Inspiration for the modern business Volume 2 : Issue 2 : November / December 2008
Getting ahead in the clouds
Security beyond the network perimeter
With service management
Cheaper & greener Time to ditch the office?
Feature focus: Service Catalog â€” ready for the off. 42-45
Supportworks ITSM puts people at the core of ITIL
Service Management with The Human Touch Supportworks ITSM puts the customer at the heart of ITIL adoption, so people can implement processes to improve service quality in line with the way the business wants to work.
Read our latest ITIL whitepaper: â€œService Management with the Human Touch Embracing the ethos of customer focussed serviceâ€? visit www.hornbill.com/humantouch for your copy
Employee Support Solutions Business Support Solutions
Customer Support Solutions
Industry Focused Solutions
Tel: +44 (0) 208 582 8222
Fax: +44 (0) 208 582 8288
Bring me your weird and wonderful terms LEADER C
ruft. I’m told (by Wikipedia) this is computer jargon for something (especially code) that is obsolete, redundant, over-complex, incomprehensible, or superfluous. It can also be used to describe the unused and out of date hardware and computing paraphernalia that is collected by ‘geeks’, either through upgrading, inheritance or simple acquisition, both deliberate and through circumstance. In future I shall be trying to use the terms as often as possible, although not in connection to any of the companies that appear in VitAL I hope. Anyway, I would be grateful if readers could let me know of any other ‘exotic’ terms, like cruft, which may be of interest. Cloud computing is another term — more widespread and less exotic perhaps — that has piqued my interest lately. One of our contributors this month makes the bold claim that the two things 2008 will be remembered for are the credit crunch and the rise of cloud computing. With the migration of large amounts of information and software to the ‘cloud’, security becomes of paramount importance and we address the issue inside. Another issue tackled inside is virtualisation. I was at the recent VM08 trade show at Earls Court and was impressed by the level of activity at the exhibition and its sister show IP08. A busy show can be a bellweather of the general health of an industry and if so, sections of the IT industry at least seem to be shrugging off the general economic malaise. And amid the continuing general economic gloom and with the outcome of the US elections still undecided (at the time of going to press there is one week left), we look forward to the dependability of an informative and successful 17th itSMF Annual Conference and Exhibition at the NEC Hilton Metrolpole on November 10. There is a full preview of the event starting on page 55 featuring an interview with itSMF chief executive Keith Aldis and company profiles. I shall be at the conference absorbing information for all I’m worth and shall be reporting back in the next cruft-free issue of VitAL.
If you have any thoughts, feedback, or suggestions on how we can improve VitAL Magazine, please feel free to email me email@example.com
November / December 2008 : VitAL
Contents Inspiration for the modern business
7 VitAL News The VitAL Cover Story
14 Getting ahead in the clouds Gary Marsden
24 Securing virtualised data centres
Ryan Malone The security of virtualised data centres is a major concern. Are there ways to secure virtual machines that don’t sacrifice the operational efficiencies provided by server virtualisation?
28 A cloudy future Nigel Hawthorne
Editor Matthew Bailey firstname.lastname@example.org Tel: +44 (0)1293 934464 Advertising Sales Ian Trevett email@example.com Tel: +44 (0)1293 934463 Production & Design Dean Cook firstname.lastname@example.org Editorial & Advertising Enquiries 31 Media, Crawley Business Centre, Stephenson Way, Crawley, West Sussex, RH10 1TN Tel: +44 (0) 870 863 6930 Fax: +44 (0) 870 085 8837 Email: email@example.com Web: www.vital-mag.net Printed by Pensord, Tram Road, Pontllanfraith, Blackwood. NP12 2YA © 2008 31 Media Limited. All rights reserved. VitAL Magazine is edited, designed, and published by 31 Media Limited. No part of VitAL Magazine may be reproduced, transmitted, stored electronically, distributed, or copied, in whole or part without the prior written consent of the publisher. A reprint service is available. Opinions expressed in this journal do not necessarily reflect those of the editor or VitAL Magazine or its publisher, 31 Media Limited. ISSN 1755-6465
VitAL Magazine, Proud to be the UKCMG’s Official Publication ITIL® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office.
Cloud computing and how to overcome the security issues raised by users accessing applications and data from beyond the traditional network perimeter.
VitAL Signs – life in a world with IT
17 Eric Bristow need not apply
Steve White This month car troubles give Steve cause to think about customer service.
18 Trade secrets Pieter Coetzee, CIO for the UK & Ireland dairy and water businesses of multi-national foods brand Danone tells us what lies behind his success in the IT industry.
20 United we stand
Gene Reynolds Understanding the costs and benefits of convergence has never been more important when more and more SMEs are choosing to integrate their voice and data networks.
Companies benefitting from cloud computing need to adopt a real-time security service that addresses latency and effectively protects them from malicious threats such as malware, trojans, botnets and phishing attacks.
30 Cutting costs with service management
Peter Wheatcroft There has never been a more compelling reason to adopt the best service management practices than having to make the most of lean IT budgets.
32 Security at the flick of a switch
Hugo Harber Addressing the challenges facing SMEs that need to manage data security cost effectively and the case for outsourcing.
Subscribing to VitAL Magazine VitAL Magazine is published six times per year for directors, department heads, and managers who are looking to improve the impact that IT implementation has on their customers and business. Subscription Rates: UK £30.00 per year, Rest of the World £60.00 per year Please direct all subscription enquiries to: firstname.lastname@example.org
November / December 2008 : VitAL
/FXT 7JFXT 4USBUFHZ .BOBHFNFOU $BTFTUVEJFTBOE0QJOJPO1JFDFT 9%3)AMINTHE5+AND)WOULDLIKETORECEIVEA.0/5)46#4$3*15*0/SIXISSUES TO7JU"--AGAZINEATACOSTOFa 9%3)AM/VERSEASAND)WOULDLIKETORECEIVEA.0/5)46#4$3*15*0/SIXISSUES TO7JU"--AGAZINEATACOSTOFa )ENCLOSEACHEQUEFOR
0LEASEINVOICEMYCOMPANYFOR 0URCHASE/RDER.UMBER 4ITLE *OB4ITLE
*GZPVIBWFOPUBMSFBEZTVCTDSJCFEUIFOWJTJUXXXWJUBMNBHOFUUPEPXOMPBEBTVCTDSJQUJPO GPSNPSTJNQMZDPNQMFUFUIFGPSNCFMPXBOEGBYUP PSQPTUUP.FEJB $SBXMFZ #VTJOFTT$FOUSF 4UFQIFOTPO8BZ $SBXMFZ 8FTU4VTTFY 3)5/*GZPVBMSFBEZTVCTDSJCFUIFOXIZOPU -EDIAWILLKEEPYOUUPTODATEWITHOUROWNPRODUCTSANDOFFERSINCLUDING6IT!,-AGAZINE)FYOUDONOTWISHTORECEIVETHISINFORMATIONPLEASEWRITETOTHE#IRCULATION-ANAGERATTHEADDRESSGIVEN QBTTUIJTGPSNUPBOZDPMMFBHVFTZPVGFFMXPVMECFOFm UGSPNSFDFJWJOHUIFJSPXODPQZPG7JU"-.BHB[JOF 0LEASETICKHEREâ– IFYOUDONOTWISHTORECEIVERELEVANTBUSINESSINFORMATIONFROMOTHERCAREFULLYSELECTEDCOMPANIES
Contents VitAL Qualifications
36 Setting the standards
42 Service Catalog — ready for the off
Assumpta Venkata IT professionals and business managers are at last learning to speak the same language with the help of the IT Service Catalog.
55 itSMF Preview – Driving real value
47 The ITIL adoption report
VitAL talks to Peter Bayley, director of qualification products at BCS, the leading professional body for those working in IT, about how the transition from ITIL v2 to v3 has impacted the delivery of qualifications.
The itSMF UK Annual Conference and Exhibition will soon be upon us, the three-day event takes place from the 10-12th November at the Hilton Metropole in Birmingham. Here we find out what to expect at this major ITSM event.
38 Get rid of the office!
56 Leading the IT world
As important as environmental sustainability are economic and social sustainability, but doing away with the office altogether ticks all three boxes.
40 The lean green virtualised environment
Adam Grummitt Assessing the greening effect of virtualisation and its financial benefits in the face of the oncoming economic downturn.
With the aim of producing a true picture of the uptake of ITIL, Sunrise has carried out a major survey gathering the views of 350 senior IT decision makers.
On the eve of the itSMF’s 17th Annual Conference and Exhibition VitAL speaks to Keith Aldis, CEO of itSMF.
58 itSMF Company Profiles
The secret of my success
A major player in the field of IT service management, Hornbill says it has a philosophy of doing business with a human touch. VitAL speaks to Patrick Bolger the company’s chief marketing officer.
In the first of a new series looking for the inspiration behind key movers and shakers in the IT industry, Alastair Mackenzie of IT service management specialists Firescope Europe shares the secrets of his success.
50 The human touch
64 The Secret of My Success
November / December 2008 : VitAL
In today’s highly connected world, good customer support is just not enough; and one customer experience has the power to affect many others. Service organizations need to transform from traditional customer support to customer service and from cost centers to profit centers.
S E R V I C E VA L U E M A N A G E M E N T
Customer Service as a Profit Center SM
Ser vice Value Management (SVM SM ) is about more than providing your customers with high-quality and world-class suppor t; it’s about transforming the customer experience. At Kepner-Tregoe (KT), we take a holistic, systematic approach to creating business value by making ser vice a direct, profound driver of revenue and profit. We understand the complexity of consistently delivering high-quality, world-class service and support. With so many factors affecting Customer Lifetime Value (CLV), our Service Value Management model focuses on the six key drivers that contribute most to CLV: Strategy and Culture, Monitor and Control, Service Processes, People, Tools, and Organization.
THE S VM M O D E L
W H AT IS CU S TOM ER L IFET IM E VALUE?
Service Processes Performance, Stability, Efficiency
If you had to put a single dollar value on a customer, what would that be? That dollar value is Customer Lifetime Value (CLV), the present value of all future cash flows attributed directly to your relationship with that customer. Focusing on CLV allows you to make decisions that align your service organization with your company’s strategy and achieve your targeted bottomline results.
People Development, Leverage, Leadership
This model brings clarity to improvement efforts by providing a logical framework for identifying the actions that can most influence CLV. Strategy & Culture Vision, Competitive Advantage, Segmentation Monitor & Control KPIs, SLAs, Dashboards
Tools Selection, Alignment, Knowledge Organization Structure, Motivation, Sustainability
R A P I D R E S U L T S . L A S T I N G VA L U E .
F O R M O R E I N F O R M A T I O N , V I S I T: W W W . K E P N E R - T R E G O E . C O M / S E R V I C E VA L U E /
VitAL launches Focus Groups 31 Media, the publisher of VitAL Magazine, has launched a series of Focus Groups that it says brings together, for the first time, senior decision makers and key market suppliers for a series of well thought-out debates focussed on IT service management. “In our role as information provider we spend a lot of time speaking and listening to our customers and then seeking out innovative ways to meet their needs,” comments event organiser Grant Farrell. “It has become apparent that senior decision makers wish to discuss their current challenges in a meaningful and structured manner with a view to finding pragmatic and workable solutions to what are invariably complex issues. Suppliers, who are naturally keen to meet these professionals want to gain a clearer understanding of these challenges and identify how, through meaningful dialogue, they can assist. This logic coupled with VitAL Magazine’s consistent desire to drive the market forward has prompted us to launch the VitAL Focus Groups for 2009.” The event, which is complementary to managers, heads of department and directors in the IT industry, will run from 8.30am – 4.30pm on Tuesday 29th September 2009 at the Park Inn Hotel, Heathrow. There will be ten syndicate sessions running simultaneously three times through the course of the day providing unparalleled access in to the minds of influential professionals; while at the same time allowing each host to demonstrate their skills, experience, and expertise. In addition to the debates there is also a mini-exhibition that can be viewed during refreshment and lunch breaks allowing access to the latest products and services from some of the industry’s leading suppliers. For further information see page 9 or the website. www.vitalfocusgroups.com
Boeing selects Service Catalog software for ITIL v3
Leading aerospace company business partners. Boeing has announced that it is to deploy the newScale FrontOffice Suite to support its enterprise service management initiative. The Service Catalog will consist of centralised and standardised services for the Boeing workforce of more than 160,000 employees worldwide. This front office solution enables service teams across the enterprise to define and manage their service offerings based on the needs of their internal
“The modern IT organisation will define itself into front office and back office functions,” says Peter O’Neill, principal analyst at Forrester Research. “The front office will be responsible for interacting with the business: understanding demand for new projects and service requests, translating business needs into the portfolio of IT services, as well as managing the service levels and budgets for those services. The
back office will be responsible for the day-to-day operations of the IT infrastructure.” Boeing has chosen to implement the entire suite of applications including PortfolioCenter, DemandCenter, and RequestCenter software. While the Service Integration Hub offers the flexibility to integrate with any enterprise application or system – offering faster, easier, and more costeffective integration with highly scalable and proven Service
Catalog solutions that comply with ITIL v3 requirements. “Industry experts estimate that the Service Catalog is the focus of sixty percent of new ITIL projects,” said Scott Hammond, president and CEO of newScale. “This trend is driving tremendous growth in the Service Catalog and Service Portfolio Management market, as more and more companies adopt a business-centric and customerfocused approach to running their IT operations.”
November / December 2008 : VitAL
Mounting Death of the workloads ‘King of Spam’ mean IT professionals struggle to maximise ITSM investment The former King of Spam,
A study has revealed that service desk professionals are struggling to focus on consistently improving service delivery and optimise their ITSM investments. This is largely due to growing pressures and new responsibilities arising from increasingly complex technolog y environments according to the study. The results show that, despite 97 percent of respondents believing that ITIL would help to continuously and proactively improve service delivery in their organisations, the majority struggle to find the capacity to do so. Over half (55 percent) only sporadically update their service catalogue and almost a quarter (23 percent) said they never do. In addition, more than half (59 percent) do not believe that their current IT systems, services and processes create the value expected from the business. The research highlights a tendency amongst companies to deploy an ITSM solution but then struggle to upgrade their service catalogue regularly because of a growing number of other priorities such as green technology and server virtualisation. 94 percent of IT professionals say that they are involved in the strategic decisions and developments of the business and three quarters say that they can link their service management processes with business strategies. However, an overwhelming 80 percent are unable to provide the business with quantifiable metrics about the value of IT services and
underlying assets in real-time. The study also reveals that improving IT delivery is a top priority for respondents as 61 percent said reduction of rework leading to higher quality of services was one of their organisation’s main concerns. Those sur veyed selected satisfaction of organisational needs (69 percent) and having the appropriate measurement and metrics in place (45 percent) as important for their company. This highlights that service desks place significant value on having an ongoing service improvement programme with accurate metrics in place, but struggle to find the time necessary to continuously improve existing processes. “Although IT professionals are aware of the benefits of ITIL to their organisation and have the opportunity to add real value to the business, they struggle to optimise existing ITSM investments because they are pulled in multiple directions,” comments Tasos Symeonides, CEO ofAxios Systems who commissioned the study. “To get the most return from a service delivery programme, companies need to consider their people as well as the technology if they want to ease the burden on their IT service desks. We are working with an ever-increasing number of companies who don’t want a one-off deployment, but want us to partner with them longterm and offer the right support throughout the whole ITSM lifecycle.”
VitAL : November / December 2008
the most talked about and studied botnet ever, has stopped producing spam according to security experts from Marshal’s TRACE Team. Spam originating from the Storm botnet has been dwindling for months and finally ceased altogether in September. It first came to prominence in January 2007 when the botnet’s creators spammed fake news headlines to entice web users into clicking on links that infected the user’s PC with malware. One of the earliest such campaigns used a headline describing lethal storms in Europe, which led to the botnet receiving its now notorious name. The tactic of using spam to spread malware on a mass scale was unprecedented at the time. The practice became known as ‘Malicious Spam’ to security researchers who began documenting Storm’s trail of destruction. The botnet’s creators developed new, constantly evolving malicious spam campaigns over the following months in their attempt to stay ahead of anti-spam vendors and to infect as many computers as possible. “Storm was one of the first botnets to use these tactics on a mass scale,” said lead threat analyst Phil Hay. “A distinct possibility is that the creators of Storm have abandoned it in favour of a newer botnet that they have created. If they have, it is possibly one of the top spam botnets that we continue to track. It seems unlikely that Storm’s creators simply gave up and went home.”
Business process management expert hired
leading provider of service management software ICCM has announced that David Elliott has joined the company as divisional director. An expert in the field of business processes and enterprise architecture, Elliott is responsible for supporting ICCM’s new and existing customer base with the delivery of their IT service desk solution. His main objective is to meet customer expectations and help them realise the true potential of ICCM’s Service Management tool within the whole organisation. “We are very excited about having David join ICCM. His specialised training and realm of experience in advising organisations on business process improvements and cost saving opportunities across all industries will compliment our offering of a complete service management package”, says company director James Gay.
'0$64 0/:063 */%6453: "POFEBZFWFOUGPSTFOJPSMFWFMQSPGFTTJPOBMTUPEJTDVTT EFCBUF BOESFTPMWFUIFJSNPTUQSFTTJOHDIBMMFOHFTUISPVHI BTFSJFTPGQSFBSSBOHFE'PDVT(SPVQT
UI4FQUFNCFS 1BSL*OO)PUFM )FBUISPX s$EBATE3ESSIONS s0EER4O0EER.ETWORKING s$ISCUSS)NDUSTRY7IDE)SSUES s-INI%XHIBITION s&REE!TTENDANCE
$POUBDU(SBOU'BSSFMMPO &NBJMHSBOUGBSSFMM!NFEJBDPVL 4ELEPHONE &ACSIMILE %MAILJOGP!WJUBMGPDVTHSPVQTDPN7EBSITEXXXWJUBMGPDVTHSPVQTDPN
4HE6IT!,&OCUS'ROUPSAREOPENTOALLINDIVIDUALSWITHINTHE)4INDUSTRYALTHOUGHEIGHTYCOMPLIMENTARYPLACESAREOFFEREDTO-ANAGERS (EADS $IRECTORS AND#)/S ONAFIRSTCOMEFIRSTSERVEDBASIS4ERMSAND#ONDITIONSAPPLY
when you’re having to
at every investment you need a world-class IT Service Management Solution in your corner. One that provides end-to-end visibility and control of your IT Services and related infrastructure. Spanning the Service Desk to the server. Powered by a Federated Service Management CMDB at its core. You need IT Service Management made simple. The EMC Infra way. Put yourself in a winning position with the EMC Infra Service Desk. For rapid deployment and intelligent integration with existing IT infrastructure, faster ITIL implementation with process automation and cost-effective compliance, it’s the solution you’ve been looking for.
