VOLUME 6 | ISSUE 5 | MAY-JUNE 2013
sid Vit e: AL 16 Di -pa ge ge st
INSPIRATION FOR THE MODERN BUSINESS
De-risking change Transforming desktop delivery
Intelligent communication in a social world Exploring the evolution of the intranet
Unlocking security for IT Tackling the global cyber security threat
Feature Focus: Doing more with less: 34-37 www.vitalmag.net | May-June 2013
Leader EDITOR Matthew Bailey firstname.lastname@example.org Tel: +44 (0)203 056 4599 TO ADVERTISE CONTACT: Nicholas Strutt email@example.com Tel: +44(0)203 668 6941
Long live our data irstly, I would like to welcome you to the all new redesigned VitAL Magazine, I hope you approve of our new look, we certainly think it sets the tone for a magazine reporting from the IT frontline.
DESIGN & PRODUCTION Tina Harris firstname.lastname@example.org EDITORIAL & ADVERTISING ENQUIRIES 31 Media Ltd, 41-42 Daisy Business Park, 19-35 Sylvan Grove, London, SE15 1PD Tel: +44 (0) 870 863 6930 Fax: +44 (0) 870 085 8837 Email: email@example.com Web: www.vital-mag.net PRINTED BY Pensord, Tram Road, Pontllanfraith, Blackwood, NP12 2YA © 2013 31 Media Limited. All rights reserved. VitAL Magazine is edited, designed, and published by 31 Media Limited. No part of VitAL Magazine may be reproduced, transmitted, stored electronically, distributed, or copied, in whole or part without the prior written consent of the publisher. A reprint service is available. Opinions expressed in this journal do not necessarily reflect those of the editor or VitAL Magazine or its publisher, 31 Media Limited. ISSN 1755-6465 PUBLISHED BY:
VitAL Magazine, proud to be the UKCMG’s Official publication. ITIL ® is a Registered Trademark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the US Patent and Trade Mark Office. PRINCE2 ® is the Registered Trade Mark of the Office of Government Commerce. MSP ® is the Registered Trade Mark of the Office of Government Commerce.
A couple of stories have caught my eye recently, both in one way or another reflect the growing importance of personal data and its power to do good... or bad. The first reminded me of a recent Channel 4 drama, part of the Black Mirror sci-fi drama series written by onetime computer games journalist Charlie Brooker. In the episode ‘Be Right back’ a young widow reconstructs the personality of her dead husband using a life-like robot and an app that compiles all the late spouse’s online thoughts, tweets, postings and prognostications into a synthetic, ersatz hubby. While the above idea is still clearly in the realms of fiction, it did resonate with the news that Google has announced that it has built a data-after-death tool to allow consumers to decide what happens to their data after they die. The feature applies to Google’s email services, as well as social networking site, Google Plus. While Google claims the new tool will help users to plan their digital afterlife and protect their privacy and security, internet users have expressed concern about what happens to their personal information after their death. No sign of anyone ‘reconstructing’ a lost loved one from that data just yet though. Another story about our personal data coming back to haunt us is the well publicised case of Paris Brown, the UK’s first youth police and crime commissioner. The publishing of some of her youthful, ill-advised tweets from years gone by which led to her resignation were more than just a huge personal blow to her and an embarrassment to Kent’s Police and Crime Commissioner, Ann Barnes, they run the risk of undermining confidence in the Home Office’s flagship law and order policy. And there have been many other similar cases where employees have been fired due to their perceived past ‘misuse’ of social media sites. That said, social media sites are also being used by people to get hired. Commenting on the rising trend of the ‘Twitter résume’ or ‘Twésumé’, Mark Pearce, strategic alliance director at Enterasys Networks said, “The traditional paper CV is becoming redundant. The internet is becoming an individual’s CV and social networks are an employer’s primary reference. Reviewing a candidate’s Twitter or Facebook profile allows employers a unique way to view how professional – or unprofessional a candidate is. Bad behaviour on social media sites cannot be covered up. Once it is posted online it is publicly available to anyone.” Long after we are gone, our data lives on! Until next time
Matt Bailey Editor
www.vital-mag.net | May-June 2013
Contents 6 8
VitAL COVER STORY
Unlocking security for IT As companies man the barricades against a new wave of cyber attacks, governments, security consultancies and experts around the world are launching initiatives and opening up new fronts in the war against the hackers.VitAL editor Matt Bailey canvassed opinion from the IT security industry about what you can do to make sure you are ready for the challenge.
itAL SIGNS – LIFE IN A 13 VWORLD WITH IT Cats are not people - the ultimate incident to manage
8. UNLOCKING SECURITY FOR IT
Schrödinger’s cat is a thought experiment with uncertainty at its heart. Uncertainty is something that is intriguing and a commonly shared experience that is all too familiar to Steve White.
VitAL MANAGEMENT Making the case for consumerisation Geoff Rees, sales director at Sunrise Software explains why the consumerisation of business applications is a necessary step on the path to change..
The art of IT services
The University for the Creative Arts (UCA) has a substantial IT Service Management challenge. Matt Bailey spoke to UCA’s IT customer services manager James Davies.
Transforming desktop delivery can deliver significant benefits, but getting it right needs careful planning in order to meet user and business expectations, writes Centralis IT consultant Ewen Anderson.
14. Making the case for consumerisation
VitAL SUPPLIER 24 PROFILE 24
Real-time IT management
With a no-frills approach to delivering an IT management portfolio with value and functionality at its heart, ManageEngine is getting to grips with today’s game changing technologies.VitAL speaks to the company’s european director, David Howell and checks out a major health supplier case study.
