General


While IT evolved through cycles of improved capabilities, complexities and business dependency, IT Service providers started realizing and embracing the concept of IT Service Management.

 The approach of extending IT Services (in terms of facilitated business outcomes) to the business/customer, and relieving them from the complexities of the technology and operations behind it, has definitely put IT in a right track of Business-IT alignment and Integration. Various frameworks and standards like ITIL®, ISO/IEC 20000, COBIT etc has played a very crucial role in bringing the Service perspective into IT.

IT was “Infrastructure” management or “Application management” or “Operations” management. The concept of IT Service Management has shifted the mainstream focus from those underlying responsibilities and components to ‘Services’ (facilitating of business outcomes). The approach enabled the business and Customers to focus on “What” they receive in terms of outcomes from IT; rather than on “How” they were delivered.

Then the Cloud burst happened. I mean then the concept of ‘Cloud’ evolved!

The IT industry – probably deprived of using favourite technology discussions by all these “Service” talks in mainstream – grabbed it by both
hands; some even behaving as if this is one of the biggest invention after fire! Debates are all around – will frameworks like ‘ITIL’ survive such a cloud burst?

Many didn’t realize – or tend to ignore the fact that all these mainstream focus on Cloud in business circles is moving the whole Business-IT relationship a step back – to the era of “Infrastructure” management.

Cloud in ITSM
Change in ITSM with Cloud

Let us not forget the expected output of IT to business is still in the same lines as the “pre-cloud times” (!) – A facility to send emails, a business application functionality, a workflow capability, an automated information processing and so on. The “What” remains the same. Of course, the “How” is changed by Cloud – for the better, in terms of efficiency, scalability and cost-effectiveness; or at least supposed to be so.

On a lighter note, we can say – ‘CLOUD are not really beneficial to mankind and the world – but the RAIN is’!

 Having said this – the concept of Cloud is a significant development in IT. It can bring in huge advantages that can get converted into business value of IT. The complexities and challenges associated with Cloud need to be assessed and addressed. The benefits of this new way of managing IT need to be highlighted.

All these are essential; but not at the cost of shifting focus from the all-important business outcomes of IT. Hence the whole Cloud adoption will gain huge benefits by adopting ITSM best practices and standards into the complexities and capabilities of Cloud, rather than resisting or writing them off.

The post I wrote about Events and Incidents is one of the most accessed on my blog these days! It seems to show the kind of interest/confusion/lack of clarity that exists among those terminologies.

There is an interesting (but to me looks another never ending) debate going regarding Application vs Service on the ITSkeptic site.  One interesting comment made by Rob England reads like this:

"service" is used in utterly different contexts to mean utterly different things. Should I be concerned that tennis uses it for something different as well?

I really liked that not just because I really laughed reading that; but have been the point I used to always ponder with English words and their dual (and multiple) meanings.

The point is English has different usage/meaning for many words in different contexts. And many frameworks like ITIL coins even different meanings for them 😦 I pointed to this in my above mentioned post in Event vs Incident. The actual meaning/usage in ITIL is different from a common man’s usage of those words – And that can only add to the whole confusion.

So Events and Incidents means some thing in real life – and some thing different in ITIL. Even at the risk of repeating, I really wonder how many global organizations used the word ‘Incident’ for Service interruptions before ITIL came in. Then there are others:

  • Incident and Problem ( People who knows ITIL will be confused in a different way that people who are new to it, on these words)
  • Availability (of the Service/infra/system) vs  Availability of resources/capabilities (which is in fact, Capacity in ITSM/ITIL)
  • Service!

There are many examples which can create confusions for a non-IT person:

  • ‘Application’ – in IT : vs  ‘Application’ in general (Job application etc),
  • ‘Delivery’ (Just imagine an Software engineer telling her Mother-in-law that ‘I have a delivery’ today!)
  • ‘Window’ (try clicking on the Window!)
  • ‘Code’ (for a common man, it looks like some secret key!)
  • Switch (Why does a simple switch cost so much?
  • Web (A tweet from @fakeitil summarized this : which says that ‘web is down since we lost some spiders !’)

We can just go on and on… Any body want to add any interesting ones?

I am not sure who should have addressed these ? IT, ITIL ( and other frameworks) or the English (er.. I mean the language!).

It is high-time the Information controls (especially Information security controls) move into a mode of ‘Protecting’ (‘Provide and Protect’ – the phrase I borrowed from a colleague, as I liked it very much! or even better: “Protect and enable“) than ‘Controlling’.

Many organizations get into a false sense of achievement in ‘control’ and ‘compliance’  by putting stringent information security controls (technical or procedural) – to the extend of restricting or handicapping the business itself!