FREE WHITEPAPER Achieving Best Practice with Service Desk Automation
Build your business case:
Visit www.infra.co.uk to access COMPLIMENTARY WHITEPAPERS, industry reports and technology audits to plan your ‘service – centric’ strategy today.
This paper examines the role of automated processes in the delivery of IT Service Management efﬁciency and best practice compliance. Service Desk Automation is the use of software tools to automate ITIL processes within an organization and remove the burden of compliance from staff and management. This paper argues strongly for an automation approach as it brings many beneﬁts to an organization.
For more information please visit: www.infra.co.uk
For more information please telephone: +44 (0) 1 483 213 200
Automated application discovery comes to the service desk New levels of integration between two core IT management offerings are what is offered a new offering from EMC. Leveraging heightened integration between the company’s Smarts Application Discovery Manager (ADM) and its EMC Infra, customers can now apply automated application discovery to support dependency-driven change management, impact analysis, and configuration management database (CMDB) population. “IT departments across the globe are fast approaching a breaking point as they attempt to manage their ever-expanding universe of businesscritical information,” said Chris Gahagan, senior vice president, resource management software. “To truly see it all, manage it all, and get the most of their IT investments - companies require a clear line-of-sight across their IT infrastructures and how they relate to the services they deliver.” Smarts ADM provides continuous automated discovery and dependency mapping of the oftenchanging relationships that exist between IT applications, databases, their hosts and configurations, and the underlying information infrastructure – as well as the network protocols on which these systems rely.
The continuing issue of lost data It seems to problems associated with lost and stolen data are not going away any time soon. Every month brings a new spate of data gaffes. It emerged in September that the personal details, including names date of births and release dates of 84,000 prisoners in England and Wales were lost by a contractor for a private firm working on behalf of the Home Office. The data was held on a USB stick which also held the details of 10,000 prolific offenders and a further 33,000 records from the police national computer. All the data was apparently unencrypted. This latest scandal is an example of what happens when organisations fail to adequately enforce policy or implement sufficient security measures. The security errors made were allowing information to be stored on an insecure device without sufficient levels of protection and failing to put in place a policy which could track the data and how it was being accessed. Technological measures such as
endpoint security software offers policy-based control for portable storage devices and ports including USB ports, CD-ROMs, storage devices, MP3 players, as well as granular access control, auditing and shadowing of files and other sensitive data copied between PCs and Windows mobile-based devices. This ensures that no information can be removed or copied from the corporate system without permission. Rather than disable the port completely, it can offer a layer of management, so
that the IT department can change settings as appropriate from a central location making the solution completely flexible. For example organisations can centrally and granularly define which types of data specified individuals or groups are allowed to download on to a mobile device. This added layer of protection prevents employees from using their corporate and personal computing resources to extract valued information beyond the scope of their jobs and outside the guidelines of IT security.
If you go down to the woods New Forest District Council has selected House-on-theHill’s SupportDesk as its new ICT Service Desk solution. “We needed a flexible tool which would help us deliver our ITIL service management processes,” said service level manager Fiona Hughes. “We also needed something to manage complex procurement and asset management processes as well as helping us ensure continued licensing compliance. SupportDesk has a simple look and feel which we liked as soon as we saw it, while at the same time it was the only tool that could fulfil some of our more complex requirements. We also found its reporting facilities were
superior to other products.” Last year the Hampshire council moved from a call logging-only help desk to an ITIL-compliant service desk which supports some 1,100 ICT users working over 17 sites and from home. “Benefits should include improved management information and reports so we can ensure we are meeting our
targets,” added Hughes. “The service desk is the key part of our ICT service and we need to have the right data immediately available to the right members of our team to deliver a more efficient service to customers. We hope that implementing this software will help us achieve our goal of closing 60% of all calls at the first point of contact.”
November / December 2008 : VitAL
Managing data centre complexity is the way to improve IT efficiency Results of an independent survey manufacturing, high technology, retail, said Ben Grimes, CTO at Avocent who have showed that companies are seeking better visibility into their data centre operations to help mitigate business continuity challenges, better manage virtualised systems and applications, and control power consumption and overall complexity. The survey was conducted in spring 2008 by Actionable Research, and polled 299 executives and IT managers in
banking, healthcare, education and government, asking them what they found to be the top challenges in aligning IT with business objectives. “Our survey confirms that businesses are indeed challenged most by the need to effectively manage the increased complexity in today’s data centres, while at the same time keeping networks running smoothly, and power consumption costs down,”
commissioned the survey. “The findings further tell us that many administrators lack the tools they need to properly manage power usage in data centres – only 55 percent say they can monitor power usage today, and even then it’s mostly at the UPS level. These statistics show there’s a huge opportunity to improve overall data centre management and a strong desire to implement ‘Green IT’ solutions.”
What kind of colleague are you?
Are you a Bully or a Goth? Do you shout at everyone until something gets done or are you afraid to even ask? Given that most offices can sometimes feel like a playground, with many different characters walled in to the same small space, A survey by Sunrise Software has identified the four types of user causing the biggest problems for IT support: The School Bully: Regardless of their level of seniority in the company, the bully terrifies most of his colleagues — including the IT service desk. The Bully is most at home in those businesses where the employee who shouts loudest gets the most attention. However, the Bully is also one of the laziest users — preferring to bask in his own glory rather than actually do any work. As a result, no job is too small to delegate to IT, and the Bully’s tipping point comes early — he doesn’t hesitate to ask for help changing the toner, cleaning the telephone or plugging in a new mouse. Hockey Captain: The Hockey Captain is dangerous because she hunts in packs, always surrounded by her clique — safety in numbers is the key here. Thinking nothing of asking colleagues and friends for help with IT issues, the Hockey Captain resents authority — causing nightmares when she finally presents a problem to the service desk that has been exacerbated by several amateur enthusiasts having a bash at the repair job first.
Top IT recruiter revealed
Scottish firm Enigma
Geek: Unlike the Bully, the Geek prefers to work alone. The Geek is shy, and petrified of making herself known to colleagues for fear of being hunted down and laughed at. The Geek is a proud IT buff by nature, although in reality this knowledge is based mostly on the GCSE in Computer Science she passed in 1989. As a result, the Geek will always try to fix problems herself before she hits her tipping point and asks anyone for help, least of all IT. Consequently, a problem that would have taken five minutes to fix when it first occurred will take a lot of time and money to put right after the Geek has made it much worse. Goth: The Goth delights in being one of a kind in the office — image is everything for this user in the office playground. The Goth likes to make everything his own — which includes customising work computers to an extreme. The Goth will unwittingly cause havoc downloading virus-ridden wallpaper from slightly freaky
VitAL : November / December 2008
websites, and will only think about asking for help when he finds all his email contacts have been spammed because he clicked on the URL in an email promising photos of Marilyn Manson. “It’s useful for IT to identify the types of users they can expect — each works very differently, and each presents his or her own problems,” said Tom Weston, executive chairman at Sunrise. “While some users will call for help at the first sign of the delay timer, others will wait until they’ve lost all their emails. Worse still, some make things considerably worse by trying to fix the problems themselves. IT service management professionals need to understand where the ‘tipping point’ which makes users call for help, is in order to pre-empt the problem. Experienced ITSM professionals can tell a Goth from a Geek from a mile off. The ubiquity of these stereotypes makes you wonder if any of us have every truly grown up.”
People Solutions has been voted the UK’s top IT recruitment consultancy. The company, which has offices in Edinburgh and Glasgow, captured the honour at the Recruitment Business Awards held at Manchester’s Hilton Hotel. Enigma is a specialist search and selection firm whose core business involves recruiting for innovative sof tware engineering, electronic engineering and creative design companies as well as IT consultancies. “ It’s a tremendous achievement, especially for such a young and relatively small agency,” director Ben Hanley said. “We were up against some of the biggest consultancies in the country.” The award was accepted by the firm’s special skills consultant, Steve Lorriman, who specialises in recruiting for creative and media clients and was the key member of staff involved in a client project summarised as part of Enigma’s entry submission. “It highlights the fact that we employ and develop very talented staff,” he said.
UKCMG EuroTEC 2009
Training Education Conference with Exhibition & Workshops
18th – 20th May 2009
Whittlebury Hall Hotel, Whittlebury, Northampton Performance Testing
Capacity Management Performance Management
Performance Assurance A must attend event with excellent papers from industry experts, US guest speakers, education specialists and end users. The three-day event will cover hot topics and issues in the Performance, Capacity Management, Service Management and Mainframe arenas, including beginner sessions and workshops. The event offers excellent education and training opportunities for attendees. Alongside the multi-tracked conference agenda is an exhibition hall with leading vendors.
Best End User Presentation Competition Why not submit a presentation for the main event agenda and have the chance to win the ‘Best End User Presentation Competition’ and win a trip to the USCMG event in Reno in December 2009. To submit a presentation please visit www.ukcmg.org.uk
10% Discount for EuroTEC 2009 Delegate Bookings Received Before 31st December!! Media Sponsor
More event details are available at www.ukcmg.org.uk
VitAL COVER STORY
Getting ahead in the clouds There are two trends from 2008 that will be remembered for their impact on UK plc and its IT departments: the first is the ‘credit crunch’; and the second is ‘cloud computing’. Here, Gary Marsden, VP business development at CRYPTOCard focuses on the latter, cloud computing and how to overcome the security issues raised by users accessing applications and data from beyond the traditional network perimeter.
hile the term ‘cloud computing’ — coined by analyst firm, Gartner — might be new, the technology or IT strategy it is used to describe is not. Also known as software-as-a-service (SaaS), or hosted services, cloud computing literally means to manage, utilise, and distribute data and applications via the Internet (aka the cloud). It’s likely that you’re already using these sorts of services in some fashion; online banking or webmail, for example, are two of the most popular applications. The idea to provide services over the Internet first emerged in the late 1990s. At this time, the ‘boom and bust’ atmosphere of the technology industry meant that while businesses were able to identify with the benefits of such a service, the reliability and resilience of managed services was still
VitAL : November / December 2008
somewhat in question. Since then, the Internet has been pivotal in shaping the structure and working culture of businesses. Twenty four-seven, global, business operations, facilitated by the Internet, require resilient 24/7 IT infrastructures, and as a result the demand for managed IT services has grown exponentially. Service providers have thus spent the past decade maturing and refining their portfolios, to develop robust infrastructure (networking) and application services.
Outsourcing The availability of these services meant IT departments could outsource the management and maintenance of core, but commoditised elements of the network — from local area networks through to hosted
telephony systems. This, in turn, has allowed organisations to focus in-house expertise toward delivering value-add solutions that complement and accelerate the business’ long-term objectives. Coupled with the rapid innovation and adoption of mobile devices, a wave of demand for remote and roaming access to businesscritical applications and services steadily grew in pace. Employees no longer required, nor necessarily wanted, the four walls of their office in order to work. The advantage of worldwide accessibility is simple to accept when faced with reducing carbon footprints and increasing employee/ workspace flexibility. The benefits, ranging from the predictability of cost, simplicity and scalability, through to ease of management, appeal to businesses irrespective of vertical
VitAL COVER STORY
sector or size. Just like managed infrastructure services, cloud computing is all about taking system complexity and variable lumpy costs and replacing them with transparent monthly operational expenditure (OPEX). In this economic age, it is easy to see the advantages of implementing such a strategy. As a result, more and more global software providers, such as Salesforce.com, Google Apps and Microsoft On-Line, have made their applications and services available over the Internet.
The security impact of cloud computing The ability for employees to access applications from beyond the traditional network perimeter does have its drawbacks though, and this is especially relevant to IT security and when
trying to maintain the security of data stored on the central network. Cloud computing allows applications and data to be accessible from any device, private (eg, laptop) or public (eg, Internet café). The frontline of security in cloud computing, therefore, is the user and his password — and, as is regularly demonstrated, both provide little protection against determined hackers. For the IT department, this is a quandary. On the one hand, and in this particular economic crisis, the cost savings to be made from cloud computing will enable greater concentration on value-add IT strategies, but on the other, they’re facing a constant battle to secure the fort. The UK government’s latest estimate suggests that costs of over £1bn can be attributed to data loss and identity fraud, but this is just the tip of the iceberg. Over the past 18 months, a
series of headline-grabbing stories detailing lost or stolen laptops or mobile devices has thrown IT security into the spotlight, and highlights the issues associated with remote working. In reality, though, it’s not just the data stored on these devices that we should be concerned about. For example, most laptops provide remote access to a company’s corporate network via a virtual private network (VPN) client, and more often than not, the username and password for the VPN is stored for ease of connection. With password cracking tools available free, over the Internet, it can take a hacker little more than a few minutes to identify the user’s password and obtain access to the laptop’s hard-drive; with a simple click and connect on the VPN client, they have carte blanche access to a company’s entire information estate. Similarly, if users are accessing corporate applications via public devices, they too are only protected by their password. Though businesses already recognise the need to implement a firewall or anti-virus solution, many have yet to implement some form of password validation strategy and often hold back because of the associated cost and complexity. But what cost the price of stolen identities and the brand damage that ensues? Unless you lock the door, then anyone can walk into your company and literally destroy your reputation or the integrity of your data.
Password authentication strategies Password security is an increasingly critical element of an access network that businesses are only just beginning to invest in. Enterprisesized businesses have been able to afford the relatively expensive and complex-to-integrate password alternatives such as Two-Factor Authentication (2FA) for the past few years — because it has been easy to justify the investment trade off: secure my passwords or suffer the indignation and damage to my
November / December 2008 : VitAL
VitAL COVER STORY
Essentially, for enterprises and SMBs alike, 2FA is the perfect cloud computing security service for cloud computing strategies (excuse the irony). It provides a simple, cost-effective and flexible solution to securing the critical first hurdle for wannabe hackers – and will enable you to get ahead and exploit 16
what’s set to be a cloud computing storm. reputation when I get hacked. However, there are increasing signs that hackers are targeting government bodies and much smaller businesses — because they are now the low hanging fruit too, and these days hackers are just as interested in proving they can do it (they have a reputation to live up to too!).
VitAL : November / December 2008
The premise of 2FA relies on the adage ‘something you know, something you have’, and is the simplest and most effective method of achieving password protection and stopping unwanted access to your systems. Why? Because the archaic static-password is the single biggest security risk that
organisations face; a one-tier login such as a password is simply not enough. Instead, requiring all authorised users to input something they know, such as a PIN, and use something they have, such as a token that generates a one-time password (known as an OTP), immediately stymies a hacker’s advances. The OTP, which works once and only once, can be delivered via a physical token, SMS, or smartcard. The financial sector, in particular retail banking, is a good example of how 2FA works. This is visible in the form of both the ubiquitous Chip & Pin (where the chip is something you have and the PIN is the something you know), and issuing one-time-password generators to online banking customers. As discussed, the adoption of 2FA strategies has, historically, been prohibited by the cost and resource required to implement and manage such a system. However, there are now a myriad of different ways to have 2FA
vitAL signs — life in the world with it
technology delivered to suit your budget, and IT strategy; with server-based, buildit-yourself, and managed service (cloud computing) options the most popular. The first two options described — serverbased and build-it-yourself — are more commonly adopted by large enterprises that have the IT resource with which to procure the capital infrastructure and can sustain a 24/7 helpdesk. That said, the adoption of 2FA as a managed service, or, for the benefit of this article, delivered as a cloud-based service, is steadily growing as businesses look to trim their IT budgets but still support the extension of business-critical applications to remote or roaming workers, for example — where the need to provide 24/7 support services makes server-based solutions cost-prohibitive, and necessitates significant capital investment in the infrastructure required to deliver such a service. 2FA via the cloud, therefore, makes password authentication strategies accessible and compelling to all types of businesses - the benefits are easily recognisable, and are complementary to those already using managed or cloud-based services. Specifically, it converts the capital (CAPEX) required for a 2FA solution into manageable and transparent OPEX — on a per-user, per-month cost basis — mirroring the utility pricing strategies employed by other cloud computing application service providers. Further commercial benefits of a managed 2FA solution include 24/7 support services and maintenance; online access to a selfservice portal for all users; it can be very quickly deployed — often within 24 hours of subscribing to the service, and is coupled with strong service level agreements (SLAs). The availability of managed 2FA strategies naturally complements businesses using cloud computing services, as well as those with a large remote workforce, seeking to access their corporate applications and data, without compromising your security policies. Essentially, for enterprises and SMBs alike, 2FA is the perfect cloud computing security service for cloud computing strategies (excuse the irony). It provides a simple, cost-effective and flexible solution to securing the critical first hurdle for wannabe hackers — and will enable you to get ahead and exploit what’s set to be a cloud computing storm. www.cryptocard.com
Eric Bristow need not apply Steve White says that he has stopped listening to Radio 4 in his car when the sun is shining. He has a problem with his motor and the conversation at the garage went something like this...
teve: “Dear Chris, there’s a high pitched squeak coming from under the car when it’s moving, please find and fix the squeak when you service the car.” Receptionist: “Mr White, we couldn’t hear the squeak, the car is ready for collection.” Steve: “Chris, listen, it’s doing it now – it’s a high pitched squeak — and it’s driving me nuts! What do you mean your hearing isn’t very good, Dave’s got better hearing has he?” Dave: “Yes I can hear it Steve, but it’s nothing to worry about — drive through the ford, if the noise stops it’s a dry suspension joint… As expected, there’s no squeak — when it dries up it probably will come back, and it’s nothing to worry about.” This little episode got me thinking about how dissatisfied I am with service when the service provider doesn’t fix my problem. Counting the number of attempts above, that’s a fail to fix three times, with the final message to ‘live with it as we can’t be bothered to actually fix the underlying problem’. How many times in IT is a failure to fix the result of a customer call? We’re working with an IT service provider who statistically analysed customer satisfaction mapped
against number of times it took to provide a final answer, and whether the conclusion of the problem was a fix or not a fix. What is surprising — the disproportionate increase in customer dissatisfaction between two and three attempts to fix, and the linear nature of the increasing levels of dissatisfaction as each fix attempt fails. Also mapped is the customer satisfaction when no fix is found — a fix attempt was made and it didn’t fix the problem, then further work was abandoned. In a successful implementation in Problem Management, the engineers get one ‘throw of the dart’, effectively one fix attempt from knowledge and experience before structured problem solving kicks in. If the first dart is often ‘reboot the system, let’s see if that fixes it’, there had better be good quality troubleshooting and a rationale for any proposed action before the second fix is launched or they are placing their reputation at the top of a steep downward slope. I’ve found The Levellers, played very loudly, masks the squeak much better than the measured tones of Radio 4. (At last, a use for squeaky ‘fiddle’ music – Ed).