28 Businesses that don’t support the evolution of IT will be left vulnerable
24. Real-time IT management www.vital-mag.net | May-June 2013
28. Businesses that don’t support the evolution of IT will be left vulnerable
As IT becomes more strategic, organisations must support the team with adequate resource, robust systems which are fit for purpose and a commitment to on-going investment, according to Thomas Coles, managing director, MSM Software.
VitAL PROCESSES The five myths of organisational change Chartered psychologist and Appreciative Inquiry expert Sarah Lewis discusses the five myths of change management and why these mean that managing change within an organisation can actually hinder the change process.
Achieving more with fewer clicks
Software tools should be all about doing more with less. As we come out of a long, hard winter here in the UK David Brown, internal sales team manager at TopDesk, suggests it’s easier to book that longed for holiday in the sun if you can trust the Service Management tools and staff you leave behind; and you can rest easier if you know that shared functionality is saving the company money too.
38. Achieving more with fewer clicks
Intelligent communication in a social world
Intranet improvement pioneer and founder of Interact, Nigel Danson says it’s time to get social with your internal comms infrastructure and take a fresh look at the growing importance of your organisation’s intranet.
42 Unified Communications – Problems and solutions Unified Communications (UC) offers benefits such as allowing offices more streamlined communications yet it requires large investment and networks are not always ready. According to Ipanema’s Béatrice Piquer-Durand there is a need to take pre-emptive action to ensure UC works efficiently and that other applications are also protected.
38. Intelligent communication in a social world
43 VitAL EYES ON
VitAL PROCESSES 44
The security skills gap
At this crucial time for cyber security, the UK is facing a cyber security skills gap. François Gratiolet, explains what can be done to remedy the situation.
Freedom to map my backyard Could Google’s collegiate mapping tool provide a new way for individuals and organisations to improve the way their localities are presented? Jonathan Westlake finds out.
The benefits of flexibility
Robert Rutherford, CEO of specialist IT consultancy QuoStar Solutions, offers a short guide to becoming a flexible employer.
44. The security skills gap
THE VitAL DIGEST VitAL’s guide to the latest trends, products, services and solutions in the IT Service Management world.
64 Secret of my success Adam Paton, customer support manager, IDBS. 47. The Vital digest
www.vital-mag.net | May-June 2013
Next generation demand ‘Bring You Own Device’ A new generation of tech savvy workers is ushering in the evolution of the desktop to allow for BYOD to become commonplace among companies. Bring your own device is the growing trend among employees looking to gain access to their workplace networks on their own devices, as they look to use their personal laptops and tablets at their desk, through the use of a virtual desktop infrastructure. “The new generation is demanding a dual persona for both their devices and desktops, with the ability to access workplace documents and perform all of the workplace tasks, while in an instant gaining access to personal files and photos and social media material,” says Andy Chrismas, cloud sales manager at Node4. “Recent technological advancements such as VMWare’s Horizon Suite are unlocking
the ability for mobile devices to gain access to all of the workplace applications, enabling the transfer from workplace desktop to personal device seamlessly. New entrants to the workplace are now accustomed to the ‘always on, always connected’ style of work and therefore need platforms that facilitate that much easier. This style of working, and indeed the technology that enables it to be carried out, are becoming a standard workplace option that forward thinking companies can’t afford to ignore. Workers require flexibility and BYOD is a part of providing that.”
practice development. However, BYOD can exacerbate existing problems that may be in place.
This BYOD phenomenon is facilitated by the cloud, a platform now being widely adopted in business. As mobility and 24 hour accessibility become increasingly important in business, the cloud and BYOD are an inevitable part of business
“I have heard BYOD referred to as Bring Your Own Disaster!” adds Christmas. “The problem is that many companies are buying one size fits all cloud systems, without fully understanding the capabilities and specificities of the cloud.”
Businesses warned to take care when using social media for service delivery
How IT graduates can get ahead IT graduates are failing to land top jobs at leading companies because of a lack of creativity, warn recruitment experts. Currently the UK produces 30,520* computer science graduates each year but nearly a quarter of them end up in nongraduate or unskilled jobs. “With IT companies receiving an average of 73 applications for each graduate vacancy, it’s clear college leavers need to make more use of the skills they should excel at such as creative problem solving and technology in order to stand out from the crowd,” says Jonathan Dobkin, director of Connections Recruitment, “Too many young IT graduates have poor, drab CVs in traditional formats. We’re noticing that the top candidates are going as far as creating and sharing their own videos online to showcase some of the projects they’ve worked on. Many populate their LinkedIn profile with videos and also share them on other social media platforms such as YouTube and Vine. Graduates need to take more of a risk and really put themselves out there to stand out and get noticed.” Jonathan Dobkin is keen to help IT graduates, his ten top tips are: 1. Upload a professional LinkedIn profile and include all your experience, education and awards. Add video content and secure endorsements and recommendations. 2. Cleanse your Facebook and Twitter accounts to ensure they are free from any incriminating photos or postings. 3. Volunteer to gain experience. This will give you practical experience of team working and problem solving – all the skills employers are after. This also demonstrates a genuine appetite for work and hunger for success. 4. Network – find IT societies, clubs and groups. Attend and talk to professionals, ask them questions, show an interest but don’t be too pushy. 5. Talk to IT recruiters to find out what they consider to be an aboveaverage CV.
6. Write a cover letter of no more than two sides of A4 but keep it pacey. 7. Think about making a film using the Vine App of recent engineering projects you’ve undertaken in your spare time or at university. This will help you stand out from the crowd and demonstrate a genuine passion for your chosen career. 8. Consider posting some of your designs to potential employers or contact them and ask them to set you a challenge to solve. 9. Use IT keywords throughout your CV so if an employer scan reads it these words will jump off the page. 10. Invest in a smart suit/dress and pair of shoes. If you don’t look the part – you’re already on the back foot.
