So much discussion these days on ITIL, ITSM and all the parts and pieces. Talk with industry colleagues and you hear things like "it is to big and difficult to implement in any organization". What is the benefit? How much will it cost? Will it slow us down to much?
I don't think you need to implement all of it up front, but I do think you need to define your process(s) and overall vision. It is important to show all the input(s) and output(s) of your process. Take for example Change Management, usually a good place to start. Implement Change Management process, but have the hooks embedded up front on how incident, problem, and request management will be an input to Change Management. Once you start to implement Incident or Problem management, the process(s) are ready to interconnect with each other. It is essential not to turn these individual ITSM process(s) into silos, they work together and are input/output to each other. So that overall vision or map is essential.
The other side of the coin, when you start looking for a tool to support your process, the tool should align to your overall vision, not just one process. Buying a tool for just Change Management would be a mistake, you need to buy a tool that can do all the process(s) in your total vision or map. Don't need to turn these on in the tool or pay for them day 1, add them as you go, but make sure it will deliver long term the modules you need.
It is also important your organization structure will support your ITSM goals. Having an overall ITSM manager will not only help with implementation, process alignment, but organizational adoption. Approaching this as a part time job or "when you have time" always leads to failure. It will take back seat to many other priorities. It will be important to have organizational alignment to promote success of these efforts.
I believe ITSM efforts are worth it, and it is hard to implement, but not impossible. With a good process, organizational support, and good tools, it can bring great benefit to your organization.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
Wednesday, February 29, 2012
Tuesday, February 14, 2012
Forgotten Front?
The corporate enterprise has a great deal of applications, systems, and data to maintain each day. To help maintain those assets, they bring performance management and capacity planning management in as a best practice and means of delivering a positive IT experience to the organization. The new tools of today tell more than just what is up and what is down, but degradation of service, API calls, and the list goes on. All good stuff.
There are a great deal of websites in our organization today. These websites are migrating from static pages to actual web based applications. Websites have always been that one off for most infrastructure teams, and they sure don't do much monitoring. Is it the forgotten front? The devices that use web sure are exploding, and there is big push from marketing and the business for a bigger, more advance web presence, so are we ready?
There are a few great tools out there to help monitor your web environment, like Gomaz, and OpNet. These 2 tools together can cover your entire environment and help you deliver a consistent positive experience. One of the problems I find is that we monitor but we don't take action of the results of the monitoring. No actionable items come out of the monitoring and that is a missed opportunity. If you are going to go through the effort and expense of monitoring your websites - and you are getting alerts to issues, make them actionable items. I recommend taking these alerts to Service Now and turn them into incident tickets, actionable items and get them resolved. Using a tool like Service Now gives you exposure to the issues, trending, problem management and integration to change management. Yes, change management for your web environment. This is not a static environment anymore, but quickly becoming an application environment. This environment needs standards, process, controls and some best practice.
One last recommendation, don't let your website development firm dictate or drive your web environment, infrastructure or process(s). They are interested in their 1 site they just developed and you paid significant money for. You are the holder of the big picture for the organization and you need to be the owner of your environment.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
There are a great deal of websites in our organization today. These websites are migrating from static pages to actual web based applications. Websites have always been that one off for most infrastructure teams, and they sure don't do much monitoring. Is it the forgotten front? The devices that use web sure are exploding, and there is big push from marketing and the business for a bigger, more advance web presence, so are we ready?
There are a few great tools out there to help monitor your web environment, like Gomaz, and OpNet. These 2 tools together can cover your entire environment and help you deliver a consistent positive experience. One of the problems I find is that we monitor but we don't take action of the results of the monitoring. No actionable items come out of the monitoring and that is a missed opportunity. If you are going to go through the effort and expense of monitoring your websites - and you are getting alerts to issues, make them actionable items. I recommend taking these alerts to Service Now and turn them into incident tickets, actionable items and get them resolved. Using a tool like Service Now gives you exposure to the issues, trending, problem management and integration to change management. Yes, change management for your web environment. This is not a static environment anymore, but quickly becoming an application environment. This environment needs standards, process, controls and some best practice.
One last recommendation, don't let your website development firm dictate or drive your web environment, infrastructure or process(s). They are interested in their 1 site they just developed and you paid significant money for. You are the holder of the big picture for the organization and you need to be the owner of your environment.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Friday, February 3, 2012
Cyber Security - Corporate America
I am attending a Cyber Security meeting with Homeland Security this Saturday. I continue to be active with their Cyber Security Unit. As attacks on corporate networks continue to escalate, we are seeing more and more instances of very sophisticated intrusions. The recent discovery of the breach of the U.S. Chamber of Commerce illustrates that these types of attacks will continue to progress in both their frequency and sophistication.