November / December 2008 : VitAL
Trade secrets Pieter Coetzee is CIO for the UK & Ireland dairy and water businesses of multi-national foods brand Danone. Most recently he has been involved in a project to overhaul the company’s IT service management in its Northern, Eastern and Central Europe region (see VitAL Vol 2, Issue 1). Here Pieter tells us what lies behind his success in the IT industry and on the way we discover that Pieter is something of a renaissance man.
VitAL: How did you start out in the IT business? Pieter Coetzee: My parents bought a pc to use for my mother’s doctorate when I was around 11 or 12. I seem to recall that it had some kind of magical force that drew me to it. There was just something mesmerising about the bright amber text on the black screen that made me ever so excited. Let’s not even talk about that buzzing sound it made when reading something from disk. Before I knew it, I was writing small programs in GWBASIC and apart from a few twists in the tale that was it and I was hooked. I guess that sounds quite sad, but luckily I still continued to focus on school, sport and other fun activities during the time that I wasn’t glued to the pc.
VitAL: Who or what was your inspiration? PC: I’ve of course had various sources of inspiration over time which have all played an important part in my life. I
VitAL : November / December 2008
don’t want it to sound like I am about to make an Academy Awards acceptance speech, but if I have to single out two people who have always inspired me it has to be my parents. They’ve always gone and still go not only the extra mile, but extra miles. They truly lead by example and they have always provided me with the environment in which I could grow and be successful and of course where they could pick me up when I fell. VitAL: What was your biggest break? PC: My biggest break came a few years ago while working for the Danone Dairy business in the UK. I was given an opportunity to be the business project leader on a project to optimise our systems and reengineer our processes. It was a really challenging project to deploy SAP R/3, APO, EBP, Microstrategy, a new EDI solution, tools to manage customer trade terms etc, in just more than five months. The challenging part of course being change management-related to process re-engineering and stakeholder management rather than the technology roll-out. It was a fantastic opportunity to lead a key project for the business. I am very thankful to the company giving me the opportunity as normally it would have been run by a supply chain or finance director,
but in this case I was empowered to lead the project with both these directors as my close coaches and the rest of the senior management there every step of the way to support and guide. I was also provided with a strong deployment team from the head office and locally I was able to pick the strongest team possible from the business to run this project. Not only was it a fantastic experience which a l l o w e d me to grow exponentially and make a real step change, it was also a great success leaving me with great confidence allowing me to take on the challenges to come. VitAL: Were there any mistakes that you learnt from? PC: I’ve been privileged enough to have wonderful coaches steering me clear of major disasters, but of course as any good coach will do, they do let you bump your head a few times as that is a good way to learn. The key areas where I’ve learnt a lot through the years are how important clear communication and stakeholder engagement is. I’ve seen many projects or initiatives go down the wrong track because of a failure in communication or not engaging the right stakeholders. Effective communication brings clarity and alignment which in itself reduces the risk of mistakes. Even in the worst case when you do make a mistake, it is of course much easier to live with as everyone was aligned in making the same mistake. What more can you ask for! VitAL: What aspect of the job gives you the most pleasure? PC: No doubt that it is working with people, especially people on my team. It gives me endless pleasure to see people take on challenges individually or as a team and grow while doing so. I have a passion for working on and improving team dynamics in order to have a team that the business can ultimately be proud of. Working in a fast-moving organisation where there is always a variety of challenges also provides for a great place to work.
Having my Actimel and Evian available to me in the office is certainly also a bonus! VitAL: What unfulfilled ambitions do you want achieve? PC: From a business point of view I still believe CIOs have a lot of scope to grow as business leaders as our environment and the expectations change. I would of course want to go all the way down this path. On a personal level I’ve always dreamt of safely landing a big plane like a 747 and I would like to climb Everest. If only I had the time to get around to it! VitAL: Outside work, what are your hobbies or interests? PC: I love and used to play a lot of sport, up to provincial level in South Africa. For now I am usually quite happy if I can watch as much as I can fit in. But I am working on getting my fitness levels back to an acceptable level, so I can start doing some sport again. I guess I can say I enjoy playing a round of golf once in a while. I stress the once in a while as that is how I can continuously justify that I am really not good at it! I love playing music. I used to play piano and panflute regularly, but these days it is mainly limited to when I visit my parents in South Africa and on the odd occasion when I travel for work and end up in a hotel with a piano. A long time ago, I used to play in a few South African TV series’, but now I only love to visit the London theatres as often as possible. Not sure whether DIY can be classified as a hobby or an interest, but it is something that does come onto the radar and keeps me busy and challenged outside of working hours.
VitAL: What would you say is the secret of your success? PC: It’s a mixture of many things, but in order not to let the whole secret out I will share some of the key points. I can compare it to a cocktail as all the ingredients need to be there otherwise it is just not the same. Again trying to avoid sounding like starting an award acceptance speech, I will have to say that my parents created the initial solid foundation that I can use as springboard. I have a loving and understanding wife without whose support every step of the way I would not have had the success I’ve had so far. I’ve always worked for companies where people are given the opportunity to really take the initiative and make things happen. Being empowered is really a key driver for me in keeping me motivated to always deliver my best. I’ve always worked with great and very diverse teams and that is a key ingredient for me. Any manager or leader can be as good as they want, but if you don’t have a good interdependent team with you, you will just not achieve the same level of success. I s t ro n g l y believe you have to learn from your mistakes and your successes. We often only take key learnings from our failures in order not to make the same mistakes, but we should learn form the things that went well and understand how we can at least replicate and ideally improve on that. Let’s not leave out the importance of having great managers / coaches as they are often the difference between success and failure where failure could even sometimes be just not communicating the success. …. and of course somewhere along the line I hope that having the right capabilities and always trying to go the extra mile is also helping just a little bit! If you put all of that together, both shake and stir, you have a good chance of having success. I guess my secret is not a secret anymore. VitAL: Pieter Coetzee, thank you very much.
November / December 2008 : VitAL
United we stand V
While UC and VoIP can provide a range of benefits it can be difficult for organisations to decide if the technology is right for them, which solution is best suited to the way that they do business, and best practice implementation. The sheer volume of offers available and the hype which surrounds this technology is making it hard for organisations to distinguish between reality and fiction
As more and more SMEs choose to integrate their voice and data networks it has never been more important that they fully understand the costs and benefits of convergence says Gene Reynolds, senior consultant at CC.
oice over internet protocol (VoIP) has now been around for the best part of a decade but it has been in the last two or three years that its popularity has really started to grow. This boost has been due, in part, to advances in communications technology and ever increasing internet speeds. The SME market in particular is seeing an increase in the use of unified communications (UC) and applications like VoIP. While UC and VoIP can provide a range of benefits it can be difficult for
VitAL : November / December 2008
organisations to decide if the technology is right for them, which solution is best suited to the way that they do business, and best practice implementation. The sheer volume of offers available and the hype which surrounds this technology is making it hard for organisations to distinguish between reality and fiction. As more and more SMEs choose to integrate their voice and data networks it has never been more important that they fully understand the costs and benefits of convergence.
Navigating the hype Despite UC having been around for some time there still seems to be a certain amount of hype surrounding it. This usually manifests itself in stories where the financial benefits of VoIP are highlighted while the realities of installing and maintaining an integrated network are barely mentioned. A great deal of this hype is produced by vendors who are keen to push the idea that UC and VoIP are the equivalent of some kind of communications miracle. In the real world,
A great deal of this hype is produced by vendors who are keen to push the idea that UC and VoIP are the equivalent of some kind of communications miracle. In the real world, a solution can only be effective if it fulfils the criteria of a business’s specific needs.
a solution can only be effective if it fulfils the criteria of a business’s specific needs. It is easy to see why organisations could get confused when trying to evaluate if integration is the right choice for them. In addition to reduced telephony charges, vendors are also promoting improved continuity, workplace mobility and productivity. As previously mentioned, in order to enjoy these benefits organisations first need to understand which solution they need and how best to implement it.
VoIP – The options The first step is to understand the contrasts between the current suppliers of VOIP. For example, users can choose between implementing consumer- and commercialgrade providers of VoIP. Studies have
shown that there are many individuals in smaller organisations who have been using consumer grade VoIP applications. While these solutions may be acceptable for consumers, they are not suitable for business-critical communications. The Skype crash in August 2007 was a reminder that businesses using consumer-grade VoIP will always need a back-up telephony system in case of an emergency. Common problems with consumer-grade IP telephony include complaints regarding poor sound, time delay, dropped calls and loss of service. Also while implementing consumer-grade VoIP into your business could slash your costs, it could also introduce risk in the form of a lack of external support and/or contractual commitments to maintain your environment, not to mention a
lack of innovation and security. It is for these reasons that businesses tend to shy away from consumer-grade VOIP. While it is possible for VoIP to considerably reduce costs and even eliminate in-house call charges completely, companies need to do their analysis carefully. Savings could be offset by costs relating to maintenance, or the cost of providing the bandwidth necessary to allow VoIP. These are the type of costs that occur as a result of in-house equipment and often price out small to medium sized enterprises. The cost of advanced communications hardware and a full time network engineer is more than most SMEs can accommodate. For smaller businesses it is the hosted or managed services which are helping to make VoIP a more realistic and less
November / December 2008 : VitAL
Businesses can literally have access to staff anytime, anyplace, anywhere so long as they have a broadband connection. This can be especially useful for smaller organisations that increasingly need to be as flexible as possible. It can also provide another way to reduce expenditure. risky proposition. These services consolidate line rental, call charges and upkeep into one bill removing the need for companies to take responsibility for initial investment, maintenance and upgrades. Business should consult with independent experts in order to ensure they receive a suitable solution that is reliable and delivers the benefits for which it has been acquired.
VoIP and UC – Practical applications
As previously mentioned business benefits associated with VoIP include more than simple cost reductions. Users of business grade VoIP solutions have found that they have the capability to improve employee productivity. For instance, in the call centre sector it has been observed that a significant amount of agents’ time is wasted logging on to systems and negotiating different desktop applications. With UC, desktop applications like email, calendar and instant messaging are integrated with telephone, plus video and audio conferencing. This allows for more consistency in the user interface, making access to data and applications both
VitAL : November / December 2008
easier and more convenient. Call centres in particular have found this useful for reducing lost time and increasing productivity. This ability to combine applications is what most people refer to when they use the term UC.
VoIP and mobility For many organisations one of the strongest reasons to adopt VoIP is the increased workforce mobility it can provide. Businesses can literally have access to staff anytime, anyplace, anywhere so long as they have a broadband connection. This can be especially useful for smaller organisations that increasingly need to be as flexible as possible. It can also provide another way to reduce expenditure. By enabling remote working, organisations can save money through the reduction of facilities that would have previously been required to accommodate an in-house workforce. Remote working capabilities can also be useful when recruiting new staff — increased mobility provided by advanced communications technology is reducing employers’ reliance on the local resource pool. Individuals who may not have been viable for a regular five day a week office bound position (such as parents
with small children, disabled people unable to commute every day, people living a long distance away) can be identified as potential candidates. This significantly increases the number of applicants who can be considered when recruiting, improving the chance of hiring the best person for the job.
Measured evaluation While these benefits are attractive it is crucial that the decision to adopt VoIP is taken after a measured evaluation of an organisation’s current situation. Each business will have a different profile which strengthens or weakens the VOIP proposition. If the wrong choices are made than the consequences can quite easily negate any potential benefits. Businesses need to seek some external advice to understand where they sit in terms of operational requirements, current spend, contractual commitment, geographic spread, IT policies and constraints, and long term growth plans. It is essential that users understand the possible limitations of this technology and identify related concerns before they replace their current service. www.cc.net
Complete implementation of ITIL in 12 weeks?
Optimal service management with BMC Alignability Alignability is the newest innovation in service
for the employees. The Alignability model fills the
management systems, which may significantly reduce
gap between the ITIL framework and your service
the time needed for an ITIL implementation project from
12-18 months to 12-14 weeks.
In the Alignability Process Model the experience gained
ITIL gives guidelines to organisations who want to
from over 150 companies in 30 countries, is distilled.
define their service management processes. However,
It is a practical instrument that has been developed
processes are not enough; they have to be completed
over the past 10 years. We can now safely say that
with the details of how to carry out those processes
when no changes are made to the processes they are
into work instructions to give a real practical advantage
guaranteed to work.
Interested? Contact InfraVision at: InfraVision Ltd Delegate House, 30A Hart Street, Henley-on-Thames, Oxon, RG9 2AL
T: + 44 (0)1491 635340, F: + 44 (0)1491 579835, email@example.com, www.infravision.com
Securing virtualised data centres For security directors in large organisations, securing virtualised data centres is a major concern. Server virtualisation offers better total cost of ownership, increases operational efficiencies and management flexibility. How can corporations effectively secure virtual machines (VMs)? Are there ways to secure virtual machines that don’t sacrifice the operational efficiencies provided by server virtualisation? Ryan Malone, the vice president of marketing and business development at Apani, examines trends in server virtualisation security and reveals the many compelling advantages of cross-platform virtual security solutions.
he accelerating market for server virtualisation has been in mainstream media since well before VMware’s 2007 IPO. According to Gartner, 60 percent of virtual machines will be less secure than their physical counterparts through 2009. As the unique and dynamic nature of server virtualisation further permeates the enterprise, several security challenges are likely to be encountered, including: • IP address dependency: In a virtualised environment, IP addresses often change as virtual machines are created, retired or migrated from one physical host to another, causing issues in traditional protection mechanisms. • VM sprawl: Virtual machines are easily created from previously existing images, often introducing large number of VMs that are not properly maintained or are based
VitAL : November / December 2008
on images with known vulnerabilities. Successful attacks on vulnerable VMs can serve as a launch pad to attack other VMs. • Inability to monitor intra-host traffic: Server virtualisation introduces the concept of a ‘soft switch’ to allow for VMs to communicate with each other inside a single host. Special tools are required to monitor and protect these communications and solution options are limited. • Silo approach to security policy: Unfortunately, many security vendors take a silo approach to security, recommending different solutions with different management requirements for each. Neil MacDonald, an analyst at Gartner in a recent interview said, “Most security problems in the virtual world will be introduced through misadministration, mismanagement or
just plain old mistakes. The fact that we use different tools in the physical world than the virtual world compounds that problem.” Given the many security challenges that must be addressed to fully realise the obvious benefits of server virtualisation, a new approach is needed.
Cross-platform virtual security Designed to secure both virtualised and physical environments with a single solution, cross-platform virtual security helps large organisations impose dynamic security policies across their data centres. Organisations eliminate the trade-off between the benefits of server virtualisation and maintenance of strong security. Eliminating the IP address dependency of security policy, cross-platform virtual security
According to Gartner, 60 percent of virtual machines will be less secure than their physical counterparts through 2009. As the unique and dynamic nature of server virtualisation further permeates the enterprise, several security challenges are likely to be encountered ensures policies are enforced regardless of the location or platform of the machine. Security administrators can eliminate operating expenses associated with rules changes. In fact, policy is enforced and persistent in a variety of situations, including: • Physical servers and endpoints moved to different locations on the network; • Physical servers and endpoints converted to VMs; • VMs migration through live or cold migration from one physical host to another. Cross-platform virtual security places both physical machines and VMs into logical security zones, eliminating the need to reconfigure the network for security, and also protect against issues such as VM sprawl. By strictly controlling access to each zone, the attack surface area for
compromised VMs is greatly reduced. Cross-platform virtual security is typically based on a distributed, peer-to-peer architecture which allows scalability to hundreds of thousands of instances. Policy management is completed en masse, updating some of all endpoint policy with just a few mouse clicks.
Benefits of cross-platform virtual security Cross-platform virtual security offers many important benefits, some of which include: • Realise the operational benefits of server virtualisation without sacrificing security enforcement; • Eliminate the management complexities caused by a silo approach to data centre
Figure 1: Cross-platform virtual security protects VMs and physical machines using logical security zones with reconfiguring the network.
November / December 2008 : VitAL
Designed to secure both virtualised and physical environments with a single solution, cross-platform virtual security helps large organisations impose dynamic security policies across their data centres. Organisations eliminate the trade-off between the benefits of server virtualisation and maintenance of strong security. • •
security, protecting hosts through a single console; Satisfy regulatory compliance without reconfiguring the network; Isolate and protect both VMs and physical servers and endpoints with a single solution and protect against VM sprawl; Eliminate operational costs, associated firewalls and VLANs; Leverage distributed architecture to eliminate bottlenecks and single points of failure.
What to look for 26
When evaluating a cross-platform virtual security solution, consider these important requirements: • Cross-platform support (virtual and physical): The ideal solution will support x86 operating systems common in virtualised environments as well as other common and less-common architectures such as
VitAL : November / December 2008
Solaris, AIX, HP-UX, RedHat, Windows and IP-based non-server devices. Not dependent on IP addresses: The ideal solution should enforce security policy regardless of the IP address of the computer, ensuring policy persistence in the event of migration of physical movement. Isolation of VMs on same physical host: To protect VMs from vulnerabilities introduced with VM sprawl, the ideal solution should be capable of isolating VMs from other VMs on the same physical hosts. Scales easily: To support growth without introducing bottlenecks, seek solutions that that operate on a distributed architecture. Selective encryption: Look for a solution that offers selective encryption based on policy, rather than an all-or-nothing approach to maximise performance/protection. Centralised management: To take advantage of management efficiencies, seek a solution
that provides a single point of security management • Host-based implementation: To achieve the most granularity and mobility with regard to security policy, seek a solution that enforces policy at the host. • Transparent to infrastructure and applications: To minimise deployment time and compatibility issues, the ideal solution operates transparently to the network and applications. • Robust activity and audit logging: The ideal solution should both log detailed activity data and create an audit trail for servers and endpoints as well as administration consoles. • Certificate-based authentication: Seek a solution that uses X.509 v3 certificates to ensure operator credentials cannot be spoofed. www.apani.com
Dream Catchers, Inc
Real Results. Real Value.
