended best practice embedded in whatever solution they may purchase but not invest in the professional training and certification. At least this way they are able demonstrate best practice by having the required management processes inherent in the software they use.

But let’s not beat around the bush here, for any organisation to fully invest in ITIL and especially the v3 release, can be a very daunting and costly undertaking for any organisation. Which is why industry experts such as Malcolm Fry, recognise the issues and concerns. Malcolm says “Many organisations will start the ITIL journey but not complete it, while others undertake the journey knowing they won’t ever complete the implementation. Therefore, organisations need to make sure they have the right basics for implementation at the beginning to ensure they maximise ITIL v3 at implementation and that it is fit for purpose.” To this end, levering his experience and many years of practical experience Malcolm has launched a new initiative, he says “ITIL Lite is an approach to implementing key components of ITIL v3 to ensure a sound basis for IT Service Management either as a starting point for full implementation or as a deliverable for those not wishing to fully implement ITILv3.”

Entering a mine field

An obvious crucial consideration has to be the service desk software deployed and its capabilities of helping to deliver ITIL best practices in an efficient, coordinated and effective manner. There are many solutions available with numerous vendors extolling the virtues of the products and their credentials for being ITIL compliant. This is where it can become a mine field, as all service management solutions are far from being equal. Therefore, careful consideration and evaluation is required to determine the type of solution will best suit an organisation.

There are low cost solutions that can provide breadth of ITIL capability but offer little depth of functionality and require bespoke services for future customisation. At the other end of the scale are the ‘enterprise’ solutions which can offer everything an organisation might need but at a cost, both from an initial purchase perspective, ongoing management overheads and specialist development resources. However, recent years have seen the emergence of new players offering new technology that is able to readily deliver ITIL best practice, allied to ‘enterprise’ functionality that is easy to deploy and no longer requires expensive ongoing management overheads.

So it really is a case of ‘caveat emptor’ (buyer beware), as the solution choice you make could severely affect the success or otherwise of a project and once deployed it is almost impossible to reverse that decision and start again. So work hard to get it right first time and remember it is not just about features and functionality, or the initial project cost, the cost to your organisation over a three to five year time frame has to become a prime consideration.

People, processes & technology

So back to the original topic ‘deploying the IT service desk’. Having made a decision about to what extent, if any you are going to adopt ITIL best practice and then selecting the best software solution to meet the requirements of your organisation, the project focus should be around ‘people, processes and technology’. It is not the intention to this article to provide detailed chapter and verse about project management and deployment but here are some tips for consideration.

Project Initiation Document (PID): The Project Initiation Document brings together the key information needed to start the project on a sound basis. It should be conveyed to all stakeholders and agreed and signed off by the business sponsors. In short, this is the, “who, why, what, when and how”, part of the project. It defines all major aspects of a project and forms the basis for its management and the assessment of overall success.

Methodology: For any Service Management project to be successful, the supplier should have a proven track-record of delivering successful projects on-time and to budget. To do this, they should have a clear, documented, methodology encompassing all phases of solution deployment including scoping, installation, customisation, data migration, training (both for administrators and users), provision of documentation, user acceptance testing, project sign-off and go-live support.

Statement of Work (SOW): As with any complex project, effective scoping followed by a detailed Statement of Work is key to ensuring that projects are delivered on-time and to budget. All stakeholders/business sponsors should have visibility of the Statement of Work document before signing it off.

Phase Sign-Off: Each phase of the deployment should be signed-off by both the supplier and the customer representatives (stakeholders and business sponsors) based on the scope of work. Any issues would be escalated to the project manager and addressed before the given phase is signed off.

Risks

Then there are the risks that accompany any project. In many instances, not enough focus is applied to risks that may affect the project. This should be a key consideration when developing the Project Initiation Document. Any potential risks identified will need to be mitigated to ensure that the project can progress smoothly. Risks can fall into a number of categories including:

Project Risks: Estimates that are excessively inaccurate, too aggressive a schedule, poor management, scope creep (poor change management), large projects not staffed appropriately.

Schedule Risks: Project dependencies, parts delays, estimation errors, decision delay, hardware delay.

Resource Risks: Outsourcing delays, lack of funds, attrition of resources, people joining the team late, scarcity of skills.