It is being reported that the U.S. Chamber might not have been the ultimate target but instead was potentially being used as a gateway to the networks of its members. What are you doing to protect your networks? What are your trusted business partners doing? Do you have a plan?
Corporate America has not always taken security serious. From healthcare to manufacturing - we have a security team on paper, but what about actions? They do provisioning, but what about monitoring, safeguards, and lock downs. Most corporations can't afford a large team of experts - but then hire it out as a service. Stop saying we have security and get security. It is ok to say no to employees, it is ok to take the best interest of the corporation into consideration. Do employees really need to get to web base email? Unsecure networks?
Cyber Attacks from foreign sources will increase. Not only do we need to be ready, but a plan that is tested, detailed and ready to respond to an attack. The infrastructure of our country is dependent on all users of the internet to take this serious. Corporate America - time to step up to the plate and take this serious, not next year, not tomorrow - TODAY.
Security is everyone's responsibility.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
It is being reported that the U.S. Chamber might not have been the ultimate target but instead was potentially being used as a gateway to the networks of its members. What are you doing to protect your networks? What are your trusted business partners doing? Do you have a plan?
Corporate America has not always taken security serious. From healthcare to manufacturing - we have a security team on paper, but what about actions? They do provisioning, but what about monitoring, safeguards, and lock downs. Most corporations can't afford a large team of experts - but then hire it out as a service. Stop saying we have security and get security. It is ok to say no to employees, it is ok to take the best interest of the corporation into consideration. Do employees really need to get to web base email? Unsecure networks?
Cyber Attacks from foreign sources will increase. Not only do we need to be ready, but a plan that is tested, detailed and ready to respond to an attack. The infrastructure of our country is dependent on all users of the internet to take this serious. Corporate America - time to step up to the plate and take this serious, not next year, not tomorrow - TODAY.
Security is everyone's responsibility.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Thursday, February 2, 2012
SaaS Shopping Spree
I find it interesting reading articles, listening to webcast presentations from CEO's on how wonderful Software as a Service has really become. I ask myself - really? Do you find them out of touch as much as I do? Perhaps they are just listening to the SaaS salesman.
Software as a Service does have some value, don't get me wrong, there are some great solutions out there. Salesforce.com, Service Now, and the list goes on. So what is the problem you ask? Glad you ask, because in reality, there is a disconnect in the organization.
I have found many organizational users frustrated with IT because their support, service and attitude has gone down hill. Really? The business went and purchased a SaaS solution to meet a business need. IT is not involved, but also does not have the ability or capability to support this solution. The SaaS solution is a cloud based solution, that means servers, storage, user accounts, application support - all done by the SaaS partner. So when the user calls the service desk saying they are having issues with their application, and the service desk has to ask them to call the SaaS provider - there is the rub. Right? The user does not want a list of 30 SaaS provider help desk numbers to call, we have trained them for years to call 1 extension number for the service desk. Now IT says we can not help them, call someone else.
In addition, I hear many times over, the finger pointing starts. The SaaS says it is the network, the IT Team says it is the SaaS, and the list goes on. The user is caught in the middle, and they don't know if it is the application, the network, their desktop, or even how they are trying to use it. Now the frustration has hit the users of the organization.
Time for some process evaluation and how the organization is going to come back together, work together and solve these new challenges. Put a stop to the SaaS shopping spree and get some process in place on how as an organization you are going to support these new applications, how will they integrate into the environment, and remain secure. Many of these application need data from other sources internal to the organization or will provide data to other systems internal. That upstream and downstream integration into your data flows is key. In addition, figure out user provisioning, data leak prevention, and most important - user interaction. Help the users, if you can't answer the question, have a integrated service desk incident management system with your provider to open tickets on behalf of the user.
There are many organizational benefits to having great applications, including SaaS offerings. It is equally important to have these offerings integrated into the organziation as to minimize the impact to your user community. There is no room in today's tough business climate to have walls internal to the organization.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Software as a Service does have some value, don't get me wrong, there are some great solutions out there. Salesforce.com, Service Now, and the list goes on. So what is the problem you ask? Glad you ask, because in reality, there is a disconnect in the organization.