Solutions Results Dream Catchers has the experience and track record to help you succeed with your ITSM Project. Visit us at the itSMF UK conference 10th - 12th November 2008, stand K22. ITIL/ISO Training, Classroom and Computer Based Advisory Services and Workshops Project Management for ITIL Phone: 44 (0) 20 8090 5015 www.dream-catchers-inc.co.uk www.dream-catchers-inc.co.uk
A cloudy future Nigel Hawthorn, EMEA marketing VP for Blue Coat Systems, looks at the current growth in cloud computing and the need for organisations to adopt a real-time cloud computing security service that addresses latency and effectively protects them from malicious threats such as malware, trojans, botnets and phishing attacks.
ccording to a recent report by Forrester titled: ‘Is cloud computing ready for the enterprise?’, cloud computing still remains a genuine web security concern. In theory, it can be more secure than do-it-yourself computing since shared costs allow larger overall investment in security processes and infrastructure. However, worries still remain about access and control over an organisation’s sensitive data. These days users need to go everywhere from customer sites and partner meetings to remote offices. The applications they need, however, are often locked up in distant, consolidated data centres or are outsourced entirely. All of this movement conspires to break up the traditional ‘hub and spoke’ network model of the past. At the same time, application networking is becoming increasingly peer-to-peer, with VoIP for example, requiring low-latency,
VitAL : November / December 2008
high-bandwidth connections between any network endpoint. To accommodate this within traditional point-to-point links would require exponential growth in the number of interconnects. This would be impossible to provision, as we know. For relief, many enterprises have turned to ‘cloud’-shaped networks, a transition like most in IT, with some interesting side-effects.
For example, what if you want to connect directly to the Internet? The price is definitely right, and getting all of that Internet back-haul off your WAN is very appealing. The traffic is going there anyway, why not let the Internet carriers pay to move it around? Unfortunately, the security and routing issues are as serious as they are daunting. You’ll have to make sure that nothing nasty gets in, such as
cloud computing still remains a genuine web security concern. In theory, it can be more secure than do-it-yourself computing since shared costs allow larger overall investment in security processes and infrastructure. However, worries still remain about access and control over an organisation’s sensitive data.
Organisations need to find economies of scale in their security models that rival the efficiencies of hackers. Call it building a moat for the villagers to protect them from the barbarians at the gate. Otherwise, this will remain a one-sided battle that just gives hackers more appealing targets. However, there is now a shining light in the cloud.
malware and phishing attacks. Furthermore, any application-layer security or web access controls you’ve set up in at the data centre gateway will have to be replicated, distributed and managed centrally; quite a tall order.
The latency issue Regardless of the type of cloud an organisation chooses, one key issue remains, increased latency. Many of the applications commonly used at the branch, such as email and file services, are notoriously sensitive. To address latency in the cloud, there are options. Generally, they fall into one of two categories — fix the application with caching, compression and protocol optimisations; and/or application prioritisation. The ultimate goal in compression and optimisation is to reduce traffic entirely. New forms of caching and inline compression can dramatically reduce the bandwidth needed
to service applications. Bandwidth, network latency, and application performance aren’t directly related, but if you can avoid transmitting data at all you save user time, along with time on the wire. Some applications, file services, email and even web applications can be intercepted and re-worked. These protocol optimisations, combined with caching and compression, can provide startling improvements. Overcoming such latency challenges is what’s making WAN optimisation such a hot market. While some latency is unavoidable, you can do something about packets sitting around waiting for bandwidth. Latency caused by distance and network congestion are the first bottlenecks to avoid.
A silver lining for organisations Organisations need to find economies of scale in their security models that rival the efficiencies of hackers. Call it building a moat for the villagers to protect them from the barbarians at the gate. Otherwise, this will remain a one-sided battle that just gives hackers more appealing targets. However, there is now a shining light in the cloud. Organisations can now access a multi-layered defence service that addresses the latency issue and protects customers from new sources of malicious threats such as malware, trojans, botnets and phishing attacks. There are now
solutions available, such as WebPulse, a cloudbased security service, which analyses more than 150 million web requests a day to create a community in which the discovery of malware by one member is shared with all. The service also creates a community that reviews more web content and utilises more defences than a single company could cost effectively manage. It also provides enterprises and consumers with a real-time rating to analyse newly published or previously unrated web content and includes a background rating process that utilises multiple threat detection engines and machine analysis of web content. Furthermore, WebPulse offloads the web gateway from analysing all web content and efficiently blocks dynamic web requests to malware hosts hidden in popular and trusted web sites. It is clear that the convenience of cloud networks is too much to resist. Yes, a little extra latency must be overcome and additional common-sense security is required to protect from malicious attacks. But it’s nothing a network manager can’t overcome — if they can spare the time from filling out all those pointto-point cancellation forms — there just might be a glimmer of light shining through the cloud for organisations as policy-based prioritisation becomes even more critical. www.bluecoat.com
November / December 2008 : VitAL
Cutting costs with service management There has never been a more compelling reason to adopt the best service management practices than having to make the most of lean IT budgets. As the song used to say, “When the going gets tough, the tough get going,” and service delivery departments are as hard headed as they come according to Peter Wheatcroft, principal consultant at Partners in IT.
hile the techniques of investment appraisal have long been used in IT to evaluate the business benefits of spend on development projects, they are rarely used by IT services departments because the linkage between investment levels, return on investment (ROI) and the ongoing cost of delivery has not been properly articulated. This is a pity, because the cheapest service is almost always the most effective – as it cuts out waste and delivers value.
Background The official ITIL version 3 definition of a service is as a means of delivering value to customers by facilitating outcomes customers want to achieve, without the ownership of specific costs and risks. What this means in practice is that a service should achieve
VitAL : November / December 2008
what the customer wants, at a price they are prepared to pay and without worrying about it going wrong. A service that doesn’t worry the customer when it goes wrong is well managed if it doesn’t jeopardise their business goals and they have trust in the delivery provider. This isn’t new, but is far from current industry practice as evidenced by the continual wave of outsourcing (and new insourcing) deals being reported. A major survey carried out recently of over 2,600 service projects in 550 different companies returned some surprising results. Over 75 percent of these projects were completed
in order to improve customer service, and yet only 12 percent of them had yielded any form of financial benefit. Of course, not all projects will show a financial return, although it could be argued that the cost of poor service will lead to loss of customer confidence and so addressing this concern will show a benefit – although the organisations concerned did not generally take this into account in their submissions. Many projects were felt to have some financial justification, although there was little or no evidence provided of a detailed, robust or consistent ROI process to demonstrate the value. Despite this, measurement of value derived from these projects was thought to be important in 37 percent of the companies surveyed. So what about some initiatives that can show value?
Case study 1 – The help desk
Case study 2 – The ITIL approach
Case study 4 – Outsourced IT
Let’s take a look at a real business case that established a new help desk. This high street bank wanted to consolidate a number of separate help desks and at the same time increase the capability of its staff to answer customer queries. The benefits from this were seen in a reduction in internal costs by being able to handle more calls at first touch, which is cheaper than getting technical specialists involved, and by handling calls faster by use of a knowledge base containing the solutions to previously reported incidents. The total cost of the project was £2.1m, consisting of workstations, furniture, help desk software and all other project development costs such as relocation and staff training. This project yielded an internal rate of return (IRR) of 29.6 percent and a net present value (NPV) of £720,000+, while simultaneously improving the service proposition by delivering an 80 percent fix at first touch. Payback was in three years and customers got an improved service.
A consumer products manufacturing company decided to take a strict ITIL-based approach to service delivery and introduced rigorous disciplines along with ITIL process automation. The result of this was that, despite salary inflation, they reduced the cost per supported workstation from £202 per month to £103 within 18 months, while simultaneously increasing customer satisfaction with both the speed and quality of response of the IT service. This formed the rationale to expand that service discipline across the world.
An outsourced IT service provider was able to offer a profitable ITIL fault-resolution service to its clients on the basis of a service desk tier-one call being charged at £5, a tier-two call costing £30 and tier-three call costing £60. This service not only made money for the provider but offered its clients a value beyond that possible internally, where a large help desk may well cost £90,000 a month in terms of total staffing and product licence costs.
Case study 3 – Best practise
When budgets are tight, it is tempting to stop thinking about spending money. But when the benefits of good service management are looked at in terms of value rather than expenditure, the picture is quite different. The least cost service is invariably based on high-value customer propositions and if there is an agenda in your company to save money, improving service should be at the top of the list. Why not start with the ITILv3 definition of service delivering customer outcomes and look to cut your costs that way? www.piit.co.uk
A high street retailer that was benchmarked as having reached best practice was able to employ staff at a total cost of less than £40,000 a head – including employer’s pension contribution, SE regional supplement, travel and subsistence and training costs. This was only possible by the adoption of consistent service management disciplines, ITIL process automation and a knowledge base that meant tier-one staff could handle faults that would otherwise have been referred to much more expensive tier 2/3 specialists.
The bottom line
The official ITIL version 3 definition of a service is as a means of delivering value to customers by facilitating outcomes customers want to achieve, without the ownership of specific costs and risks. What this means in practice is that a service should achieve what the customer wants, at a price they are prepared to pay and without worrying about it going wrong. 31
November / December 2008 : VitAL
Security at the flick of a switch Head of convergence and network strategy at managed network security specialist Star, Hugo Harber addresses the challenges facing SMEs managing data security cost effectively and makes the case for outsourcing.
The growth in the sophistication of technology and the broad range of security products and solutions has encouraged many small- and mediumsized businesses to pass responsibility for security to third party providers.
ack in the mainframe age, network security was simple, it meant locking the computer room, only allowing access to authorised individuals. That is no longer the case. Today the perimeter of the LAN-based network is not well defined and connecting a company network to the Internet makes the perimeter even fuzzier. Some have likened it to â€˜a crunchy shell around a soft, chewy centreâ€™. Meanwhile, the nature of the threat facing UK business networks has expanded dramatically. The growth in the sophistication of
VitAL : November / December 2008
technology and the broad range of security products and solutions has encouraged many small- and medium-sized businesses to pass responsibility for security to third party providers. Here we examine the challenges and how SMEs can gain access to enterprise level solutions to manage internal and external security threats. Today, security threats no longer comes through a single entry point like the occasional rogue floppy disk, but from multiple points of entry to the network, such as the Internet gateway, virtual private network (VPN) links,
remote access servers, email, wireless local area network (LANs) and even handheld devices. Before we go any further, itâ€™s important to remember that not all assaults on your network security originate from socially dysfunctional teenagers at the other end of an overseas broadband connection. The most recent computer crime statistics indicate the majority of computer attacks are carried out by organised criminals insiders, employees and associates of an organisation. According to the American Society for Information
VITAL MANAGEMENT Security, almost three-quarters of current security breaches come from inside the enterprise, while some are the work of a disaffected employee a high proportion of these security breaches are accidents and not malicious. But that doesn’t prevent them being as costly as the malicious attack. The security threats facing business networks can be broken down in to various categories: Malware: Increasingly, websites are becoming the preferred delivery mechanism for damaging malware such as viruses, as well as spyware and adware. In some cases, simply visiting an infected website will be enough to download unwanted programs onto a computer. Even if such programs are discovered before they bring your network down or surreptitiously leak sensitive financial or client data to a criminal third party, cleaning and rebuilding a polluted machine will have unwelcome resource implications. Blocking access to malicious websites and infected downloads is therefore absolutely vital to safeguarding your organisation’s productivity. The uncomfortable truth is that the web is now firmly locked into the armoury of tools and techniques which the increasingly professional, sophisticated criminal gangs behind most cyber-crime now routinely deploy. Unauthorized network access: This is where a hacker enters the network and tries to gain information (such as passwords or access to data). This might be done without the owner of the network even knowing that anyone has gained unauthorised access to the network. Hackers breaking into your network can view, alter or destroy private files. Unauthorised Network Use: Networks are often used for non work-related tasks. Employees can misuse network resources by surfing non business-related web sites, sending and receiving personal email, using instant messaging applications and sharing personal files over the network. Not only does this waste valuable bandwidth and disk space but it reduces employee productivity and increases company liability. Active Attacks: There are several sorts of active attacks, each with different goals. Some attacks are meant only to disrupt an online service for other users. Known as ‘denial of service’ attacks, their one aim is to prevent others from using a particular service. The nature of the attack can range from crashing a web site to flooding an Internet link with bogus data so that there is no bandwidth available for legitimate use. While no data is compromised, the consequences can be quite serious, as many e-commerce sites rely on service availability for their revenue.
Before we go any further, it’s important to remember that not all assaults on your network security originate from socially dysfunctional teenagers at the other end of an overseas broadband connection. The most recent computer crime statistics indicate the majority of computer attacks are carried out by organised criminals insiders, employees and associates of an organisation
November / December 2008 : VitAL
The elements of good security Security threats are more than just a distraction. An attack directed at financial or personnel records or business-critical applications could be potentially devastating. But even indiscriminate attacks can result in the loss of valuable data, high repair costs, negative publicity, legal liability and the loss of hours or even days of productivity. Security vulnerabilities don’t do much for company’s reputations, either. Security spending is a cost that’s notoriously difficult to justify in traditional cost/benefit terms: you spend a lot on security and in the best-case scenario nothing happens! But it’s important to remember that reactive security spending is usually greater than that on proactive measures, after allowing for rectification costs. It seems that companies have to suffer a significant breach of security before they take the issue seriously. Another major hurdle to overcome is a misconception about the nature of effective network security. In reality, it’s a management problem with a technology solution. Security isn’t a check-list of do’s and don’ts — it’s a discipline covering the entire IT infrastructure. Installing a firewall is a start but it’s not enough. A firewall is a specialised piece of security equipment designed to address only one part of the security puzzle. Given the many types of security threats, companies put themselves at great risk by implementing a ‘point’ product, such as a firewall, and thinking that they’re safe.
Multi-layered security When it comes to security, a multi-faceted, layered approach works best. For example, worms are designed to bypass firewalls. The damage they cause can be prevented by the integrated use of a firewall and an intrusion detection system. With a multi-layered approach, even if an intruder is able to bypass one access point, overlapping layers of security ensure that the break-in will be stopped by another mechanism. So, preventing and combating the array of network security threats requires a variety of security solutions and best practices, including firewalls, anti-virus protection, VPNs, content filtering, reporting, vulnerability assessments, intrusion detection and software maintenance, that together provide a secure perimeter for your company network. It’s equally important that all the security layers you put down are not only interoperable but can be centrally managed.
Managed services With businesses increasingly forced to do more with less — what are the options for SMEs faced with protecting their network against a myriad of threats? Increasing numbers of business looking to reduce costs and optimise efficiency are turning to managed services where they can have all the functionality at the flick of a switch, for a modest monthly sum and no real risk to the business.
VitAL : November / December 2008
Opting for the managed solution means that a business’s systems are managed offsite and ‘fed’ to the business over a network or in the case of perimeter security provide a single safe managed connection to the internet. This gives SMEs access to enterprise level security protection such as round-the-clock monitoring and management of intrusion detection systems and firewalls overseeing patch management upgrades, performing security assessments and security audits, and responding to emergencies. This removes the burden of performing the tasks in-house which can be a considerable drain on an SME’s time and resources and means that businesses of all sizes have access to a high level of IT expertise without having to take on the cost of full time employees. This not only means that your business is protected against security threats but also removes the need for huge capital expenditure on software and hardware and ultimately means that firms can focus on serving their customers while the managed service provider looks after the integrity and security of their data and applications. It is hard to find genuine savings from within your IT budget. However, by using a managed service you can outsource the very simple administrative tasks like firewall maintenance and the complicated operations like network management delivering measurable productivity benefits to your IT Department. www.star.net.uk
Setting the standards VitAL talks to Peter Bayley, director of qualification products at BCS about ISEB, the society’s qualifications body. Bayley describes how the transition from ITIL v2 to v3 has impacted the delivery of qualifications.
VitAL: What is ISEB and what does it do? Peter Bayley: ISEB is an examination body for IT. We have been operating for over 40 years and in this time we have become a leading awarding body for professional qualifications in computing and IT. ISEB is split up into eight major subject areas with many qualifications within these areas. These areas include Service Management, Software Testing and Business Analysis as well as many others. We deliver these qualifications both in the UK and internationally and at this point in time have delivered nearly 350,000 exams worldwide. As I have mentioned these exams are not just taken in the UK but also
VitAL : November / December 2008
internationally in fact we have delivered exams in over 50 counties including Australia, Japan, South Africa, USA and Brazil, just to name a few! I would like to think that our qualifications add value to professional careers by providing both the means and platform for recognition and enhanced career development. VitAL: What are the main changes between the v2 and the v3 qualification? PB: There is quite a big difference between the qualification, where as v2 was written for the ‘here and now’, v3 has been written in mind for future-proofing, this is one of the main reasons it has taken time to be developed.
It has advantages such as on-line delivery of the higher level exams, whereas before a candidate had to sit a three-hour written exam this has now been changed to an online multiple choice exam which of course has many advantages both for the candidate and the EIs who mark the exam. The key for ITIL is to modernise the delivery and assessment of the qualifications, ISEB has always been leading the way in this respect. VitAL: How have your ATOs responded to v3? PB: The new ITIL structure and exam scheme has been embraced by our customers and ISEB has remained as one of the leading
ITIL examination institutes in the world. The attitude of our ATOs has really helped in making the standard accepted and welcomed by the service management community and it is in working closely with our ATOs that ISEB will be able to deliver international qualifications which are greeted internationally. VitAL: How have candidates responded to v3? PB: Very well. When the first figures were released by the Accreditor for ITIL, ISEB was at the top of the tree in terms of individuals who had taken the v3 examinations. I think that this was because ISEB had a clear message and had prepared its ATOs to deliver the ITIL v3 exams, so that individuals were at ease that the new exams would not hold any unexpected surprises. VitAL: Has the transition from v2 to v3 been as smooth as you expected? PB: With all version upgrades there will be teething problems, at ISEB, we are constantly revising our exams to maintain their relevance, and are fully aware of any issues that may arise, from this perspective we have been able to bring our experience into this process and hopefully enable a smoother transition. We have kept our customers informed at every juncture and are still working as hard as we can with the ITIL v3 exam panel to ensure that the remaining qualifications arrive on time. VitAL: A new set of ITIL delivery standards has been released, how have you ensured that these have been met by your ATOs? PB: We pride ourselves on setting the highest possible standards and ensuring that all ATOs go through a stringent accreditation process. Therefore even before these standards were announced all our ATOs were meeting them. VitAL: Can you tell me about the new credit profiler and the advantages this brings to both v2 and v3 candidates? PB: The Credit Profiling System was launched on 1st October, this allows the candidate to calculate credits already achieved in v2 and
We deliver these qualifications both in the UK and internationally and at this point in time have delivered nearly 350,000 exams worldwide. As I have mentioned these exams are not just taken in the UK but also internationally in fact we have delivered exams in over 50 counties including Australia, Japan, South Africa, USA and Brazil, just to name a few those achieved within the v3 scheme and provides assistance with balanced module selection. The profiler will give the candidate various different routes and will highlight the most desirable route for the candidate. With the most common question amongst candidates being whether they can use their v2 qualifications towards the v3 set, this system shows them exactly how they can do this. VitAL: How has the current economic climate affected demand for ITIL exams? PB: At ISEB we have been through difficult times before and have found that during these periods, people are often looking to safeguard their jobs. Qualifications enable individuals to differentiate themselves from their colleagues so that if job cuts are made, they find themselves in a stronger position. The exams also prove that individuals are able
to do their job at varying levels, this adds extra peace of mind during uncertain times. VitAL: Are there any plans to add to the current ITIL structure? PB: ITIL Master will soon be entering development stages and due to the level it will be at, it may take some time; The ITIL Examinations Board will be developing this and would welcome any input from any existing ITIL experts into what should be included. A vital aspect when developing exams and qualifications is to include the community and gain feedback regarding the exams â€“ this is something ISEB have always strived to do, it is essential to provide a qualification structure that meets the market needs. VitAL: Peter Bayley, thank you very much. www.bcs.org/server.php?show=nav.5732
November / December 2008 : VitAL
Get rid of the office! As important as environmental sustainability are economic and social sustainability says Adrian Burholt, CEO of The Key Revolution, doing away with the office ticks all three boxes though.
hile a lot of people use the word ‘sustainability’ in conjunction with office practice, the rate at which words translate into action is hindered by a lack of understanding. While most people think of sustainability in terms of environmentalism and a green lifestyle, in reality sustainability reaches into two other areas as well. Economic and social sustainability are just as important as environmental sustainability, particularly to businesses that may be interested in green office policies but are put off by cost and implementation worries. In particular, concerns about technology can clash with office policies on energysaving and other environmental schemes. However, as a resolution to these concerns about how to run a green office, I have one answer: get rid of the office. It sounds radical, but what I mean by this is a move
VitAL : November / December 2008
to remote or home working. Technology has developed to the stage where for many employees, their work can be done anywhere with an internet connection and a laptop, rendering their journey into the office every morning an unnecessary chore.