Failure to identify and mitigate risks is likely to be a major factor in any failures or delays that occur.

Scope creep

Finally, the hidden curse of any well planned project, ‘Scope Creep’. Although a well executed Statement of Work is designed to provide focus on the core deliverables for a project, project managers/project executors must be disciplined enough to refer customer contacts back to the Statement of Work, negotiating project extensions and additional funding, if required.

The ultimate objective of deploying an IT service desk has to be to enhance business value, through the delivery of competitive advantage from improved customer service and/or increased productivity of an organisation’s employees, while reducing overall business costs. Although this might seem a high ideal, it is possible with the right planning and choice of software partner.

www.cherwellsoftware.com

At a recent conference, a senior executive at a Global 500 company was overheard to say: “If only we could pick up all the money we are spilling in negotiation. It’s a huge number, definitely in the tens of millions.” He went on to describe how his company was in the early stages of negotiation development and still lacked a consistent approach. He could not disguise his real concern: “Our failure to develop the skill of our negotiators across the company will not be evident until it is too late.”

Other businesses too have recognised the importance of negotiation in improving bottom line profitability and as a result have put together large-scale training programmes. However, too many still lack a clearly-defined strategy in driving such initiatives.

Today’s best-performing IT companies show that the key to success is both simple and fundamental. In every case, they have transformed negotiation from an individual competency into an organisation-wide capability. So the importance of process is clear, but in implementing such enterprise-wide change, IT companies should not lose sight of the fact that fully-developed behavioural skills remain vital for those members of the sales or business development team on the negotiating front line.

The contrast in performance could hardly be more stark: between 2007 and 2008, the net income of the world’s top 2,000 companies declined by over 30 percent. Over the same period, the top 25 percent of companies adopting a systematic approach to negotiation achieved an average net income increase of nearly 43 per cent. These companies were identified as world-class on the Huthwaite International/IACCM (International Association for Contract and Commercial Management) ‘negotiation maturity’ benchmarking scale.

So how can one explain such a huge variation in bottom line profitability? In the first study of its kind, Huthwaite International and the IACCM interviewed more than 120 major buy- and sell-side practitioners and benchmarked the negotiation maturity of the world’s largest organisations. In particular, it explored how major international companies such as Microsoft, Oracle, HP, Avaya, Invensys and Teradata are trying to improve their corporate negotiating performance. The resulting report – Improving corporate negotiating performance – found one common factor among the most successful of these companies: they have all re-engineered their negotiation capabilities.

Despite this, the survey also found that in too many other companies negotiation performance improvement is being ignored, neglected or ineffectively addressed. For these businesses, negotiation is still seen to be a very personal, ‘soft’ skill.

Such an approach is no longer sustainable. To secure multi-million pound deals in today’s tough commercial arena requires much more than this for, as the survey highlights, companies with no negotiation process suffered an average net income decline of no less than 63 percent between 2007 and 2008.

So what’s the answer? The survey identified ten critical areas which IT companies should address if they are to achieve significant and measurable improvements in negotiation performance. These include standardising and documenting the end-to-end negotiation process, ensuring consistent inter-departmental collaboration and measuring negotiation success.

Though some companies have started on the road to transforming their negotiation practices, few have succeeded in embedding a consistent process across different business divisions or geographic boundaries.

This should come as no surprise, as implementing such in-depth change is not easy. As a sales director of another Global 500 company bluntly put it: “We don’t prescribe how our employees should negotiate – there is no bible for this. We have 45 divisions worldwide and it is impossible to have a standard process.”

Yet the impact of a successful shift is little short of astonishing. One respondent pointed to a saving of $37 million on a single deal following the introduction of a more structured approach to negotiation. And, as another global head of contract management confirmed: “Before the new process was put in place, the average negotiation cycle time on complex projects over $5 million was 12-18 months. Today 75 percent of those deals are done in less than eight weeks.”

In benchmarking the current stage of development of each organisation, researchers adopted a five-phase negotiation maturity model.

At one end of the scale, the weakest companies have no process, are purely reactive and rely totally on individual skills and capabilities. In greatest contrast to this, best practice organisations – identified as ‘world class’ – have a formalised negotiation process which is subject to continuous improvement and incorporated into the broader buying or selling process.