With social media expected to account for 57 percent of all customer engagement over the next five years, businesses are being warned that they must have a greater understanding of the implications of using social media to improve their service management and staff collaboration. The warning comes from service management company ICCM Solutions, which believes that too many organisations are not taking enough care when linking traditional internal systems to public social media outlets. This can introduce risks around brand messaging, security and data protection. CEO James Gay highlights the business risks of using social media for service delivery, “Social media has had a profound impact on the business world but it also introduces unique threats to an organisation. For many organisations the open nature of Twitter makes it unsuitable for broadcasting internal information. Internal IT notifications available to the public may cause brand damage, or worse, highlight security vulnerabilities that encourage malicious attacks. Web portals, mobile apps, email and SMS often provide more secure communication channels. “In a similar vein, an uncontrolled reliance on web searches to inform IT fixes runs the risk of introducing errors, security vulnerabilities and viruses,” adds gay. “It is critical that an organisation can enforce adherence to its unique processes, using external and public information in a controlled way that aligns with industry best practice and corporate policies.”
www.vital-mag.net | May-June 2013
Poor IT integration results in RBS facing investigation IT integration is often sidelined in preference to other IT projects but this approach has been turned on its head with the recent revelations regarding a number of high street banks including RBS. With costs that could amount to billions, systems integration shortcomings have been blamed for the IT meltdown which locked many RBS, Natwest and Ulster Bank customers out of their accounts last summer. But the damage is not just limited to the size of the fines, company reputation and executive credibility are also suffering in the process. “Poor IT integration has really hit the headlines in the last six months,” comments Mikko Soirola VP of IT integration specialists Liaison Technologies, “it is only the really high
profile cases that make headlines, but problems with integration affect thousands of businesses every month and have a real impact on service and profitability. A survey from analysts Freeform Dynamics looking at B2B integration showed that many organisations are complacent when it comes to improving their integration with partners and suppliers despite the performance improvements available. There is a huge question mark over who takes responsibility for data in many organisations, and this is a classic example of where such complacency can have a catastrophic impact on both profitability and reputations.”
IT hiring at four times the rate of retail as online sales boom Last year saw a rise of 12 percent in IT and web design hiring compared to a three percent rise in retail hiring according to analysis by specialist technology recruiter Greythorn. At the same time, growth in online retail sales is dwarfing that of traditional retail. The number of roles in IT and web design has risen by 32,000 over the past year.The biggest increase has been in web designers which has risen 19.4 percent from 31,000 to 37,000 roles.The number of IT business architects and system designers has risen 18.8 percent from 85,000 to 101,000 in the same period. A number of large online retailers have significantly bolstered their IT teams, including John Lewis who announced the hire of 100 new staff in January. From their own figures, Greythorn has seen growth of 89 percent in IT roles placed in online retail over the past year, compared with the previous twelve months. “The list of high street insolvencies is becoming a roll-call and there appears to be no end of famous names struggling or going under,” said Greythorn’s Mark Baxter. “It is undoubtedly sad news, but there is a silver lining in the growth of IT roles. As online shopping grows, companies are increasingly investing in improving the customer experience and the back office operations supporting online sales. It is a key stage in transferring to a high tech economy.The number of specialised new roles is growing and that is only good news for IT professionals.” However, due to increased numbers and new roles, IT pay has seen slow growth with rises of 0.35 percent for IT system designers and 1.18 percent for software developers, and there has been a -0.45 percent fall in pay for web designers. “A career in IT is potentially very lucrative and the number and diversity of roles is growing rapidly,” adds Baxter. “Obviously, there are specific technical skills that are needed, but it is a candidate’s market for experienced IT professionals who are either already in online retail or those in other sectors with transferrable skills. For people looking to retrain, web design and online retail offer excellent opportunities that will only increase as people vote with their feet and choose to stay at home rather than shop on the high street.”
Data protection: Google it! Data protection authorities in various EU countries have announced that they are launching a joint action against Google for alleged breaches of data protection laws. With the exponential increase in the use of the internet in recent years, there has been a consequential massive increase in the amount of personal data being collected and used. Personal data has significant financial value and so businesses are keen to exploit that. “Google has come under the spotlight for merging data held across its various services such a Gmail and YouTube,” explains David Ashplant, corporate partner at legal experts Lester Aldridge LLP. “Users have no right to opt out and the authorities think there is a high risk to the privacy of individuals. The authorities believe Google is collecting excessive amounts of information on users’ activities on the internet, keeping the information for too long and not giving users enough control over how it is used.” The UK’s data protection enforcer, the Information Commissioner (‘IC’) can issue enforcement notices for breach of the law and, for a serious contravention, impose a fine of up to £0.5 million. New EU rules could soon empower authorities to impose fines of up to two percent of global turnover, which would be about $760million in Google’s case. “The law doesn’t just apply to the likes of Google though,” says Ashplant, “every business needs to comply. Before obtaining or using personal data – basically data that enables someone to be identified – a business must notify the IC of the data the business will be processing and the purposes it will be used for and that notification needs to be kept up to date. Failure to notify is a criminal offence. “Regardless of the outcome of the Google case, the publicity it is attracting will greatly increase awareness of data protection law and the likelihood of individuals taking up their grievances,” concludes Ashplant. “Ignorance of the law is no excuse and even if a fine is avoided, adverse publicity about a company’s data protection compliance can do untold reputational damage which in turn is likely to damage turnover and profits.”