Cloud computing One of the biggest trends in IT at the moment is cloud computing. Dell, Microsoft, Google, IBM — all the giants are making the move to adopt cloud computing technology, which gives IT managers a good indication of what they can expect in the near future. It’s interesting that the rise of cloud computing comes at a time when more people are actively looking to work remotely — either while travelling, or from home. The UK government has even passed legislation granting employees with young children
the right to request remote working, and this legislation may soon be updated to include parents with teenage as well as very young children. So, how is working at home going to equate to sustainable business practice? The answer lies in interconnected environmental, economic and social sustainability. Home working manages to tick all three boxes. It reduces unnecessary travel; thereby saving costs and reducing carbon emissions. The average UK commuter travels 2,906 miles a year, and spends eight hours a week – that’s 47 working days a year – on commuting and business journeys. Home working reduces the amount of space and energy needed to house employees in an office, again, saving on bills and emissions. It can also improve productivity among staff: surveys and pilots conducted by IBM Canada (where about 20 percent of its workforce telecommutes)
Economic and social sustainability are just as important as environmental sustainability, particularly to businesses that may be interested in green office policies but are put off by cost and implementation worries.
indicated that employees can be as much as 50 percent more productive in telework environments (ie at home). My favourite aspect is the social family time it gives to employees - being able to drop their children off at the school-gate and to pick them up in the afternoon, for example. For IT managers, there are some immediately obvious concerns. Data security is probably the primary issue, especially considering the number of business laptops, memory sticks and CDs that are lost or stolen each year. Even for SMEs, if you handle sensitive data such as employee records or financial information for another client, losing that data in a public place — such as leaving a laptop on the train – can be a real problem. And if employees want to work from home, or work remotely, then data has to be transported: there is no escaping the fact. The answer to this dilemma lies in the
proper management, control and encryption of information.
Anytime, anyplace, anywhere Well-managed data can be available anywhere and will be easy to sort, share and co-ordinate with other colleagues. Controlled data needs to be securely and regularly backed-up; and using encryption protects data from prying eyes and theft. It’s important to emphasise that the technology to follow all three of these rules is readily available: the process of providing home working options for employees does not have to be a painful one; involving complex implementations and dozens of passwords. A secure encryption key, an online collaboration system, and a means of remotely controlling data are all that is needed. For home workers, who will of course be without the immediate support
supplied by an office IT department, any home-working solution will need to be plug-and-play. One of the best ways to do this is to use the same technology used to secure the credit cards and mobile phones in our pockets. The chip-and-pin smartcard technology used to defend cards and mobiles against data theft is well-suited to a home worker: it is a familiar, everyday system that verifies the user and, best of all, has a ‘remote kill’ function, which enables the device to be remotely disabled and rendered useless if it reported lost or stolen. For small memory stick devices, this ability to ‘remote kill’ is ideal. Going green does not have to be a technological challenge. By embracing intuitive, robust security, businesses and individuals can reap multiple benefits rather than expending energy on outdated working practices. www.thekeyrevolution.com
November / December 2008 : VitAL
The lean green virtualised environment
Executive director of Metron, Adam Grummitt has been in performance management and capacity planning for many years, specialising in application trials, performance engineering and strategic capacity management practice. Here he assesses the greening effect of virtualisation and its financial benefits in the face of the oncoming financial downturn.
he economists are still debating just how much of a credit crunch, recession or even depression we are all facing. Many enterprises are tightening their IT belts as part of a reaction to the general air of financial uncertainty. At the same time there is a lot of activity in terms of virtualisation and consolidation and also in making as much use as possible of existing equipment, or even better, in reducing power requirements in efforts to save costs and espouse environmentally green initiatives. These different interests might seem at first sight to suggest a drop in capacity management activity. The reverse is, however, often the case. There is likely to be a greater demand for identification of current headroom, spare capacity and how to focus on key services in a more lean IT approach. The need is to identify how to make the most of what equipment is already there. This leads to an increased focus on key services and significant (expensive) servers.
VitAL : November / December 2008
The benefits of virtualisation Virtualisation exists in lots of forms, from logical partitions through to para-virtualisation. The perceived benefits of virtualisation depend on the site, but the traditional ones of partitioning, isolation, encapsulation and hardware independence dominate. The extra benefits achieved by the architecture
incorporate dynamic resource scheduling, workload balancing, high availability and consolidated backup. The dominant player in the marketplace is currently VMware and the prime examples are of consolidation of lightly used Windows servers. Many sites have already moved maybe 20 percent of their smaller servers to consolidated
There is likely to be a greater demand for identification of current headroom, spare capacity and how to focus on key services in a more lean IT approach. The need is to identify how to make the most of what equipment is already there. This leads to an increased focus on key services and significant (expensive) servers.
VITAL planet machines, with maybe ten or twenty virtual machines on each. Even with the overheads associated with virtualisation, the consolidated servers are often still lightly used.
But is it green? As to whether this proves to be a green initiative, depends partly on the cascading policy in place. Sometimes the process of identifying which servers are still active can lead to the retirement of a number of services. But the actual servers may well be re-used in some other way, such that there is little or no power saving. Disposal of actually retired servers is a green dilemma, often solved by further cascading to another organisation, such as a school or other body willing to accept free licensed machines. It may well be greener for the first party involved but questionable globally. Consolidation is often achieved via virtualisation but not so much if the application is database oriented with a lot of I/O. In that case, the overheads of virtualisation are likely not to lead to any dramatic savings in power. Consolidation in that case is more often achieved by purchasing newer, smaller, more powerful servers. Centralising and consolidating machines gives a company
t the a s u Visit MF UK itS nce & e r e f Con ibition Exh P19 Stand
more opportunity to have an effective energy management policy by reusing the heat generated. The machines may occupy less physical space but may require more air conditioning and clear space around them, so the total green saving is again debateable. The policy towards write-off/ reuse of the old equipment will largely determine the green benefit.
Power savings In theory, virtualisation, consolidation, auto-provisioning, workload management and dynamic workload balancing (such as VMotion) allow companies turn off machines at low demand periods. Combined with grid
computing, these could offer the ultimate in greenness by only using power and machines when you really need them. The net result is that there may or may not be fewer machines using more or less power. There may be better services on fewer machines, or contention may lead to degradation in the service. But in all cases, there is a need to find the costs and performance benefits of the current and proposed configurations to justify the levels of expenditure planned in the light of business demands. This balancing act is at the heart of capacity management and is as much a requirement in a well-managed IT environment as ever. www.metron.co.uk
in all cases, there is a need to find the costs and performance benefits of the current and proposed configurations to justify the levels of expenditure planned in the light of business demands. This balancing act is at the heart of capacity management and is as much a requirement in a well-managed IT environment as ever.
ns latio n, u m i i M S wned s rd mot onts A R a o ie R O G orld-renand forwth our cl reate P E SS n. Our w energy osely wi ues to c N I E A D ropulsioto create work cl techniq be R e P ned & anâ€™t ng i W e c t n . S a s r s e a N ig lt ion T I O , G2G3 cr are dester resu ential le ulat A m L i i s s s r d U a ur S I M is in min programrise to ftive expe in o d e s h p t va er es ipat With readin he ent g inno rtic a t p n i . d an elling rs, us ange ave h p ho h w pro partne tural c ple l M peo nking. and tive cu n 3.CO o i i i G l h s l t 2 i o p @G ard em NFO r on e forw I e l i v O g. B ema ÂŽ ) V3 ron ore L w I m T (I arn T ARY o le N T R E B M I
E L NAG URE ) A T C M U MOF E ( R C I T K V S OR SER K FRA EW M RIS A IT IN D R N F A NS 00 NCE TIO A I A 200 L R C P E E /I OP COM NT ISO OFT S O EME R G C A MI MAN O I L FO ORT P & RAM G O , PR ECT J O PR
M O C . 3 G 2 G
Service Catalog — ready for the off
Feature sponsored by:
EMC Infra implementation consultant Assumpta Venkatachalam examines the benefits of IT professionals and business managers learning to speak the same language with the IT Service Catalog - plus potential pitfalls of misreading the signs.
riven by the Service Design module within ITIL Version 3, today’s maturing IT service management industry has experienced a surge of interest in the Service Catalog. Now positioned as a central component of the Service Portfolio, the Service Catalog is increasingly seen as a means to bridge the gap between customers and users (customers being the business, and users being the service consumers) and the IT department. However, in practice implementing a service-driven approach via the Service Catalog is a task that requires considerable planning and effort. Not only is a degree of IT service management maturity required
VitAL : November / December 2008
for successful implementation; a significant shift in mindset is also required to enable IT personnel to deal with customers in a more proactive way. For these reasons the Service Catalog is typically published well after the implementation of other ITIL processes, for example, Incident Management. But is the Service Catalog really worthwhile? And if it is, how can you tell when an organisation is ready to ‘walk the talk’?
The power of communication First and foremost the Service Catalog provides logical layer of common ideas and understanding through which IT can align
itself to the needs of business. Without this layer, IT risks operating in isolation; part of the greater business, yet cut off from full participation — the classic scenario where communication between interested parties simply breaks down. Luckily the Service Catalog is there to oil the wheels. Consider the usual business units of sales and finance. The sales department’s costs and profit potential are generally well understood, while finance provides clear opportunities for cost savings and informs the business of potential profits and losses, allowing time to adapt. To the corporate mindset, in providing these functions, such departments automatically deliver value.
Feature sponsored by:
in practice implementing a service-driven approach via the Service Catalog is a task that requires considerable planning and effort. Not only is a degree of IT service management maturity required for successful implementation; a significant shift in mindset is also required to enable IT personnel to deal with customers in a more proactive way.
By developing and delivering a Catalog of services to business, IT begins to fit the same business paradigm. The end game is that through education, communication and alignment, over time the value offered by IT will be intrinsically understood in a similar way. Key to the shift away from ‘tiresome cost centre’ to ‘business enabler’ is providing management with a set of products and services that are clearly defined – complete with associated measurements and statements of value. Agility and responsiveness can only improve as IT strives to keep its finger on the pulse of the business. In turn the wider organisation becomes increasingly aware of the value of
IT — comprehending the investment required to deliver and receive a certain service — and so is more likely to release necessary funds further allowing IT to support and respond to the business. If this sounds like a wonderful circle of understanding, the challenge of achieving it should not be underestimated. Finding the right words to speak to the business about IT can prove tricky, while creating a Service Catalog is a process that has the potential to expose flaws as well strengths.
Ready, steady, go… So before giving the task of creating a Service Catalog the green light, it is advisable to ensure
that the IT environment is in reasonable order and have confidence — based on evidence — in the department’s ability to ‘deliver the goods’. In essence this means that, at a minimum, Incident Management must be well established and mature (a three or above on the CMM is a good guide). Ideally all tactical processes should be in place and stable. Service level management (SLM) is another foundation process for delivering your Service Catalog implementation. While service level agreements (SLAs) won’t be based on services until after the Catalog has been designed, the presence of SLM, even at the Configuration Item or system level, is important.
November / December 2008 : VitAL
Feature sponsored by:
First and foremost the Service Catalog provides logical layer of common ideas and understanding through which IT can align itself to the needs of business. Without this layer, IT risks operating in isolation; part of the greater business, yet cut off from full participation - the classic scenario where communication between interested parties simply breaks down. SLM is certainly not a process to introduce for the first time at on release of the Catalog — a vulnerable stage. The service desk needs some prior experience of the impact of, at the least, rudimentary SLAs on IT operations. The IT team should also have worked on developing positive relations with business in the past. If this is the first attempt at cordial
So before giving the task of creating a Service Catalog the green light, it is advisable to ensure that the IT environment is in reasonable order and have confidence - based on evidence - in the department’s ability to ‘deliver the goods’.
Finding your way through the ITIL qualifications maze Bridging the training gap between ITIL versions 2 and 3 with FGI’s Ruth Phillips.
There was a time when gaining your ITIL qualification was fairly simple and straightforward however, since the advent of ITIL Version 3
there is now a melting pot of lifecycle, capability, bridging and expert qualifications, so where do you start, or how do you continue? How do you find the most suitable route to become an ITIL expert, without getting lost in the qualifications maze? Firstly, it is important to establish what has changed between version 2 and version 3. The topics covered by version 3 are more up-todate and comprehensive, but for the most part unchanged. For delegates and organisations that are relatively new the ITIL process, then version 3 is an obvious starting point. However, for those delegates who already hold version 2 qualifications, or wish to fast track to the new ITIL v3 Expert qualification, then there is a straightforward route to achieve this. All version 2 qualifications, whether at foundation or managers level, can be easily upgraded to the new version 3 qualification, with the ITIL v3 Bridging Course. Although FGI is one of the first accredited training organisations to offer the new ITIL version 3 intermediate modules, the full route to achieving the version 3 expert qualification will not be available until mid 2009. However, there is an exclusive route to achieving the version 3 expert status within 19 days. The v2-v3 Managers Expert route will take delegates through the version 2 managers’ process, and upgrade to the version 3 expert by completing the v3 Managers Bridging course. While version 3 is similar to version 2, the new version will contain more recent information, and after all the very ethos of ITIL is continuous improvement.
VitAL : November / December 2008
relations, the business may be understandably circumspect. Gentler, less intrusive and smaller initiatives are the best way to prepare the ground for the advent of the Service Catalog.
Is the business ready? The Service Catalog model maps top tier business services directly to business functions, in turn providing a guide for service development and enabling the IT department to visibly align itself with the business. However, where the business itself has not identified its key processes, then such mapping will prove impossible. It is rarely productive for the IT department to try and drive the business to define these processes if they do not already exist. Business process definitions are in themselves complex and are generally undertaken during quality initiatives such as ISO 9001. Where the organisation does indeed have the necessary foundations to build on and in general fits into the model provided by ITIL, a ‘one step at a time’ approach is often the best route to Service Catalog success. These are my top tips for getting a Service Catalog on the road: • Generally speaking, there are no easy shortcuts to success — design the Service Catalog to meet clear priorities within your organisation rather than follow a generic ‘blueprint’. • Don’t expect the business to ‘get it’ right away. Articulating the value proposition to business is key so allow plenty of time for discussion and negotiation. • Identifying service ‘owners’ and clear responsibilities is vital. • Knowing your key performance indicators (KPIs) will enable you to report against meaningful goals. • Complex user groups mean a more complex Service Catalog — pre-plan and map services clearly. Pilot one area initially; learn the lessons and only then, move on. • Be confident that your IT service management tool is up to the job. Integrated call logging and service request management are pre-requisite and the supporting architecture should be scalable to future needs. • Don’t underestimate the power of a web portal — easy user access to the Service Catalog can be a real vote winner. • Keep the lines of communication open: Design review stages into your Catalog
management process to ensure that users can locate the right service quickly and easily.
Are you ready for a Service Catalog? Take the self assessment test today! This is your opportunity to discover how to start a Service Catalog straight away. Taking the self assessment test will indicate your level of readiness and the optimum strategy to follow. Service Catalog Management (SCM) manages the development and ongoing lifecycle of the Service Catalog. The Service Catalog itself provides a detailed list of current and planned along with those that were once on offer to the business by IT. When talking about ‘a service’ there are three perspectives to take into account: A) IT perspective – how IT talks meaningfully internally; B) Business perspective – how IT is seen to contribute to business performance;
Be confident that your IT service management tool is up to the job. Integrated call logging and service request management are pre-requisite and the supporting architecture should be scalable to future needs.
Feature sponsored by:
C) User perspective – how individuals view what IT does for them. The Readiness Self Assessment Questionnaire will help you assess whether your organisation is ready to implement a Service Catalog, from an IT and business (customer) perspective. www.infra.co.uk/readiness
Contextual learning: The next generation of technology education Contextual learning is the ideal way to stay on top in the IT sector says Linda King of G2G3. The ongoing pace of technological change is necessitating many organisations to implement new and upgraded service management tools and technologies. Effort expended in this area is considerable and many believe that implementing the ‘right’ technology will help them drive forward their processes and working practices, even help them successfully adopt best practices such as ITIL. This is not helped by some vendors who promote their own technology as a panacea for all things best practice. However, with few exceptions, the majority of tools in the IT service management area are more alike than different in terms of feature and function. The same can be said for many ‘technology-based’ education and training initiatives - they tend to be expensive, generic and lengthy. They focus on all nuances of the technology, as opposed to what the learner actually needs to know. In addition to this, the way people learn has changed significantly over the last decade. The speed of business change combined with today’s rapid work pace has made training courses of a formal nature inappropriate and too slow for many people. Classroom based training for technology or ITIL courses just isn’t enough anymore. People need learning that is immediate, relevant, and in the context of their work. Effective learning is vital - as investments in technology will not deliver positive results unless people actually change what they do. A new generation of learning is here in the form of Contextual Learning. Unlike the more traditional, ‘technology-focused’ tools education, Contextual Learning makes learning relevant in order to directly improve performance. It’s about creating unique learning solutions around the goals, culture and processes of the organisation. Rather than teaching people every facet of the technology, contextual learning is a precision, business-focused approach which relates what needs to be learnt to the specific needs of the learner. This positive enablement is key to creating real readiness for change - and ultimate project success. November / December 2008 : VitAL
YOU DON’T NEED SPY GADGETS TO TRACK YOUR COMPUTERS... ...YOU JUST NEED ABSOLUTE SOFTWARE Organisations risk costly litigation and public relations nightmares when even one ® ® ™ laptop goes missing – Computrace One by Absolute Software can help avoid that. Absolute is a world leader in the security and management of mobile computers. Our patented firmware-based software enables computer theft recovery, data protection and IT asset management delivered on a subscription basis. Recover missing computers Post-theft forensics IT asset management – on or off the LAN Asset discovery Data protection with remote data delete Theft deterrence
© 2008 Absolute Software Corporation. All rights reserved. ComputraceOne and Absolute are registered trademarks of Absolute Software Corporation.
www.absolute.com/vital | (0) 1635 30424
The ITIL adoption report With the aim of producing a true picture of the uptake of ITIL, Sunrise carried out a survey in the second half of 2008, gathering the views of 350 senior IT decision makers*. This feature outlines the results as well as current thinking on the topic of ITIL.
ne of the premises of ITIL is its capacity to adapt to any number of scenarios, and through its framework-based nature, to allow its adopters to choose the level of ITIL influence they want for their organisation. These varying degrees of influence were clearly apparent in the split of the responses. Thirty two percent said that most of their processes were designed around ITIL. At the other end of the scale, only 18 percent said
that their service desk was totally free of ITIL influence whatsoever. It is interesting to note that nearly half of these service desks that are currently no-ITIL zones were considering it for the future. As for the rest, the main reason for rejecting ITIL was the feeling that existing processes were already working well for them (39 percent). Only four percent mentioned cost was the issue.