Here are a couple real-life cases I had experienced recently:

  • In a global organization where they hired me as a consultant – I had to go in to discussions with just a notepad; as getting an external laptop inside involved a huge procedure and a series of justifications and approvals! The team didnt find it ‘worth the pain’. Talk about productive output from an external consultant you are hiring!
  • A corporate where i was conducting ITIL workshops opted NOT to go for a prometric exam conducted in their premise (though we all agreed that could be the most optimal and cost effective option for them) – Since getting an external server connected to their network involved (in their words), ‘too much of procedures’ and ‘too much of pain to get all approvals etc’.

Here we can argue on all the sides – justifying the actions of all parties involved, with fairly genuine arguments on all sides.

Add on to this – a negative perception created in the mind of business users.  (more…)

Rob England (ITSkeptic) said in one of his tweets:

“Back in 80’s , the highest bandwidth channel for data transfer over a range of <5 miles  was a boy on a bike with a basket full of tapes.”

A few minutes later, he also pointed to an article – which is “interesting” to say the least!:

A company in South Africa has done a drill to prove they could use pigeons to tranfer data faster than their telecom provider, Telkom!  Read the story here.

Well, not as a universal truth, but under some context – “* conditions apply!” 😉

The article says internet bandwidth is a growing problem in South Africa.

In the drill/experiment/demonstration/drill or what ever you want to call it, an IT company used an 11 month old pigeon to transfer data disc tied to its legs. The pigeon transferred the data across 80 Km (around 50 miles) in 1 hour and eight minutes; including the data download, the tranfer took a little over two hours – which, reportedly was the time taken to transfer around 4% of data over the telkom’s link!

Okay- enough of fun there . The points to ponder from the story, are these:

(more…)

Yesterday I was fortunate enough to witness (quite accidentally) some thing interesting – I landed in the organization for a visit and was stuck in the security gate’s visitor’s room for more than an hour:
One of the renowned IT companies here, was conducting a mock drill – on ‘terrorist attack’.
I have been reading about terrorist mock drills conducted by government agencies, large financial institutions etc. But it was a pleasant surprise (for me) to see IT organizations taking such drills so seriously.

It was really heartening to see active involvement from all authorities like Police and other forces, fire force, medical institutions (actual ones who will be involved in a real situation) with their tools and equipments. Only the terrorists, hostages, casualties and the fireworks/explosions were mock!

The objectives of the drill (as I understood from the way it was conducted and what I could capture from the commentary that was going on for the employees):

  • To create awareness among the employees about:
    •  the Do’s and Don’ts during such an unfortunate incident
    • different activities that go through during such an event
    • different agencies who get involved in such an emergency situation
  • Create confidence in the employee community on the preparedness of the authorities and the relevant agencies involved
  • To provide an opportunity for the ERT members and other stake holders to ‘test and trial-run’ their roles, procedures and communication framework – that will definitely prepare them much better for an emergency situation.

It was a well planned and executed drill and am sure it met most of the objectives (if not all).

While appreciating  all the positives in the planning and execution there, I could not help notice some minor observations which could be of some concern to such organizations who are taking the employee safety and awareness seriously:

Looks like I am in a focused drive of differentiating between confused terms – here is another one that I have been prompted to write about:

How do we differentiate  Assessment and Audit

Add the term ‘gap-analysis’ on to that, you take the confusion further!

As always, let us look at the typical definitions of the terms (all definitions gathered through google search from different sources)?

Audit: a few definitions that will help us differentiate this from ‘Assessment’:

  • ‘Examine carefully for accuracy with the intent of verification’ 
  • ‘A systematic, independent and documented process for obtaining evidence.’

From these definitions, it is clear that ‘audit’ is a verification against some thing – or gathering evidence of adherence/compliance to some thing: That some thing can be a global/regional/local standard, regulatory requirements, financial policies, internal management systems – policies/processes/procedure.

And yes- there are many other definitions that google threw in, which further mixes up the two terms like:

  • “The most general definition of an audit is an evaluation of a person, organization, system, process, project or product. Audits are performed to ascertain the validity and reliability of information, and also provide an assessment of a system’s internal control.”(Source: Wikipedia) – The word assessment here , is just a representation of the usage of these two terms in an overlapping manner.

Now, let us look at Assessment:

  • The act of assessing or an amount (of tax, levy or duty etc) assessed; An appraisal or evaluation
  • Assessment is the process of gathering information to make decisions

 Assessment is NOT verifying some thing against a set standard/policy/process. It is gathering data, quantifying and evaluating those to come up withe a clear understanding on – capability, maturity, quality, value etc of the object (people, process, technology, organization) that is being assessed ; and yes, this understanding helps greatly in decision making and moving forward.

Gap Analysis:

  • a tool enabling an organization to compare its actual performance with its potential performance. At its core are two questions: “Where are we?” and “Where do we want to be?”
  • The difference between what is needed and what is available. The difference between ‘where you are’ and ‘where you want to be’.

a.  Assessment vs Audit:

Some real life examples where there is some amount of in-built clarity between Audit and Assessment: (more…)

Next Page »