New forum focused on convergence of technologies The Open Group – an independent global consortium that the achievement of business objectives through IT standards - has announced the creation of a new, as yet unnamed, forum, specifically designed to help enterprises take advantage of the convergence of mobile, social, big data, the ‘Internet of Things’ and cloud computing technologies. According to IT market research company IDC, a
www.vital-mag.net | May-June 2013
“Vendors’ ability (or inability) to compete on this platform right now - even at the risk of cannibalising their own second platform franchises - will reorder leadership ranks within the IT market and, ultimately, every industry that uses IT.” The Open Group’s new forum will be focussed on delivering a set of capabilities
which will enable enterprises to process data in the cloud; integrate mobile devices with enterprise computing; incorporate new sources of data, including social media and sensors in the ‘Internet of Things’; manage and share data that has high volume, velocity, variety and distribution; and turn the data into usable information through correlation, fusion, analysis and visualisation..
VitAL Cover story
Unlocking security for IT As companies man the barricades against a new wave of cyber attacks, governments, security consultancies and experts around the world are launching initiatives and opening up new fronts in the war against the hackers. VitAL editor Matt Bailey canvassed opinion from the IT security industry about what you can do to make sure you are ready for the challenge.
t is perhaps inevitable given our growing reliance on technology in general and software, networks and the Internet in particular, that levels of cyber crime are increasing too. Jonathan Evans, the head of the UK’s MI5 security service has been quoted as saying that the scale of cyber attacks was astonishing in 2012 and given the state of play as I write you would have to be very brave or perhaps very foolish to speculate that the situation will improve in 2013. Highprofile attacks on UK broadcaster the BBC’s Twitter account; on banks and broadcasters in South Korea and on the anti-spam organisation Spamhaus have already given a solid indication of exactly what the security situation was like in the first quarter of 2013 as a new initiative to share information on cyber attacks between businesses and governments went live. The initiative, known as the Cyber Security Information Sharing Partnership (CISP), includes experts from government communications body GCHQ, MI5, police and business with the aim to “better co-ordinate responses to the threats”. Under a pilot scheme in 2012, known as Project Auburn eighty companies from five sectors of the economy - finance, defence, energy, telecommunications and pharmaceuticals - were encouraged to share information. Earlier this year the pilot was expanded to 160 firms and a more permanent structure has been announced. The kind of information CISP shares includes technical details of an attack, methods used in planning it and how to mitigate and deal with one. At a new London nerve centre a group of 12-15 analysts with security clearance will monitor attacks and provide details in real-time of who is being targeted. Targeted companies have been nervous about revealing publicly when they have been hacked because of the potential impact on their reputations and share price if they are seen as having lost valuable intellectual property or other information.The BBC reported that one major London listed company had incurred revenue losses of £800m as a result of cyber attack from a hostile state because of commercial disadvantage in contractual negotiations. One government official told the BBC: “No one has full visibility on cyberspace threats. We see volumes of attack increase and we expect it to continue to rise.”
The Cabinet Office minister Francis Maude, who is responsible for the UK national cyber security strategy commented on the launch of the CISP, “We know cyber attacks are happening on an industrial scale and businesses are by far the biggest victims in terms of industrial espionage and intellectual property theft, with losses to the UK economy running into the billions of pounds annually. This innovative partnership is breaking new ground through a truly collaborative partnership for sharing information on threats and to protect UK interests in cyberspace.” Maude describes CISP as a cyber security ‘fusion cell’ for cross-sector threat information sharing, incorporating figures from government, industry and information security analysts. Welcoming the announcement, Howard Schmidt, former White House cyber security adviser said: “In the US, we have seen the emphasis that President Obama has placed on cyber security and in particular steps to protect our critical infrastructure. Many senior leaders in private sector companies are supporting it and recognising it is not only a security issue but a business imperative. The launch of the UK CISP is an important step in forging an ongoing partnership between industry and government, promoting information sharing by providing the ability to analyse and redistribute information in a timely, actionable and relevant manner.”
Essential countermeasures Commenting on the initiative, IT security pioneer Wieland Alge of Barracuda Networks said: “The new anti cyber threat centre initiative, known as Project Auburn, reflects the realisation that cyber attacks are a threat to all business establishments. Any critical infrastructures could be targeted. Private and public sector companies need to have a clear and immediate understanding of the threat situation, which requires businesses to report attacks in full as soon as they are discovered. This sharing of attacks, vulnerabilities and damage is essential to developing countermeasures to protect others from falling prey to the same kind of attack. “Businesses’ protests of nervousness of revealing publicly when they have been attacked due to the potential threat of revealing trade secrets and data confidentiality are quite unfounded. By focusing on their reputation and
www.vital-mag.net | May-June 2013
VitAL Cover story
It only takes a small set of disgruntled people to start an attack and then have that spiral out of control.
www.vital-mag.net | May-June 2013
VitAL Cover story
stock market value only, they forget that what’s at stake in an attack is their customers’ data. And that means us and our data. If our data is being stolen, then we need to know about it. We stand to suffer from its misuse. We need to be aware of potential secondary attacks we might be facing with the data we thought safe with our service providers, our banks, hospitals, even the stores we shop at and media we subscribe to. “Any piece of sensitive information about us and our behaviour could be used in targeted phishing attacks,” concludes Alge, “so we need all the help we can get to avoid falling victim. If industry security agencies and businesses can’t work together they will become paralysed and unable to prevent and protect our data from cyber attacks.”
web down, with Google, Microsoft and others putting servers and bandwidth up to aid Spamhaus in fending off the attack. “If you are one of the millions of people who rely on a cloud based storage service,” adds Bain, “and your files are not synchronised in real-time, then this type of attack could stop you accessing your files, your emails and at its worst your entire corporate day. This doomsday scenario may well sound far-fetched, however it could I am afraid be all too real. It only takes a small set of disgruntled people to start an attack and then have that spiral out of control. Taking with it access to your on-line work.” McAfee’s CTO EMEA Raj Samani comments, “While denial of service attacks (DDoS) are not new, we are currently seeing an increase in both volume and sophistication of these types of attacks stemming from all parts of the world. Due to the connected nature of digital citizens, a dispute between key parties will impact everyone from consumers to SMB to large enterprises. Security will need to evolve so that there is more cooperation between businesses, governments and individuals to ensure attacks like these are minimised.”