ITIL training Training statistics are another good indicator of the level of commitment to ITIL, and the overwhelming majority of those asked said that they or their staff had received training (72 percent). So how about moving forward, what are the plans for ITIL in the next 12 months? As many as 33 percent said there was a strong drive to extend ITIL. With only six percent saying they foresaw no further
November / December 2008 : VitAL
VITAL MANAGEMENT progress, this seems to point to a very bright future for ITIL.
ITIL 3 adoption ITIL 3 appears to be gaining acceptance, as the available training courses have gradually adapted to accommodate the new and revised guidelines: 47 percent of respondents knew broadly about ITIL 3 and 24 percent had advanced knowledge already. 46 percent said they were planning to take steps over the next few months to incorporate ITIL 3 into their processes.
ITIL implementation The most successful implementations are managed as a formal project, which begins with a review of existing processes to identify how closely aligned these are to ITIL. A large proportion of organisations (44 percent according to the survey) get external help from an organisation experienced in assessing their capability and implementing ITIL. In the following phase it is important to plan your approach and the overall scope of your implementation and to allocate clear levels of ownership ie, which processes are involved, who will own them from a day-today perspective. ITIL is all about aligning the support and delivery of IT services to business needs. Implementing ITIL will enable IT to focus on areas the business sees as key. It is vital that the business is included in your decision making and that they understand the true benefits that the organisation can achieve by implementing ITIL.
Pitfalls and challenges
The main pitfalls that emerge appear to be lack of appropriate commitment to the implementation of ITIL and lack of planning. Make sure you define what your objectives are, what the scope of your implementation will be, who will own the processes elements and how you intend to measure progress. In addition to this, a lack of internal skills and experience can also delay or impact any implementation. There are skills and experience for hire and it pays to seek professional advice where possible. According to well over half of those who have implemented ITIL, the biggest challenge they have to face is the cultural change, while a third pointed the finger at the process mapping stage. Other challenges cited include finding the time in a busy environment, achieving management buy-in, securing the funding, the change management aspects, and ‘getting people to understand that ITIL is for guidance only’.
VitAL : November / December 2008
According to well over half of those who have implemented ITIL, the biggest challenge they have to face is the cultural change, while a third pointed the finger at the process mapping stage. The cost of ITIL Generally costs will vary dependent on which ITIL process you choose to adopt and to what degree you intend to adopt them. ITIL is not prescriptive so you implement what works for your organisation. It’s reassuring news for those worried that embarking on an ITIL project is synonymous with signing a blank cheque. Practical experience says otherwise as over 80 percent of ITIL projects have ended up costing the amount their managers expected. Only 11 percent said their project was over budget.
Timescales ITIL promotes the philosophy of continual improvement so commitment to implementing ITIL in your organisation will be on-going. However, the creation and embedding of an ITIL-aligned service desk, for example, can be achieved in a matter of weeks. Over a third of our respondents told us that there was a strong drive to further extend ITIL in their organisations. Only seven percent were not considering any further roll-out in the foreseeable future.
Software aspects The software should be capable of meeting the requirements of your organisation, fitting in with your own processes rather than forcing you to adapt your processes to fit the tool. Therefore, it is important that you have clearly defined your processes prior to selecting and implementing your software. More encouraging feedback from our survey as one quarter of those questioned said that ITIL had brought about major benefits and only six percent thought it hadn’t been worth the effort. What you get from ITIL really depends on how far you go. In essence, efficient processes and good practice lead to overall cost savings to the organisation through reduction in duplication of work, improving and increasing productivity levels and improving resource management and system usage. The two top benefits experienced by users were improved response times through clearer processes and better perception of IT service throughout the organisation. Other benefits were better staff motivation, reduced costs, better process transparency and improved audit trail.
Another way of ensuring ITIL delivers value within the organisation is by transferring the methodology to other areas of the business. Even though the IT department might be pioneering when it comes to understanding the value of processes and introducing technology to support these, this approach can also benefit other departments. It was telling that over a quarter of people we asked said that they were either using ITIL already or planning to use it to support processes outside of IT support. Only three percent thought that ITIL could never be useful outside of IT. There are many areas in which users have seen the value of ITIL in other departments and the main ones include: • External customer service; • Facilities management; • Operational functions, eg. telemetry systems; • Complaints management; • Aspects of HR;
Conclusion 350 IT leaders shared with us their experience of ITIL, successes and challenges alike, offering us a unique opportunity to create a snapshot of ITIL maturity at the end of 2008. What this snapshot highlights is that ITIL is not just about a one-off implementation project. It is a continuous process of evolution for the service desk, with the advantage that even the most mature operations can still take their service to the next level. The framework itself is evolving of course, and our results showed how ITIL 3 was being widely embraced, but another aspect, perhaps less frequently mentioned, is the influence that ITIL can have on departments outside of IT. ITIL truly seems to have established a tool through which the modern IT department can finally and unequivocally position itself as a leading example for the rest of the organisation. www.sunrisesoftware.co.uk * The survey was carried out by Sunrise Software online over July and August 2008 and targeted senior IT decision makers in organisations with 200+ employees across all sectors. The results are based on the replies of over 350 respondents who agreed to take part. The overall numbers included 60 percent representatives from private sector organisations and 40 percent responses from the public sector.
BVm^b^h^c\ndjgVXXZhhid>I>AK( IHD!i]ZD[ÒX^VaEjWa^h]Zgd[>I>A!d[[ZghVcjbWZgd[ZaZXigdc^XVXXZhhhdaji^dch[dgi]dhZgZfj^g^c\Z^i]Zg ^cY^k^YjVadgXdgedgViZVXXZhhidi]ZXdgZ>I>A\j^YVcXZ#I]Z]VcY]ZaYZ7dd`d[[ZghVcVXXZhhhdaji^dc[dg ^cY^k^YjVahdci]ZbdkZl]ZgZVhi]Zdca^cZVccjVahjWhXg^ei^dc^hVkV^aVWaZidWdi]^cY^k^YjVahVcY[dg i]dhZlVci^c\idh]VgZVXXZhhVXgdhhVcdg\Vc^hVi^dc#
=VcY]ZaYZ7dd`h >I>AK(i^iaZhVkV^aVWaZVcYgZVYnidgZVYVcYgZ[ZgZcXZdcndjgE96 ^c_jhiV[ZlXa^X`h I]^hZmX^i^c\cZlejWa^XVi^dc[dgbViXVcWZk^ZlZYk^VVYZh`ide!aVeidedgV]VcY]ZaYYZk^XZ# I]ZZ7dd`]VhWZZcYZh^\cZY[dg^cY^k^YjVaVXXZhhVcY]VhZmiZch^kZ[jcXi^dcVaWZcZÒihi]Vi bV`Zi]ZiZmiZVh^ZgidegdXZhhVcYcVk^\ViZVgdjcY# >cXajYZhi]Z[daadl^c\[ZVijgZh/ ;jaaiZmihZVgX]^c\!ZmiZch^kZ]neZga^c`^c\VcYWdd`bVg`^c\ 6aa^aajhigVi^dchVgZY^heaVnZYVcYVkV^aVWaZVhaVg\Zg^bV\Zh^cdcZXa^X` 6 aadlhVccdiVi^dcd[hZXi^dchd[iZmiVcYY^V\gVbh!VYYiZmi!Wdd`bVg`h VcYYgVl^c\hd[ndjgdlc =^\]a^\]iiZmi[dg[jijgZgZ[ZgZcXZ#
Dca^cZ6ccjVaHjWhXg^ei^dc 8dgedgViZVXXZhhhdaji^dcid>I>AK(\j^YVcXZ IdVYdeiD<8Éh7ZhiEgVXi^XZVeegdVX]^cidndjgdg\Vc^hVi^dc!ZVhnVXXZhhidi]Z\j^YVcXZ^hk^iVa#I]ZbdhiegVXi^XValVnd[egdk^Y^c\ i]^hidVaajhZghVXgdhhndjgdg\Vc^hVi^dc^hi]gdj\]bjai^"jhZgZaZXigdc^XVXXZhh#I]Zdca^cZhjWhXg^ei^dc^hi]ZdcanlVnid]VkZ^chiVci VXXZhhidi]ZaViZhiVji]dg^iVi^kZiZmi^cXajY^c\VXXZhhidVaaVbZcYbZcih!gZk^h^dchVcY^begZhh^dch^hhjZYi]gdj\]djii]ZnZVg# I]ZhjWhXg^ei^dceg^XZVcYVXXZhhg^\]ihVgZWVhZYdci]ZcjbWZgd[jhZghVXXZhh^c\i]ZXdgZ>I>A\j^YVcXZVii]ZhVbZi^bZ#;dg ZmVbeaZ!^[ndjgXdbeVcn]Vh*%%ZbeadnZZhWjidcanZmeZXih&%idVXXZhhi]Z\j^YVcXZh^bjaiVcZdjhanVa^XZcXZ[dg&%XdcXjggZci jhZghldjaYWZVeegdeg^ViZ#
;dg[jgi]ZgYZiV^ah^cXajY^c\i]Z[jcXi^dcVaWZcZÒihd[i]Zbjai^"jhZgdca^cZhjWhXg^ei^dc! heZV`iddjgheZX^Va^hiD<8Bjai^"JhZgA^XZcXZIZVbWnZbV^a^c\D<85ihd#Xd#j`dge]dc^c\ ))%&+%(+.+,%&#
:chjgZndj`ZZeje"id"YViZl^i]Vaad[ÒX^VaYZkZadebZcihdc>I>AKZgh^dc(WngZ\^hiZg^c\ [dgi]ZZ"VaZgihZgk^XZVilll#WZhi"bVcV\ZbZci"egVXi^XZ#Xdb$>I>AGZ[gZh]GZ\^hiZg I]ZHl^gaad\d^hVIgVYZBVg`d[i]ZD[ÒXZd[<dkZgcbZci8dbbZgXZ >I>A^hVGZ\^hiZgZYIgVYZBVg`!VcYVGZ\^hiZgZY8dbbjc^inBVg`d[i]ZD[ÒXZd[<dkZgcbZci8dbbZgXZ!VcY^hGZ\^hiZgZY^ci]ZJ#H#EViZciVcYIgVYZBVg`D[ÒXZ#
One of the key ingredients in our success had been our attitude and commitment to customer service and after 14 years in business, our customer retention rate is over 95 percent
The human touch A major player in the field of IT service management, Hornbill takes pride in its philosophy of doing business with a human touch – after all, service management is all about people. VitAL spoke to Patrick Bolger, chief marketing officer at Hornbill. What are the origins of the company; how did it start and develop; how has it grown and how is it structured? Patrick Bolger: Hornbill’s CEO, Gerry Sweeney comes from the very background that Hornbill serves, what better way is there to understand your customers than that? Gerry was an IT manager at a global organisation and was looking at service desk tools for his team. The tools he reviewed had major shortcomings in terms of performance over distributed networks. He saw the need for a tool to provide better and faster call management and with his passion for software development he set about developing what is the core of Supportworks today. Some of the fundamental concepts of the technology that was written back then, such as its low latency non-polling architecture are at the
VitAL : November / December 2008
heart of the successful implementations and service improvements that our customers experience today. Since its inception in 1995, Hornbill has grown at an average of 30 percent per year. As a private company funded entirely through our success we do what we feel is best for the success of our customers and consequently our future. By 2004, we had firmly established our selves as ‘a top-tier player who is challenging many of the longer standing ITSM solution vendors’, to use the words of a respected industry analyst group. Since 2004, we opened an office in New York, followed by our main US office in Dallas, Texas in 2007 and have started to replicate the success we’ve had in Europe. We have also extended our reach in other European countries, particularly in the Baltics and Nordics, gaining several new
I believe that the current economic downturn could prove a huge opportunity for IT service management to show its worth. ITIL isn’t talking about improved processes for their own sake, it’s for the sake of the organisation’s efficiency, driving improvements in customer service, whether the customer is internal or external to the business customers during 2008. One of the key ingredients in our success had been our attitude and commitment to customer service and after 14 years in business, our customer retention rate is over 95 percent. In 2008, we were awarded “IT Service & Support Technology Vendor of the year”, by the Service Desk Institute in recognition of our Customer First strategy. In summing up the reasons for the award, the judges at SDI commented: “ Hornbill expressed a vision in the way it interacts with its customers that was particularly compelling, with a clear focus on simplifying what is essentially a convoluted process, to the greater benefit of the customer... Hornbill has taken the concept of ‘people serving people’ to a particularly mature level. They exhibited a commitment to ensuring this is always at the forefront of every engagement with its customers.” This really summed it up for us and it was very rewarding for the business to have our passion for customer service recognised in this manner. VitAL: What is the company’s specialist area or product group? PB: Hornbill specialises in service management technology, that allows our people, partners and customers to measurably increase customer satisfaction, improve operational effectiveness and reduce costs. Our solutions are used in the IT service management space, but increasingly we find that they are being applied across many other business-driven service management scenarios, such as HR/ payroll service desks and external customer support. VitAL: Is that specialisation to make the best use of skills in the company or because it fits the company’s world view or has it simply evolved? PB: Service management is Hornbill’s business focus and always has been; we’ve enjoyed growth by showing our worth in a growing global market where ITIL and its associated business practices have started to show their value. The depth of our experience in delivering IT service
management solutions has enabled us to apply the principles of best practice within our technology, which appeals to other business groups. In 2007 we introduced the concept of the Human Touch within our technology, which enables service desk staff to give a better service to their customers. This approach has been well received by our customers, as it directly tackles the challenge that most service desks want to address, that is, improving the quality of service delivery. VitAL: How has any specialisation influenced the company’s general stance? PB: It has certainly been influential in our success! The ITSM industry is frequently throwing up new challenges to the user community, such as ITIL and its need for IT to think in business terms and it’s our job to help our customers to find a route to their own success. There’s a huge amount of expertise in Hornbill’s employees and there’s not a lot they can’t find an answer to in the realm of service management. I think that specialisation breeds its own success if you’re good at what you do. VitAL: who are the company’s main customers today and in the future? PB: Our customers come from all areas of business, public sector and commerce, from large high-profile service desk implementations like the Olympic Games that use Supportworks ESP (Enterprise Support Platform) to smaller desks using our Supportworks Essentials product, such as charities like the Dogs Trust. The common factor across all our customers is that they appreciate that a good service management tool is robust yet easy to implement and use, and importantly gives them a path to their own future service development strategy. One of our key strengths is to offer the customer a complete technology and upgrade path as their organisation grows and matures, as our Supportworks Essentials product shares the exact same platform as the Supportworks ITSM solution. So many of our customers buy the product for a job today and tailor it to
help in other service environments over time. Increasingly, we see that ‘C’ level executives are appreciating the cost savings and service quality benefits of running several service desks on a single consolidated platform. The diversity of our customer base and how they use Supportworks, shows that this is likely to continue in the future, particularly in the current economic climate where creating efficiencies, improving service and reducing costs are high on the business agenda. VitAL: What is the company’s business model, ie, does it select a market and then design solutions to meet the needs of that market or does it specialise in particular solutions and seek markets where those solutions are needed? PB: The flexibility of the Supportworks Enterprise Support Platform is such that it can turn its hand to pretty much any business service management scenario, whether that means for internal or external customers, IT or other departmental services. We offer the most frequently requested solutions commercially as applications, with templates for IT helpdesk, IT service desk and external customer service. However our customers’ requirements perpetually take the software into new territories, whether that’s building a service desk related to ingredients at Greggs the bakers, or Shere Ticketing Systems, who use Supportworks to remotely manage the availability of ticket machines at railway stations. Some of our tailored vertical applications, such as our solution for the NHS ‘Supportworks Connecting for Health’ are made available as specific application templates, while other vertical markets such as retail find that the out-of-box product meets their most common requirements. VitAL: What is the company’s commitment to corporate social responsibility, ie, green issues? PB: Hornbill is keen to support its customers however it can and is a corporate member of the RSPB, who have been using Supportworks for many years. We supported the charity’s Sumatra Rainforest campaign directly in 2007, sending a toy hornbill bird to each
November / December 2008 : VitAL
of our customers to raise awareness of the threats to the bird’s habitat, which was great fun for us to support. Hornbill also frequently supports customers’ charitable efforts such as sponsored bike rides or walks. Our staff are not only aware of our environmental policy, it is driven from the very top. Our CEO abandoned his car, choosing to walk to work and our CFO chooses to ride his bicycle through all sorts of weather, despite it being a 30 mile round trip.