I have found many organizational users frustrated with IT because their support, service and attitude has gone down hill. Really? The business went and purchased a SaaS solution to meet a business need. IT is not involved, but also does not have the ability or capability to support this solution. The SaaS solution is a cloud based solution, that means servers, storage, user accounts, application support - all done by the SaaS partner. So when the user calls the service desk saying they are having issues with their application, and the service desk has to ask them to call the SaaS provider - there is the rub. Right? The user does not want a list of 30 SaaS provider help desk numbers to call, we have trained them for years to call 1 extension number for the service desk. Now IT says we can not help them, call someone else.
In addition, I hear many times over, the finger pointing starts. The SaaS says it is the network, the IT Team says it is the SaaS, and the list goes on. The user is caught in the middle, and they don't know if it is the application, the network, their desktop, or even how they are trying to use it. Now the frustration has hit the users of the organization.
Time for some process evaluation and how the organization is going to come back together, work together and solve these new challenges. Put a stop to the SaaS shopping spree and get some process in place on how as an organization you are going to support these new applications, how will they integrate into the environment, and remain secure. Many of these application need data from other sources internal to the organization or will provide data to other systems internal. That upstream and downstream integration into your data flows is key. In addition, figure out user provisioning, data leak prevention, and most important - user interaction. Help the users, if you can't answer the question, have a integrated service desk incident management system with your provider to open tickets on behalf of the user.
There are many organizational benefits to having great applications, including SaaS offerings. It is equally important to have these offerings integrated into the organziation as to minimize the impact to your user community. There is no room in today's tough business climate to have walls internal to the organization.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Wednesday, February 1, 2012
Architecture in IT - Best Deal?
IT organizations struggling to keep up with technology changes, business changes, and expectations have taken a step back to say "What can we do different? " You see, the struggle is to have your staff deal with day to day operations, yet keep up with all these other forces - not to mention project work.
That is where many CIO's have split IT Operations into different focus teams, and that my friend is where Architecture comes into the organization. Let the IT Delivery Team focus on Operations, and let the Architecture Team focus on new technology, business capability demands, and excellence. There is a 3rd leg to this IT stool - and that is Security. Security should not be part of operations, nor should it be part of Architecture. The Director of Security in most organizations should report direct to the CIO. Now, before anyone is jumping off their chair, there are organizational needs that would dictate the Security Team reports up through Audit, Legal or CFO. It would be a organizational need or regulatory requirement. In most organizations, the CIO can oversee the Security Team.
So, in my opinion the Architecture team is a great deal, and brings strategy, direction, and alignment to the business for the IT Organization. Having your delivery team focused on Operational Excellence is a great deal as well. It will be equally important that the management leaders from these 2 teams stay connected, engaged and meeting on a regular basis. To many times I have seen them start to pull apart and go in different directions, down to where the delivery team starts to hire their own architecture staff. This can't turn into 2 different IT departments, it is 1 department with 2 focused teams. The CTO or CIO will need to ensure they work together and have regular meetings. In some organizations, this turns into staff career paths and opportunities to grow. Which is a good thing all the way around.
I have a few request to talk about the financial impacts of these organizational changes. I will do that soon. Till then -
Keep it positive!
Scott Arnett
scott.arnett@charter.net
That is where many CIO's have split IT Operations into different focus teams, and that my friend is where Architecture comes into the organization. Let the IT Delivery Team focus on Operations, and let the Architecture Team focus on new technology, business capability demands, and excellence. There is a 3rd leg to this IT stool - and that is Security. Security should not be part of operations, nor should it be part of Architecture. The Director of Security in most organizations should report direct to the CIO. Now, before anyone is jumping off their chair, there are organizational needs that would dictate the Security Team reports up through Audit, Legal or CFO. It would be a organizational need or regulatory requirement. In most organizations, the CIO can oversee the Security Team.
So, in my opinion the Architecture team is a great deal, and brings strategy, direction, and alignment to the business for the IT Organization. Having your delivery team focused on Operational Excellence is a great deal as well. It will be equally important that the management leaders from these 2 teams stay connected, engaged and meeting on a regular basis. To many times I have seen them start to pull apart and go in different directions, down to where the delivery team starts to hire their own architecture staff. This can't turn into 2 different IT departments, it is 1 department with 2 focused teams. The CTO or CIO will need to ensure they work together and have regular meetings. In some organizations, this turns into staff career paths and opportunities to grow. Which is a good thing all the way around.
I have a few request to talk about the financial impacts of these organizational changes. I will do that soon. Till then -
Keep it positive!
Scott Arnett
scott.arnett@charter.net
Subscribe to:
Posts (Atom)