Cyber security specialist McAfee’s director of public sector strategy Graeme Stewart applauds the launch of the partnership but highlights the need to provide support to smaller businesses. “Information sharing is imperative to countering cyber threats. As cybercrime itself is global in nature, the need for a strong publicprivate partnership is critical. McAfee is broadly supportive of such initiatives. We would however like to see the scheme provide outreach to include smaller and SME organisations. This sector makes up the supply chains of large corporate and government Security will organisations and therefore a substantial need to evolve portion of their risk comes from this supply chain failing to understand the threat posed by so that there is nefarious cyber activity.”
A real threat
Commenting on these figures Raj Samani said: “With so many businesses falling victim to security breaches, it is important that they know how best to deal with it when it happens, otherwise they run the risk of losing the trust of their customers. Developing a suitable response following a breach has been identified as essential, and failure to do so could result in loss of confidence and ultimately impact the bottom line. Remaining transparent about the incident, as well as possibly providing additional assistance to affected parties and assurance the issue is being dealt with to prevent such an incident occurring again remain good practical steps to restoring confidence.”
more cooperation between businesses, governments and individuals to ensure attacks like these are minimised.
A survey that compared attitudes over the last two years among 100 mid to large-sized UK enterprises found that 41 percent of IT managers were ‘highly or extremely’ concerned about being the victim of an attack compared to 29 percent in 2012. It also found that the number of UK organisations experiencing attacks year-on-year had climbed to 25 percent in 2013 from 18 percent in 2012. IT managers in the financial sector were particularly worried with 56 percent now citing a high or extreme level of concern versus 28 percent last year.
Thirty-one percent of respondents said they already had specialised anti-DDoS technology in place. Thirty-six percent stated that they were relying solely on their firewalls to protect them against DDoS attacks and did not intend to augment their protection. Another 24 percent of respondents said they had a firewall in place but intended to purchase specific anti-DDoS technology. IT security industry analyst Bob Tarzey commented, “Organisations believe they have the basis for protection against targeted attacks, such as DDoS, when in fact they are referring to traditional security technologies. To be fair, many do understand the changing nature of the threats faced, but over-estimate their capability to mitigate them.” In 2012 political motives were most commonly cited by 33 percent of respondents, while in 2013 36 percent of respondents blamed ‘just for laughs’ as the driving motivation. However, motives varied dramatically between vertical sectors; with the retail and financial sector heavily favouring financial extortion as the main motivation behind the attacks and the manufacturing sector unanimously blaming political reasons. Commenting on the attack against Spamahaus, Simon Bain, CTO of search specialists, Simplexo said: “We are currently witnessing a massive cyber attack happening against one of the Internet’s spam filters – Spamhaus - which also happens to manage some of the DNS traffic. This attack seems to be happening because Spamhaus blacklisted another organisation’s domains accusing them of spam and web attacks. They allegedly took offence and again allegedly started the attack. Currently there are five national cyber-policeforces investigating the attack which is huge, slowing the whole
The UK’s Department for Business, Innovation and Skills’s (BIS) Information Security Breaches Survey, revealed that 87 percent of small firms experienced a security breach last year and that 93 percent of large organisations had also been targeted - around 50 percent more attacks on average than a year ago.
Security in the cloud As the use of cloud computing explodes - with the market worth approximately US$37.9 billion by the end of 2012 – the cloud seems to be becoming ubiquitous. However, in survey after survey the main objections voiced about the cloud are all about security. “The cloud, while omnipresent, is not almighty,” says Simon Fieldhouse, global sales director at Hardware.com, a networking hardware specialist. “Security concerns remain for many IT departments and with good reason. According to the quarterly reports of cloud hosting company FireHost, they have seen a 160 percent rise in cross-site scripting attacks in the last three months of 2012: from one million attempts to a whopping 2.6 million.” And it isn’t just cloud providers who face security threats, their customers are also in the firing line, and with the upsurge of wirelessly enabled internet devices—most notably smartphones, tablets, and laptops—more and more employees are bringing their personal devices into the workplace and connecting them to corporate servers en masse. “Bring Your Own Device (BYOD) is one of the latest buzzwords in the IT world,” says fieldhouse. “Increasingly companies are not only tolerating employee usage of personally-owned, wirelessly enabled devices in the workplace but actively encouraging it by introducing comprehensive BYOD programmes. When the cloud is coupled with the rise of BYOD, these concerns double. How do you ensure that malware on one employee’s device does not spread to others? What can you do to stop anyone who enters company premises having immediate access to the company resources? Is there a way
www.vital-mag.net | May-June 2013
Improve customer service Free seminar - What is ITIL? Sign up today www.connectsphere.com/free-seminar Onsite training: ITIL awareness | ITIL Foundation | Service Improvement Workshop Public courses: ITIL Foundation | ITIL Intermediates | ITIL Managing across the Lifecycle Visit www.connectsphere.com/itil-training
Service Improvement Manager • Assess • Baseline • Benchmark • Improve Assessment | Training | Workshops | Consulting Visit www.connectsphere.com/service-improvement ITIL® is a registered trade mark of the Cabinet Office
Call 0845 838 2345
VitAL Cover story
to ensure that any critical data is only accessible to authorised users? Essentially, the real question is how do we maintain security in this new, open-access world? The cloud brings with it a plethora of new security challenges.” Fortunately, there are measures cloud customers can put in place to alleviate concerns. “First and foremost, organisations must ensure compliance with various privacy standards. This means going beyond having a secure internet connection when accessing and storing data,” adds Fieldhouse. “For instance, the United State Health Information Technology for Economic and Clinical Health (HITECH) Act assigns cloud service vendors the same security responsibilities as health care providers. If you are considering a transition to the cloud, be sure to complete audits to fulfil all local and regional regulations, avoid fines, and maximise security. Set up breach notifications, and plan for disaster recovery to protect health, financial, and proprietary information. Fundamentally, organisations need to ensure that they can provide secure access to the cloud.”