VitAL: How does the company communicate with vendors and customers? PB: We like to keep in frequent contact with our customers and the wider IT service management market, but of course what we say has to be of value to people! We recently took part in National Customer Service Week, running a number of ‘how to’ webinars for our customers, sending out hints and tips emails and even putting our top executives on the support desk for an afternoon. The Hornbill User Group (HUG) is always very popular with our customers, giving them a chance to hear the latest plans from us and more importantly to meet their peers and hear what other customers are doing with Supportworks. Across the industry we participate in and support industry groups such as the itSMF, Service Desk Institute, FAST and the Service Futures Group. These groups are excellent
VitAL : November / December 2008
forums and provide us with an even better insight into the day to day challenges faced by service management professionals. VitAL: What is your view of the current state of IT service management and IT in business and the economy in general, the challenges and the opportunities? PB: I believe that the current economic downturn could prove a huge opportunity for IT service management to show its worth. ITIL isn’t talking about improved processes for their own sake, it’s for the sake of the organisation’s efficiency, driving improvements in customer service, whether the customer is internal or external to the business. It need not take a lot of money to improve service; what it does need is a positive mentality, for people to appreciate the benefits, and accept a need to change their way of working for the benefit of the customer. Maybe this current time of uncertainty will provide the ‘sea change’ which allows people to think about what they can do better to improve the relations, particularly between IT and the business units it provides services to. VitAL: What are the future plans for the business? PB: Hornbill’s short- to medium-term focus is on developing our global footprint, following on our success in Europe and the US. Our next technology release promises to deliver
practical solutions to the main challenges in IT and business service management, by promoting integration and collaboration between IT and the business. VitAL: Any other points you would like to add? PB: Hornbill takes pride in its philosophy of doing business with a ‘Human Touch’ – after all, service management is all about people. This is reflected in our software, which makes it easier for our customers to offer better service to their customers. By putting vital information about the customer at the service analyst’s fingertips, they can answer queries efficiently, appropriately, and accordance with the particular needs of each customer. As a vendor, our technology is expected to have all the latest functionality, such as graphic process design tools, comprehensive configuration management database (CMDB) and service automation capabilities, and it does. However, our primary drive is to start by addressing the real problem, to make it easier for our customers to deliver a better service to their customers. The ‘Human Touch’ embraces this approach and allows the service desk to make a difference immediately, not after six months once they have designed and integrated every process. VitAL: Patrick Bolger, thank you very much. www.hornbill.com
ITIL® v3 Expert Passport in just
prices start from £4,055
ITIL® v2 - v3 Manager’s Passport - the shortest route and cheapest option to gain the ITIL® v3 Expert qualiﬁcation Limited Availability - Termination of ITIL® v2 Manager’s training due to be announced in January 2009 by ISEB
Register your interest today and receive 15% discount* Pass Guarantee Scheme
Examination & Non Examination Courses
Multiple UK & International Locations
One Clear Price - inclusive of user-friendly colour courseware and examination
Skills Protection Promise
Expert Trainer Interaction and Post Course Support
The ITIL® and PRINCE2™ Experts
Book Now: 01926 405 777 Email: firstname.lastname@example.org Web: www.fgiltd.co.uk Address: Warwick Innovation Centre | Warwick Technology Park | Gallows Hill | Warwick | CV34 6UW *Duration and price of the course is based on delegates holding a current ITIL® v2 Foundation Certiﬁcate. Offer valid until 31/12/08 and cannot be used in conjunction with any other promotion. All offers are subject to availability ITIL® is a Registered Trade Mark and a Registered Community Trade Mark of the Ofﬁce of Government Commerce and is Registered in the U.S. Patent and Trademark Ofﬁce. PRINCE2™ is a Trade Mark of the Ofﬁce of Government Commerce. The PRINCE2™ Cityscape logo ™ is a Trade Mark of the Ofﬁce of Government Commerce and is Registered in the U.S. Patent and Trademark Ofﬁce
Come and see us at itSMF Conference in Birmingham, 10th - 12th November 2008
Stand K23 / K24
Safe Passage to
Secure your long-term ITSM success with Axios Systems’ world-leading Training, Consulting and Software Solutions.
Driving real value The itSMF UK annual Conference and Exhibition will soon be upon us; this is a news update to keep us up to speed with ‘driving real value’ – the UK’s Service Management conference of the year. The three day event takes place from the 10-12th November at the Hilton Metropole in Birmingham.
tSMF UK’s 17th Conference and 80 strong Exhibition, certainly looks set to have something for everyone: over 60 presentations, seminars, workshops and innovative interactive sessions, with each day being organised within six streams: real life stories, real solutions, real challenges, real people, real partnerships plus interactive and experiential learning sessions. Plus the much talked about Gala Dinner and Awards Ceremony where the winners of the prestigious IT Service Management Awards will be announced.
Experiential learning workshops The Experiential learning workshops consist of a variety of professional business simulations and are entirely interactive. Participants perform actual roles with their own set of tasks and responsibilities, working within teams or individually they discuss, plan and agree on challenging issues. Business simulations enable exploration of real situations; accelerating learning and “clarifying vision and solidifying teams” (Forrester). A number of experiential workshops will run throughout the conference’s three days and include: • An ITSM case experience hosted by Gaming Works where participants will enact the roles of the mission control team of Apollo 13. Participants will see, feel and experience the benefits of applying best practice on organisational performance. Using their ITSM theory to translate NASA service strategy into a service offering combining people, process, product and partner capabilities, they will have to work together as a team, take decisions, agree and apply their own working practices in order to meet their service level targets. This session will demonstrate the importance of people and behaviour as a strategic asset. • Service Management in Action (SMIA) will be run by Fox IT and provides participants with practical, hands-on experience of aligning business and service management best practice, covering ITIL, ISO/IEC 20000 and CoBiT. It enables participants to experience the benefits of
true business and IT integration through formal service management techniques that emphasise the processes, people and tools. Participants will manage their own business and experience for themselves how improved processes and closer integration through better team working, improved communication, and clearly defined roles and responsibilities results in improved business profitability.
Publications Dedicated bookshop unveils two new titles: itSMF UK’s latest publication, Service Level Management – a Practitioner’s Guide, is the brainchild of its SLM Special Interest Group. The book offers a practical experience-based approach to the subject matter and discusses the best way to design an SLM roadmap and implementation project plan, compile a service catalogue, put together service level agreements, and much more. The second title to be launched at this year’s Conference is ITIL v3 Foundation Revision Guide, a co-branded pocket guide from TSO and itSMF UK. A quick reference tool for those interested in ITIL v3, this book covers the examination syllabus of the Foundation Certificate and provides an ideal revision aid. The guide offers basic information around each process and function in the lifecycle, including value, scope, activities and metrics, with cross-referencing to the core books for more detailed reading. Publications manager, Mark Lillycrop comments, “This year the range of titles available at the bookstore will be broader than ever, with books on ITIL; ISO/IEC 20000; CobiT; and various service management, IT governance and project management topics. As usual, delegates will be able to benefit from some great offers, including a 20 percent discount on our two new titles.” itSMF UK Service Management Awards are the much admired, market-recognised, nominationdriven awards, given to the top service management professionals and organisations. The categories for this year awards are: Student of the Year; Trainer of the Year; Service Management Champion of the Year; Project of the Year; Innovation of the Year; Submission of the Year; and the Paul Rappaport Award for Contributions to Service Management. itSMF UK is pleased to be able announce the shortlist for the Project of the Year Award as judged by Steve Straker — Fujitsu Services and Kevin Birch and Pete Burgess both from Severn Trent Water Ltd. Interestingly enough three out of the four shortlisted are financial companies: • The Olympus Programme — Allied Irish Banks (AIB); • ISO/IEC 20000 Programme — European Central Bank (ECB); • Project of IT Service Quality Improvement – ITRI - itSMF Taiwan Chapter; • Leap into Lean - Lloyds TSB Group plc. An overview of the projects will be presented at 2pm in the Monarch Suite on Tuesday 11th November with the winners being announced at the prestigious gala dinner and awards ceremony on the same evening. www.itsmf.co.uk
November / December 2008 : VitAL
It’s a myth that the itSMF simply services companies or corporations and their clients. We do that, but we also service and support anyone who is engaged in the activity of IT service management however that is defined, (probably through ITIL) and irrespective of whom they work for. That itself is a simplistic definition of the industry that would stand up to scrutiny anywhere.
Leading the IT world On the eve of the itSMF’s 17th Annual Conference and Exhibition which takes place from the 10-12th November at the Hilton Metropole in Birmingham, VitAL speaks to Keith Aldis, CEO of itSMF.
he itSMF is the only independent and internationally-recognised forum for IT service management professionals worldwide. It is a prominent player in the on-going development and promotion of IT service management best practice, standards and qualifications and has been since 1991. Globally, the itSMF now boasts over 6,000 member companies, blue chip and public sector alike, covering in excess of 70,000 individuals spread over 40+ chapters.
VitAL : November / December 2008
VitAL: What are the origins of the Forum; how did it start and develop; what are its aims? Keith Aldis: The itSMF started in the UK in the early 90s formally but as the IT Infrastructure Management Forum (itIMF). It was conceptualised before then in around about 1988, by the then CCTA, who had formed an internal UK Government User Group for all things IT. Essentially, the whole thing was managed, literally from the bedroom of one Dave
Wheeldon (known to most in ITSM) and he together — specifically — with his colleague Brian Johnson and others formalised the group properly into a not-for-profit limited company called the itIMF and the rest is really history. Now it’s a global organisation, comprising 53 chapters in as many countries. Vital: What is your background, how did you come to be CEO of the itSMF? KA: I’m essentially an engineer with some
respect to IT service management. It is essentially the only library of its kind in any industry that I can see which is open sourced to all to use and relatively free of charge. You can buy the books and then adopt, adapt and improve on the content, spirit and intent of the product and then use it as befits your own needs. Wonderful! On top of that there are innumerate best practice case studies, IT support products and networking opportunities that enable all of this to be implemented and shared. By the way, I prefer to use the words ‘good Practice’ rather than best practice as best practise can and will always be improved upon. knowledge of IT hardware. For example, I am familiar with ‘Multi-stable flip flops’, but not so sure about the software that they drive. I started out working for IBM in Hursley as a contractor in 1977 but went through various career changes including construction and engineering, training and education, industrial relations, client relationships, energy and facilities and environmental management until I found myself with sufficient general skills to operate at a CEO level. This is my second CEO role. I know a little about a lot (always dangerous!) and a lot about a little. VitAL: Describe a typical itSMF member. Who are the Forum’s main customers today and in the future? KA: That’s an interesting one! By their very nature, IT service managers are not typical. Some come from a technical background and some straight from a business background. I come from both I guess! Most are focused on the delivery of ‘service’, while others see IT service management as an opportunity to perpetuate what they have always done in the environment they are used to working in. What is true, is that there can be no ‘heroes’ in IT service management and that the very valuable skills IT service managers have to be shared, documented and measured for the good of the whole. It’s a myth that the itSMF simply services companies or corporations and their clients. We do that, but we also service and support anyone who is engaged in the activity of IT service management however that is defined, (probably through ITIL) and irrespective of whom they work for. That itself is a simplistic definition of the industry that would stand up to scrutiny anywhere. VitAL: How does the Forum promote best practise in the industry? KA: ITIL itself was created by industry experts and forms the core of ‘best practice’ with
VitAL: Does the Forum seek to promote corporate social responsibility, ie, ‘green’ issues? If so, how? KA: Yes! Green and best use of the environment in particular and we’ve started on the road of raising green issues in our latest e-symposium (October 16th 2008). However, we also intend to hold a physical Green IT Summit or conference next year. Power consumption is possibly the biggest issue that faces businesses nowadays. Wastes management is possibly second to this and then the provision of good and well maintained IT systems and its management sit behind this. We are all too aware of the latest increase in the cost of energy and there’s no denying it, that delivery of good IT service management consumes energy, particularly if one is running a large call centre or help desk supported by god knows how much IT hardware, so it’s reasonable for this industry to begin to address the green issues properly. Keep an eye on our websites for further developments in this area. VitAL: What is your view of the current state of IT service management and IT in business in general? KA: The good thing of course, is that IT and IT services are becoming recognised as core to the business and one hopes that with this recognition, the businesses themselves will understand and engage more to help to develop and deliver sound services. IT is here to stay! E-commerce is just commerce with an e in front of it, the same is true of e-mail, e-symposiums, e-business and so on. The e part is delivered through IT and good IT service management enables us to deliver these things, hopefully, with greater efficacy. Service is simply exactly what it says – we as an industry are here not only to provide a service to the business, its suppliers and its clients but also to maintain the service given to our internal partners who use the systems we
produce and manage to enable the business. In my own business, as a CEO it’s my duty to enable engagement at all levels. That’s the role of a CEO – the title really means ‘chief enabling officer’. VitAL: How is the current economic crisis affecting the IT business and what lasting effects will be felt? KA: Everyone knows by now that business and industry are suffering from all sorts of problems, identifiable from the credit crunch to high energy costs and from sub-prime mortgages to mismanagement of the futures market. What is true however is that in all of these areas, while key decisions have been made by the businesses and supported (hopefully) by good IT service management, no one is able to operate without any IT service management. That’s not to say that IT service management is to blame for many ills, it’s just that it can be a tool for advantage as well as disadvantage and businesses need to understand this as well as to recognise that IT can be the lynchpin on which they all operate. IT is now very much, the business! VitAL: What are the future plans for the itSMF? KA: Well, of course, there is still the ongoing plan to engage with more and more IT service managers and end-users of IT service management. We have plans to open a further 20 or so chapters within the next year or two and to engage with the estimated 25m IT service managers and similar individuals around the globe. The itSMF itself has evolved with itSMF International, now achieving financial stability and improved customer support to its chapter members and for me personally, the next immediate job is to get the UK Chapter to achieve the same, while at the same time getting it to recognise its special place in the movement as the ‘mother’ chapter and also to help the UK Chapter concentrate on delivering its services to its UK-based membership. With that in mind, the UK Chapter is now developing a whole suite of new publications, the first of which is out now, called ‘Service Level Management – A Practitioner’s Guide’ (check out our bookstore on www.itsmf. co.uk) as well as a completely new ISO 19770 Software Asset Management Certification and Qualifications Scheme expected to be live from April 2009. We are broadly speaking, increasing our own range of products and services as we go. Great fun! VitAL: Keith Aldis, thank you very much. www.itsmf.co.uk
November / December 2008 : VitAL
ink Elephant is an independent global professional services organisation and world leader in IT management best practices. The company exists to optimise IT Services for our clients, specialising in improving the quality of IT services through the application of recognised frameworks, including the IT Infrastructure Library (ITIL). Our core services are IT service management consulting, cupport and education services. Our approach to implementing IT service management has been honed over 20 years of supporting the implementation of best practices. Pink Elephant has been involved in the ITIL project since its inception in 1987, and has contributed to version 1, 2 and 3 of the library, authoring the Continual Service Improvement book as part of the new ITIL v3 lifecycle series. We operate across all continents and are accredited by all of the appropriate organisations for the markets in which we operate. We deliver both v2 and v3 public and onsite courses as well as overviews and simulation events, and have trained over 100,000 people to date. Our materials are accredited, audited and are subject to internal QA and continual improvement, and Pink Elephant UK is accredited by the Institue of IT Training.
Tel: +44 (0) 118 903 6824 Fax: +44 (0) 118 903 6282 Email: Info.email@example.com Web: www.pinkelephant.com
CCM Professional Services was originally established in the mid 1990s to provide consultancy services to organisations wishing to improve their service desk function. ICCM realised most solutions on the market did not offer the level of functionality being demanded by the industry, and for that reason researched other technologies to deliver benefits over existing application vendors. ICCM identified Metastorm BPM as an exciting process-enabling technology that seamlessly delivers a high performing orchestration engine and web interface that ensures compliance and adherence to any underpinning process. This enabling technology incorporating ICCM’s e-Service Desk truly transforms the way in which service management applications deliver value to a customer. Today, ICCM’s core objective is to provide revolutionary software and superior services to organisations aspiring to best practice service management. Rather than the legacy ‘application development’ driven approach that many vendors in the market have adopted, ICCM’s forward-thinking approach blends its first-class service desk tool with the functionality of business technology in the form of Metastorm BPM. This collaboration delivers unparalleled service management capabilities across all industries and business functions in almost every geographical region.
Tel: +44(0)1666 828600 Email: firstname.lastname@example.org Web: www.iccm.co.uk
ardown Consulting, based in Bedfordshire and operating throughout the UK, Europe and the Middle East is passionate about IT service management and provides a professional, customer focus approach from first enquiry through to project completion. We are an accredited ISEB and APMG training provider and our trainers, many of whom are also examiners, have many years experience working in industry delivering real life service delivery projects prior to utilising their skills in education, so our students can be assured that they will receive first class training based on the real world rather than solely classroom experience. A frequently neglected yet vital area of IT is the need to have specialists who keep organisations IT services running. Good planning, administration and control are key activities to ensuring that services are provided in such a way as to meet the requirements of the organisation in a quality, cost effective manner. Professional service management ensures increased availability and quality of services, an understanding of the customers’ requirements and the provision of the capacity to meet these, minimising the impact of adverse, poorly planned change and overall to reduce risk of failure and minimise long term costs. Working with Wardown Consulting will ensure that you provide the value and quality of service provision that your customer demands.
VitAL : November / December 2008
Prudence Place, Proctor Way, Luton, Bedfordshire LU2 9PE Tel: 01582 488242 Fax: 01582 488343 Web: www.wardownconsulting.co.uk
ream Catchers enables organizations to achieve sustained operational excellence through the combination of people, processes, and technology. The real dynamics of these are found in the proper combination of Best of Breed Solutions, Educational Services, Proven Implementation Methodologies and International Standards based Best Practices (ITIL). This is the driving force behind our solutions. Unique in the market is our integration of the disciplines of Service Management and Enterprise Systems Management. The two having a symbiotic relationship means they cannot be effectively deployed without consideration of the other. Our Clients as a result of this strategy have realized the following business benefits: Increase the quality and efficiency of delivering IT services ; Increase the reliability of IT service; Improve IT performance; Reduce overall IT costs. Dream Catchers is an accredited ITIL Training Organisation providing all levels of ITIL Certifications training to Government and Fortune 500 customers across the USA, Canada, and Europe. We offer a guarantee programme to students of the ITIL Foundations course. All students are provided access to online continuing education for life. Students of V2 foundations have free access to our online ITIL V3 Foundations Bridge course. Dream Catchers development of computer-based training products has been highly successful with sales worldwide. Providing individual and corporate licenses, Dream Catchers is able to meet the needs for usage tracking with web based license delivery and Learning Management System (LMS) integration. Corporate customers choose the computer-based training programmes for their value with unlimited user and unlimited duration licenses. Consultancy services are delivered by a team of senior ITSM consultants having real world experience implementing and managing ITSM projects for both private and public sectors. Many of our customers embed Dream Catchers consultancy services in their own services they offer their customers. This service supply chain is central to our company value of customer enablement. Dream Catchers is expanding by opening Operations in the UK. We are seeking individuals with a passion for ITSM, wiliness to work hard, and a high degree of ethics.