So where do most companies sit? Overall, the survey identified disappointing levels of maturity in global negotiation standards. Fewer than one in five global corporations have any formalised structured planning tools for the negotiation. The end result is badly-prepared negotiators who feel that success will be based solely on individual merit.

In helping businesses improve performance, the research identifies ten critical areas throughout the negotiation process which must be addressed if any transformation initiative is to succeed. Changing the behaviour of an organisation may be difficult, the survey concedes: “However, when companies with no process are demonstrably losing millions of dollars in negotiation, the status quo is not an option,” it believes.

In focusing on process as key to improving the bottom line, the survey recommends, “at the very least, the implementation of strategic cross-organisational negotiation planning from the very start of the sales or acquisition process, in order to have consistently successful outcomes”. Or, put another way, start as you mean to go on.

There is no doubt, of course, that a large number of other factors influence negotiation performance, not least of which is the impact of new web-based technologies and the emergence of professional third party procurement specialists. The directors and senior managers surveyed were in no doubt that the following key performance areas must be addressed in order to ensure the success of any negotiation transformation initiative:

•             Negotiation process;

•             Cross-organisational collaboration;

•             Data collection and analysis;

•             Preparation and planning;

•             Approval and escalation systems;

•             Negotiation training;

•             Measurement of negotiation success;

•             Motivation for negotiation success;

•             Common negotiation standards;

•             Board level support.

Despite the overall emphasis on process in securing a consistent, unified approach to negotiation throughout the organisation, it will not have gone unnoticed in this analysis that skills training for those at the rock face of negotiation – whether buying or selling – remains a central component to broader performance improvement.

Just as the survey found that few global IT or other corporates had any formalised negotiation planning tools, there was a parallel lack of maturity in the area of negotiation training. In particular, just 31 percent of companies questioned have a formalised approach to training, with only five percent reflecting a world class level of maturity.

There is however clear light at the end of this tunnel. Any organisation can easily access cost-effective behavioural skills training solutions which can have a substantial and immediate impact on negotiation performance.

So what separates successful negotiators from their less effective counterparts in securing long-term, mutually profitable partnerships with suppliers or customers? In helping negotiators enhance their ability to achieve win/win outcomes, the best performance improvement programmes have recognised the central importance of behavioural skills, in enabling a creative approach which adds value for both parties.

The following two examples show how this works at the point of negotiation. Counter-intuitively perhaps, skilled negotiators ask twice as many questions as their average peers, in seeking to understand fully the other party’s position, the reasons for this stance and all possible options for reaching a successful agreement.

The best negotiators are similarly twice as likely to test their understanding of what the other party has said, in order to successfully maintain momentum and clarity, and so avoid potential conflict or misunderstanding further into the negotiation.

This highlights a common weakness among lesser negotiators, who tend to see negotiation in terms of straightforward ‘horse-trading’ rather than trying to understand – and so respond to – what is valuable to the person on the other side of the negotiating table.

By contrast, skilled negotiators have a broad behavioural repertoire and the flexibility to adapt their behaviour to suit the situation.

With little cross-organisational planning, today’s negotiators are typically unempowered and so are constantly having to seek approval or authorisation. It is little wonder that, in such circumstances, success depends solely on individual talent.

It may be true that ‘pieces of paper don’t help to generate business’, but as the survey demonstrates, there is no doubt that systems for strategically planning for negotiations are more likely to produce consistently successful outcomes.

Moving to an effective negotiation strategy requires the involvement of suitably-trained staff at all levels and across all departments. Equally, a set of common end-to-end processes and standards should be established, which can be properly documented and measured. This is a world away from a naïve reliance on the mental agility and verbal skills of your best salesman, when complex deals worth many millions of pounds are at stake.

As with any major change process, buy-in at executive level and the negotiation ‘coal face’ is just as vital. In implementing change therefore, start small and grow on the basis of the success stories generated – for mandating a process without adequate explanation of the benefits and potential payoff is doomed to failure.

Each business must therefore be realistic as to the speed and degree of change that can be achieved. They should review their benchmarking data, identify the biggest gaps in current performance and take action on a step-by-step basis.

It may be unrealistic to believe that there will ever be a negotiation director sitting opposite their sales and marketing counterparts at the boardroom table. That said, something of such fundamental importance and required so widely simply cannot be left to chance.

www.huthwaite.co.uk