Protecting the virtual environment “With many companies looking toward the cloud and vir tualisation as a cost-effective way to store and use data, security has never been more impor tant,” argues Tamar Newberger, VP marketing at Catbird, an early player in the vir tualisation and cloud security market, and with over 25 years’ engineering experience in the industry she should know. “However, many companies who are implementing a hybrid or vir tual infrastructure may not be aware of the inadequacies of traditional physical network security appliances when it comes to protecting vir tualised datacentres and how this could impact their end-customers. “Of course the uptake of virtualisation or software-defined networks (SDN) isn’t just about saving money,” adds Newberger. “SDNs allow for better security and efficiency as they simplify the network architecture and enable centralised network management. If we take this model one step further, SDS integrates the software network with network security controls, such as IPS and vulnerability monitoring, and also allows for flexibility within the environment. Physical hardware solutions cannot protect a SDN with this level of scalability or protection as they have not been designed for virtual
architecture. They don’t scale, they don’t respond to VM mobility and they are blind to what is happening inside the virtual host. This is where SDS comes into play. Designed to complement a SDN, this type of the solution can monitor networks more efficiently and provide a more cost-effective alternative for all. In our experience, security solutions need to be the eyes and ears of a network, which is where a physical wire fails.”
Is that an Advanced knock at the door? While all the cloak and dagger of international politics may seem a long way away from small, IT-based companies minding their own business, Adrian Culley, global technical consultant at Damballa puts the current situation into context. “The term Advanced Persistent Threat (APT) is a euphemism, originally used by the American Military in 1990s meaning the Chinese Government. In Military and Intelligence circles it has come to have a broader meaning, namely any third party Threat Actor, usually either foreign nation state military or intelligence, or a criminal organisation, but an APT is not a super virus, or any discrete piece of code. “APTs often undertake targeted attacks, and in doing so will often use Advanced Threats (AT). However, an Advanced Threat is not, necessarily, a super computer virus either. A Computer Virus is generally a discrete piece of hostile code, which will self-replicate. An AT will often have many moving parts, many of which may be completely innocuous eg the FLAME attack uses the LUA gaming language as one of its many payloads. LUA is itself completely benign. “Over 25 years, the IT Security industry has come to rely on many perimeter/Gateway based security mechanisms, often viewing risks with a neo-platonic, deterministic ‘Good or Bad’ Essentially, philosophy. These legacy the real question security systems are good, but no longer good enough. is how do we ATs have been specifically maintain security coded to evade detection in this new, openby conventional security mechanisms. This is why access world?
www.vital-mag.net | May-June 2013
VitAL Signs - Life in the world with it
Over 25 years, the IT Security industry has come to rely on many perimeter/ Gateway based security mechanisms, often viewing risks with a neo-platonic, deterministic ‘Good or Bad’ philosophy. signature-based detection, while useful, struggles to find ATs. The CHANGEUP worm is a textbook example of this, altering itself to create a new signature every time it replicates. We have all become accustomed to the mindset of ‘dirty-scan-clean’ and anti-virus scanning at fixed time points. Unfortunately ATs operate over very long time frames, into years. They will fire up, then sleep, leaving no trace of themselves in static data. “Industry research has also shown that you are, sadly, more likely to be notified by a third party that your network is compromised, than you are to uncover this yourself. Again, the detection of ATs requires subtle monitoring, and the ability to analyse both Volatile Data (Random Access memory) and Data-In-Transit (Network communications, generally TCP/IP and UDP). “One significant difference between an Advanced Threat and a Computer Virus,” concludes Culley, “is that in general Advanced Threats will phone home. They will contact a Command and Control Server (C&C) for instruction, direction and/or to upload data. Passively profiling Network Communications using probabilistic algorithms, is the most efficient and effective way of detecting Advanced Threats which have compromised your network.”