Phone: +44 (0) 20 8090 5015 Email: email@example.com Web: www.dream-catchers-inc.co.uk
In Good Company... Galliford Try WDSGlobal The Royal British Legion King Sturge Tayside Contracts Admiral Group plc Baillie Gifford & Co. ESP Manheim Auctions Patech Limited Qualcomm Wireless Business Solutions B.V East Lothian Council Reynolds Porter Chamberlain LLP Mid Devon District Council UK Intellectual Property BBC Worldwide Birmingham University nFlow LLP University of Worcester Clark & Peacock Reigate & Banstead Borough Council e-GoodManners
Dyfed Powys Police DORMA UK Ltd. Solutions E u r o p e Lewis Silkin O f f i c e Lane Limited
Solutions %XTRAORDINARYรง3ERVICEรง$ESKรง3OFTWAREรงCREATEDรงWITHINรงTHEรง ,EADINGรง0ROCESSรง)MPROVEMENTรง!RCHITECTURE Call for a
web demonstration on +44 (0)1666 828600
Customer Service & Call Centre Solutions Customer Service Network
Third Avenue, Globe Business Park Marlow, Buckinghamshire SL7 1EY T: +44 (0) 1628 898 888 F: +44 (0) 1628 898 777 W: www.kana.com C: Warren Holtman KANA helps the world’s best known brands master customer service experience. Our solutions help companies create consistent, knowledgeable conversations with customers across every channel; phone, email, chat, and web. KANA’s clients report significant increases in customer satisfaction and loyalty.
General Training UKCMG
West House, West Street, Haslemere, Surrey GU27 2AB T: +44 (0) 1428 641616 F: +44 (0) 1428 641717 W: www.richmondsupportdesk.com C: Simon Armstrong E: firstname.lastname@example.org Richmond Systems service management solution Richmond SupportDesk enables rapid implementation of enterprise wide support based on ITIL® best practices. Richmond SupportDesk maximises the efficiency of your support operation and raises service levels for internal IT Service Management and Managed Service Provider environments.
Industry Body / Association BCS
Suite A1, Kebbell House, Carpenders Park, Watford. WD19 5BE
North Star House, North Star Avenue, Swindon, SN2 1FA
T: + 44 (0) 20 8421 5330 F: + 44 (0) 20 8421 5457 W: www.ukcmg.org.uk C: Laura Goss, UKCMG Secretariat E: email@example.com UKCMG is an independent, non-profit, user group organisation targeted at improving members’ knowledge, skills and abilities in Capacity Management and related IT service management disciplines. We achieve this through a combination of events including, a three-day Annual Conference and networking between endusers, consultants & suppliers
T: +44 (0) 1793 417596 W: www.bcs.org C: Suky Kaur Sunner E: firstname.lastname@example.org
Helpdesk Internal/External ICCM Solutions
HelpDesk Internal/External Richmond systems
Unit 4 Charlton Business Park, Crudwell Road, Malmesbury, Wiltshire, SN16 9RU T: + 44 (0) 1666 828 600 F: + 44 (0) 1666 826103 W: www.iccm.co.uk C: Kate Colclough E: email@example.com ICCM supply Service Desk software created within Metastorms™ leading process improvement architecture. This collaboration delivers unparalleled Service Management capabilities across all industries and business functions. By developing its technology from the process up around the ITIL® framework ICCM’s software allows customers to tailor processes around their company’s actual needs.
VitAL : May / June 2008
BCS is the leading professional body for those working in IT. We have over 65,000 members in more than 100 countries and are the qualifying body for Chartered IT Professionals (CITP). Please go to www.bcs.org to learn more.
Industry Body / Association IT Service Management Forum
150 Wharfedale Road, Winnersh Triangle, Wokingham, Berkshire. RG41 5RG T: 0118 918 6503 F: 0118 969 9749 W: www.itsmf.co.uk C: Ben Clacy E: firstname.lastname@example.org The itSMF is the only internationally recognised and independent organisation whose sole focus is on the on-going development and promotion of IT Service Management ’best practice‘, standards and qualifications. The forum has 14,000 UK members and official itSMF chapters in 44 countries.
Your VitAL Magazine News Views Strategy Management Case studies and Opinion pieces To advertise in VitAL contact Ian Trevett on +44 (0)1293 934463
Inspiration for the modern business
IT Service Management Consulting Training FOX IT
Chester House, 76-86 Chertsey Road, Woking, Surrey, GU21 5BJ T: +44 (0) 1483 221222 F: +44 (0) 1483 221500 W: www.foxit.net E: email@example.com Fox IT is a global independent Service Management specialist having undertaken transformation engagements in over 50 countries. Recognised as the premier supplier of Consultancy, Education, Solutions and Accelerators, Fox IT has the most extensive ITIL based ITSM and Governance practice in the world.
IT Service Management Consulting Training Pink Elephant
Atlantic House, Imperial Way, Reading. RG2 0TD T: + 44 (0) 118 903 6824 F: + 44 (0) 118 903 6282 W: www.pinkelephant.com C: Frances Fenn E: firstname.lastname@example.org Acknowledged worldwide as niche, independent, IT Service Management Education and Consulting providers. Having trained more people than any other company in ITIL related subjects since 1987, we have contributed to all 3 versions of the ITIL books.
IT Service Management Consulting Training Wardown Consulting
Prudence Place, Proctor Way, Luton, Bedfordshire. LU2 9PE T: 01582 488242 F: 01582 488343 W: www.wardownconsulting.co.uk C: Rosemary Gurney E: email@example.com Wardown Consulting was established to help businesses capitalise from the substantial benefits that IT Service Management can deliver. Our consultants boast a wealth of industry experience and are accredited to deliver ITIL v2 and v3 training.
IT Service Management Consulting Training G2G3
Panama House, 14 The High Street, Lasswade, EH18 1ND T: + 44 (0) 131 461 3333 F: + 44 (0) 131 663 8934 W: www.g2g3.com C: David Arrowsmith E: firstname.lastname@example.org G2G3 is the leading provider of communication tools, gaming solutions and simulations that propel enterprise IT and business alignment. Headquartered in the UK, G2G3 has a strong global network of partners supporting the Americas, Europe and Asia-Pacific.
IT Service Management Consulting Training Kepner-tregoe
Quayside House, Thames Side, Windsor, Berkshire, SL4 1QN T: +44 (0) 1753 856716 F: +44 (0) 1753 854929 W: www.kepner-tregoe.com C: Steve White E: email@example.com Kepner-Tregoe provides consulting and training services to organizations worldwide. We collaborate with clients to implement their strategies by embedding problem-solving, decision-making, and project execution methods through individual and team skill development and process improvement. Clients build competitive advantage by using our systematic processes to achieve rapid, targeted results and create lasting value.
IT Service Management Systems AXIOS SYSTEMS
60 Melville Street, Edinburgh, EH3 7HF T: +44 (0) 131 220 4748 F: +44 (0) 131 220 4281 W: www.axiossystems.com C: Jenny Duncan E: firstname.lastname@example.org Axios Systems, a leading provider of IT Service Management solutions, uses a customer-centric approach to ensure customers can align their Service and Support with the overall business goals. Axios is headquartered in the UK, with 12 offices across the world.
IT Service Management Consulting Training House-on-the-Hill Software
127 Stockport Rd, Marple, Cheshire SK6 6AF T: +44 (0) 161 449 7057 F: +44 (0) 161 449 7122 W: www.houseonthehill.com C: Tim Roche E: email@example.com Specialists in providing comprehensive solutions for any size business on time, in budget and uniquely tailored to your needs, House-on-the-Hill produces SupportDesk; the most flexible service management solution on the market. House-on-the-Hill provides comprehensive solutions for over 500 businesses worldwide.
IT Service Management Systems InfraVision
Delegate House, 30A Hart Street, Henley-on-Thames, Oxon, RG9 2AL T: +44 (0) 1491 635340 F: +44 (0) 1491 579835 W: www.infravision.com C: Nigel Todd E: firstname.lastname@example.org InfraVision improves your service organisation, delivering value to your company’s core business. The unique combination of ITIL process knowledge and thorough knowledge of Service and System Management Software enables us to deliver successful implementation within the defined budget.
IT Service Management Systems Sunrise Software
50 Barwell Business Park, Leatherhead Road Chessington, Surrey. KT9 2NY T: +44 (0) 208 391 9000 F: +44 (0) 208 391 0404 W: www.sunrisesoftware.co.uk C: Angela Steel E: email@example.com Sunrise is a leading independent provider of service management software solutions for IT and across the organisation, with a customer base of over 1000 blue chip and public sector organisations.
May / June 2008 : VitAL
IT Service Management Systems EMC INFRA
Connaught House, Portsmouth Road, Send, Surrey, GU23 7JY T: +44 (0) 1483 213 200 F: +44 (0) 1483 213 201 W: www.infra.co.uk C: Samantha Ruffle E: firstname.lastname@example.org EMC Infra provides a 100% Web solution for best practice IT Service Management. Featuring a powerful Federated CMDB, intelligent integration with existing infrastructure and ITIL process automation, Infra delivers the best upfront and ongoing value for comparative depth of functionality.
IT Service Management Systems NetSupport Software
Towngate East, Market Deeping, Peterborough, PE6 8NE T: +44 (0) 1778 382270 F: +44 (0) 1778 382280 W: www.netsupportsoftware.co.uk C: Colette Reed E: email@example.com NetSupport are developers of desktop management and remote control software packages. The product range comprises NetSupport Manager Remote Control, NetSupport DNA Helpdesk (providing a web-based ITIL-compliant helpdesk), NetSupport DNA Asset Management Suite and NetSupport Protect desktop security and recovery.
IT Service Management Systems Touchpaper Software
Dukes Court, Duke Street, Woking, Surrey GU21 5RT T: +44 (0) 1483 744444 F: +44(0) 1483 744401 W: www.touchpaper.com C: Louisa Maguire E: firstname.lastname@example.org With over 20 years’ experience, Touchpaper is one of the most established international providers of IT Business Management (ITBM) solutions (covering IT Service Management, Customer Service Solutions and Network & Systems Management). Touchpaper serves 1,800 customers and 3 million users.
Publications, Events, Conferences CUSTOMER MAGAZINE
31 Media, Crawley Business Centre, Stephenson Way, Crawley, West Sussex, RH10 1TN T: +44 (0) 870 863 6930 F: +44 (0) 870 085 8837 W: www.31media.co.uk C: Grant Farrell E: email@example.com Customer is a UK based magazine for senior professionals who are committed to ensuring their businesses are totally customer centric. With a pragmatic editorial approach Customer aims to bring clarity and vision to a sector that has become increasingly complex.
Publications, Events, Conferences TEST MAGAZINE
31 Media, Crawley Business Centre, Stephenson Way, Crawley, West Sussex, RH10 1TN T: +44 (0) 870 863 6930 F: +44 (0) 870 085 8837 W: www.31media.co.uk C: Grant Farrell E: firstname.lastname@example.org The European Software Tester is a publication designed specifically for individuals and organisations aligned with software testing. With independent, practical, and insightful editorial T.E.S.T aims to inspire its readers and provide its advertisers with a clearly defined route to market.
Publications, Events, Conferences VitAL Focus Groups
31 Media, Crawley Business Centre, Stephenson Way, Crawley, West Sussex, RH10 1TN T: +44 (0) 870 863 6930 F: +44 (0) 870 085 8837 W: www.31media.co.uk C: Grant Farrell E: email@example.com The VitAL Focus Groups are peer to peer discussion forums that take place at regular intervals throughout the year and provide a solid platform for senior IT professionals to discuss, debate, and hopefully resolve some of their key challenges.
IT Service Management Systems tesseract
1 Newmans Row, Lincoln Road, High Wycombe, Buckinghamshire, HP12 3RE T: +44 (0) 1494 465066 F: +44 (0) 1494 464756 W: www.tesseract.co.uk C: Mark Montgomery E: firstname.lastname@example.org With over 20 years experience, Tesseract’s Service Centre manages field service operations in over 350 companies worldwide. Service Centre is a leading browser based system and can be accessed entirely across the web. Increasing flexibility enables Service Centre to be hosted, decreasing IT hardware and maintenance costs.
VitAL : May / June 2008
Your VitAL Magazine News, Views, Strategy Management Case studies and Opinion pieces To advertise in VitAL contact Ian Trevett on +44 (0)1293 934463
Inspiration for the modern business
FREE ANNUAL SUBSCRIPTION
I N S P I R I N G
C U S T O M E R
C E N T R I C I T Y
I N S P I R I N G
C U S T O M E R
OUT OF AFRICA
USING OFFSHORE PROPERLY MORE PROFIT: NOT LESS COST
FOLLOW THE SUN CAPABILITIES
HELPING THE AGED CRM FOR THE OVER 60S
USE IT PROPERLY
FLIGHT TO QUALITY
AN AGENT VOICE
Asking the people who matter
Customer engagement tackles the crunch
SUSTAINABLE DEVELOPMENT PLANNING FOR LONG-TERM SUCCESS
KEEP UP WITH THE BAD GUYS Customer August September 2008 Issue 3.indd 1
C E N T R I C I T Y
Volume 1 : Issue 4
Volume 1 : Issue 3
Customer October November 2008 Issue 4.indd 1
To qualify for this offer please download a subscription form from www.customermagazine.net quoting reference CMFREE1108 or email email@example.com
INSPIRING CUSTOMER CENTRICITY www.customermagazine.net * This offer may be withdrawn at any time and free subscriptions are subject to our terms of control and are at the publisherâ€™s sole discretion
November / December 2008 : VitAL
SECRETS OF MY SUCCESS
Alastair MacKenzie Firescope
on the the basis of ‘knee-jerk’, emotional decisions; Invest time in recognising people but also invest time in setting clear goals and expectations in order to get the best from your teams.
VitAL: Name, company and job title please? Married? Kids? AM: Alastair MacKenzie, FireScope director. Married to Debbie, with an eight year old daughter. VitAL: What got you started in IT? AM: Like many people, it was Sir Clive Sinclair. I bought a ZX Spectrum and connected it to a TV in my bedroom. I hear that you can still play gaming favourites such as 3D Tanx but now online! This prompted my interest in computing — which I studied at university. I graduated in 1991 with a BSc in Computing Science, Operational Research & Statistics. Since then, I’ve worked for a number of great companies such as McDonnel Douglas, OpenText and IBM before I joined FireScope in July of this year.
VitAL: What was your first IT job and what was your first major IT triumph? AM: I joined McDonnell Douglas on its graduate training programme, based out of Hemel Hempstead. The UK division was focused on IT solutions rather the core aircraft business and, subsequently, separated — becoming known as MDIS and now as Northgate Information Solutions. After nine months of training, I joined the team selling HR and payroll solutions. My first major IT triumph could be getting my iphone working in only a few minutes! However, my first success in IT was selling an HR and payroll solution to Torbay Council. VitAL: What has experience taught you? AM: I’ve learnt that you should: Focus on what you want to achieve; Never make career moves
VitAL : November / December 2008
VitAL: What do you like best about your job? AM: The best part is when you see your product implemented in a customer environment. I also like the variety – each customer’s needs are slightly different; then there are the company-centric things such as recruitment, staff retention, budgetary and performance issues. Moreover, FireScope not only operates in a technologically exciting industry but there are also opportunities to help the company grow rapidly. VitAL: What is your biggest ambition? AM: To be part of FireScope’s continuing success, both in terms of performance and market reputation. From a different perspective, I’d quite like to own an Aston Martin. VitAL: What are your hobbies or interests? AM: I’ve just started playing tennis. I enjoy skiing; practising on the Wii to see if I can beat my daughter; and playing five-a-side football. I try to continually improve my knowledge of wines. In addition, I like to spend time with my family. VitAL: How are you finding the market in the current economic conditions? AM: FireScope is currently experiencing its best ever quarter but we cannot afford to be complacent. Some clients and prospects are now being instructed to cut IT budgets for 2009 — in some cases by up to 25 percent. This is prompting organisations to postpone projects — particularly upgrades — rationalising contracts and suppliers, as well as considering lower cost alternatives. For us, this means we have to work even harder helping clients with compelling financial business case
justification. One way of helping them is to introduce them to the idea of a configuration management database (CMDB) because this can help them save lots of money through the reuse of their existing assets. Thankfully – as with business service management (BSM) – there are alternatives to the high cost systems of the ‘large’ suppliers. The turmoil on the world’s financial markets indicates – among other things — that people are no longer willing to pay high prices purely on the strength of an established product name. VitAL: Where do you see the future of IT service management? AM: Our reliance on IT whether as employees, suppliers or customers will continue to grow at a rapid pace. At a time of budget squeeze and ongoing skills shortages IT departments will be pushed harder than ever before to do more with less. As an example, many organisations are considering or implementing virtualisation technologies — we do however need to recognise that while lowering costs this does add another dimension to service management. In the future we will continue to see ITSM adopting best practices to increase automation. We will see further demands and service expectations from consumers on the web and the business need to provide better reports on utilisation and value for money. Finally, customers will demand that these requirements are met by vendors providing solutions that are easy to use and demonstrate a quick return on investment. VitAL: What is the secret of your success? AM: My parents instilled in me some useful principles which seem to have stood me in good stead over the years. They include: work hard; treat others with common courtesy and respect; do what you say; trust your instincts; and enjoy different experiences. www.firescope.com
by the members for the members The only internationally recognised and independent organisation dedicated to IT Service Management. It is a non-proďŹ t-making organisation wholly owned and principally operated by the members. itSMF is global with chapters around the world, giving members access to a network of industry experts and peers all ready to exchange ideas and experiences to avoid duplicating mistakes and improve service management. Regular regional meetings and an Annual Conference & Exhibition plus web-based facilities combine to provide a rich and rewarding learning experience. Plus there are huge savings to be made when purchasing best practice materials. The itSMF beneďŹ ts IT service professionals at all levels within an organisation. It provides the latest industry information, facilitates knowledge sharing and helps members during every phase of the IT Service Management process.
helping develop & promote best practice & standards in IT Service Management
Tel: +44 (0) 118 918 6500 Fax: +44 (0) 118 969 9749 Or visit our website
Business Analysis Project Management Information and Security
P Man roject age men t
IT Assets and Infrastructure
Soft Test ware ing
ITIL / IT Service Management
ITIL Man/ IT Ser age vice men t
s tem t Sys opmen el Dev
s& sset re IT A structu Infra
Law Software Testing
s ines Bus lysis Ana
ISEB offers a variety of internationally recognised qualifications, with 8 major subject areas in:
ISEB qualifications come in foundation, practitioner and higher level to suit each individual candidate. ISEB qualifications allow you to learn new skills in specific business and IT areas which measure competence, ability and performance. This helps to promote career development and provide a competitive edge for employees.
: tion a m or r inf e h t iseb Fur org/ . s c .b www
Published on Jan 20, 2014