An evolving situation As the cyber attacks get more advanced so do the defence methods; and fortunately there are a wealth of resources and organisations willing to help you to man the barricades against cyber threats. In the UK, Europe and across the globe governments, experts, consultants and companies are coming together to pool their knowledge against the evolving security challenges – it is often the case that adversity brings people closer together. If you would like to find out more about the CISP or if you are interested in applying to join, please contact firstname.lastname@example.org
Cats are not people - the ultimate incident to manage Schrödinger’s cat is a thought experiment with uncertainty at its heart. It is a very popular meme - it appears in movies, TV, radio and printed stories. Uncertainty is something that is intriguing and a commonly shared experience that is all too familiar to Steve White. s I write this column, a friend of mine is in hospital with a subarachnoid haemorrhage - bleeding into a specific area of the brain - it’s a type of stroke that about five percent of stroke victims suffer from. She was perfectly fine on Monday morning, and by Monday afternoon was in intensive care. Had the NHS not existed, it is certain that my friend would have died - therefore she lives on the knife-edge between life and death only because of the swift and professional intervention of many well trained and excellent Incident Managers. As a friend (not a key stakeholder, her husband and three children are the ones directly affected) I am experiencing this incident at several levels - that there is a Major Incident going on, that there’s a human story being written, and that I have a visceral, raw, emotional reaction. All who are touched by this event are in a period of uncertainty. If there’s something that humans crave it is certainty. Right now the future is entirely uncertain and we crave every little snippet of information to help us prepare for the news either way. The experience is teaching me something about the management of an incident. While I have been involved in many major Incidents in my career, rarely have I not been involved directly in the restoration activities. I am living that craving for information; for updates - for the completion of the story. Is the need for certainty during a Major Incident a fundamental human craving? “When will the service be up?”; “When can I restart the production processing?”; “How much of the service can you restore?” Tell me the very latest information so that I may create a story in my head, and then be able to prepare for it. In IT Major Incidents there is this need for certainty, and sometimes that need is unfulfillable. It takes a very special
www.vital-mag.net | May-June 2013
breed of Incident Manager to stand up to the assertive demands of Senior Management and say “That is not how this works - I cannot give you the answer to that question at this moment”. Senior management will perfectly naturally poke about, phone people, bypass the official channels to get any snippet of information which may assist them in creating a story to allow the gaps to be filled in on how the future will be. One response from the Incident Management team is to be completely open about the information that is understood, the actions being taken and the help that is required from stakeholders in the service restoration. This ‘Incident Management Status Board’ would contain the most current information about the situation and allow stakeholders to be able to understand the current status. Confident Incident Managers are prepared to expose the breaking news, restoration processes and thinking process to the public scrutiny of the key stakeholders. With the availability of screen-sharing software there is no excuse to continue with voice-only telephone bridges. Whether stakeholders demand transparency, or incident teams provide it, there is every opportunity now to break out from the serial data gathering and repeated status updates on bridge calls, and turn serial communication into parallel communication. Sadly, I cannot close this column with the answer to what happened next with my friend. We are offering support and help in the ways that we can, with the awkwardness of really wanting to help and not really knowing the best way to help. Every text from her husband tells a little more of the story. There is no certainty about the outcome. Contact Steve White at: email@example.com
Making the case for consumerisation If business applications take on more of the characteristics of consumer devices like tablets and smartphones, then users will find it much easier to adopt new systems. Geoff Rees, sales director at Sunrise Software explains why the consumerisation of business applications is a necessary step on the path to change.
www.vital-mag.net | May-June 2013
ost people resist change.They may not like what they’ve got, but neither do they want the disruption of bringing in something new. It’s the effort required to change that most people don’t like or haven’t the bandwidth to manage. However, if business applications take on more and more of the characteristics of consumer devices like those seen on tablets and smartphones, in the future, users will find it much easier to adopt new systems and new ways of working therefore reducing the resistance to and impact of change often seen in organisations. Traditional business systems have never been designed with looks in mind, despite the fact that they have been integral to company operations for many decades. Over the years, applications have been developed that are rich in features, with new functionality and upgrades regularly released to meet customers’ requests. The result is a great system that meets the customer requirements, but may not be that good to look at or easy to use. In today’s market with a range of platforms and devices available to the user, software vendors are also required to develop systems with different user interfaces for multiple platforms, resulting in a fragmented look and feel. Each one may look and work slightly differently, so much so, that a user may have a different experience when accessing the same system via a tablet, desktop or smartphone.
Improved decision making There are other significant benefits in a ‘consumer approach’ to the design of a Service Desk system. An improved, more accessible display means that every level of management can have visibility of data and interpret it for informed decision making.
Reports detailing performance statistics have long been the domain of the Service Desk. Accurate reports enable the Service Desk Manager to monitor agent activity against Service Level Agreements, identify issues and proactively address upgrade or training requirements. In the past this information has often been collated by the Service Desk years, applications Manager for senior management.
Over the have been developed that are rich in features, with new functionality and upgrades regularly released to meet customers’ requests.The result is a great system that meets the customer requirements, but may not be that good to look at or easy to use.
The smartphone and tablet revolution Service Desk applications are a typical example of such business applications, having been developed some years ago to mirror the look and feel of Microsoft/.net/Outlook environments, widely adopted in business. However, as technology for devices today starts to converge, users are increasingly expecting to see interfaces that they are familiar with on their smartphone or tablet. Smartphones are engaging, easy to use and fun. Why not bring those same principles into the workplace? Indeed, the emerging trend of Bring Your Own Device (BYOD) is creating a culture where employees expect to be able to use consumer-like devices for their work. This mobile wave is forcing vendors and developers to rethink the way they display information. As new business applications are developed, design elements must adapt seamlessly to multiple devices. In this way the user experience is maintained no matter what device is used to access the system. Applications that look good and work well on smaller screens and touch sensitive displays are what users expect. This holds as true for staff using a system for their everyday job (ie Service Desk agents who need to access the system away from their desk via their tablet/smart phone) as it does for occasional users who access the system infrequently to log a request for help or to check on the progress of their incident. Smart companies will start to develop their business software closer to consumer applications. No longer driven just by technical features, the canny vendor will be identifying the type of user, the information they require and how best to display and interact with it.Taking it one step further, they could build their systems to be even more user friendly and fun to use – a design development often referred to as ‘gamification’.
Encouraging user adoption With a user interface that is more intuitive, staff will naturally adopt a new system more readily, such that the rollout will be faster and smoother. Not only will deployment be quicker, the benefits will be enjoyed in a shorter timeframe, thereby increasing the return in investment. Similarly, systems that are intuitive will mean that less training will be required, speeding up adoption and also reducing the costs of training personnel.
www.vital-mag.net | May-June 2013
Service Desk systems - like all other business applications – should be adapting to meet this new way of working. An intuitive system enables agents to respond faster to customers and provide a better service. Users are also able to log and track requests using a more user friendly system, improving the service being delivered and overall customer satisfaction.
However, new developments now mean that user friendly dashboards can be designed to display data in ways relevant to different manager levels of the business. For example, a business may have agreed Key Performance Indicators that are tied to certain service level requirements – such as responding to and closing customer calls in certain time periods. Displaying this information as Red, Amber, Green (RAG), enables senior managers to quickly see how performance is matching to the business goals and where action might be required to ensure they are met. New easier reporting capabilities mean that business managers can run reports from their tablet/smartphone, using far more intuitive systems, without the need to rely on the Service Desk. This improves productivity enabling an organisation to respond more quickly to issues that may affect line of business operations.
Identifying trends There may be other instances where data is reported over different time periods and trends can be quickly identified that may require remedial action. For example, there may be certain batches of equipment that need upgrading at a key time, or holiday periods and reduced staff availability are resulting in slower call resolution times, putting SLAs at risk. These factors can be identified and business decisions made based on the most current information.This may mean a purchase decision that can be made at a better price, rather than last minute. Staff availability to cover holiday periods may require a change of policy or the need to employ additional temporary agents to meet demand during busy periods, where customer service might otherwise be adversely affected. There is no doubt that today all organisations are looking for smarter working, to do more with less and improve customer care.The key to successful business operations is having the most accurate information to hand and presented in a usable way – introducing consumer style user interfaces that make business systems more intuitive and fun to use, go a long way to support these goals. Now is the time for smart Customer Service professionals to stop and ask the question whether they really are giving their business and their customers what they want, in the way that they want it. www.sunrisesoftware.co.uk
The art of IT services With assets and customers on five different sites in the South East of England and staff regularly requiring support abroad as they recruit foreign students, The University for the Creative Arts (UCA) has a substantial IT Service Management challenge. Matt Bailey spoke to UCA’s IT customer services manager James Davies.
he University for the Creative Arts (UCA) is a specialist university formed to foster a unique community for its students around subjects including fine arts, digital media, journalism, animation, crafts and photography. It has five campuses and several office locations across the SouthEast of England, as well as its own TV studios in Maidstone. The UCA found its IT team was facing challenges around remote support on both the business and technical sides. On the business development side, an increasing number of staff are working remotely and travelling around the world as part of the University’s recruitment of international students. Together with the growing number of different devices being used by staff and students connecting to the network, this placed new challenges on the University’s service desk and support resources when it came to dealing with support requests.
An IT challenge A full time IT team of eleven provides in-person IT support to the more than 800 staff and 6,500 students at UCA. James Davies,the IT customer services manager at UCA, is responsible for the university’s approach to support and services. “The UCA provides pre-degree, undergraduate and postgraduate courses across a mix of creative subjects from architecture, design and fine art through to fashion, music, graphics and film production,” says Davies. “It is situated across five campus sites in the South-East of England. The IT team is spread over those locations, as well as supporting some other locations that belong to the university. The IT support team provides support and services to more than 6,500 students as well as 800 staff. IT plays a vital role in ensuring that students get a positive experience during their time at the university, as well as supporting the teaching and learning environment.” One of the major challenges for Davies and his team is supporting internationally-roving members of the University staff. “Part of our remit is to support UCA staff in recruiting overseas students,” says Davies. “The university’s lecturers attend international student fairs and other events where they demonstrate the value of the courses and the learning environment that UCA provides. However, the IT support function did not have a remote support capability - this meant that any problem could not be fixed while staff were out of the office. This lack of remote support was also an issue for our existing staff and student population - if they had a problem, then they had to bring their device into the IT support team. We looked at remote support solutions that could help us overcome these challenges. In the end, we chose Bomgar as the appliance based model provides more security than comparable SaaS or cloud-based tools. We also have to support a huge variety of different devices and the solution enables our team to do this in a consistent and comprehensive way. All of our support staff now use the appliance as part of how they work, rather than using a mix of different tools.” As part of the evaluation process, Davies worked with James Tempest, campus IT manager at UCA, to define the criteria for
bringing in remote support. Between them, their responsibility for the IT infrastructure of the University, the IT procurement process, desktop support and the IT service desk function meant that they could look at how remote support would integrate into a wider strategy rather than just being an individual tool.
User base The IT department at UCA has two distinct types of customer: students and staff. “The user base at UCA splits into two types: staff and students. The UCA IT team provides full support to the staff at the university, and level two and three support to students. We can provide support remotely to both sets of users, which improves the overall experience for them as well as reducing our call resolution times in general. “One additional benefit we have seen in supporting users is that we can collaborate on calls with multiple support staff for users,” adds Davies, “we can even bring in outside support contacts securely. This has two benefits: first is that we can solve user problems in a faster way. Second is that we can record the session, so we can learn from the experience and solve the same issues for users ourselves.”
Public sector IT in a changing world In the depths of a recession, the public sector is bearing the brunt of the government’s spending reduction, but IT can offer some easy wins in this area. “ITSM is a challenge for most organisations, as it needs to be approached in a joined-up way,” says Davies. “Today’s economic reality is that IT has to achieve more results with less investment. This can be viewed as an opportunity to be creative in how IT is approached and managed so that existing tools or new implementations deliver more value to both the IT team and back to the organisation.” Security is also a perennial issue that is increasing – especially in areas where remote access is required. “Our remote support policies required a full and frank discussion with the HR team at the university. As part of the implementation, we demonstrated exactly what would be involved so they could understand all the security elements that we had put in place. After this session, the team was fully behind the project,” says Davies. “We are looking forward to making more use of Service Management tools around managing third party access, and bridging this into fuller vendor management,” adds Davies. “We can open up our network in a secure and managed way, providing granular access to resources for third parties as this is needed. This is a much more advanced approach than other remote support tools were able to provide, as they essentially were either on or off in terms of access.”
A diverse IT estate UCA has a diverse IT estate to support, incorporating more than 1,500 Apple desktops and laptops; more than 1,450 Windows-based desktops and laptops; a variety of mobile devices, including 54 Apple www.vital-mag.net | May-June 2013
B US I N E S S SOLUTIONS
Smarter ITSM! Using BMC Software Solutions
Fusion is the largest Consultancy & Systems Integration specialist in Europe focusing exclusively on BMC Software solutions. To recieve more information on Mobility and Security or trial MyIT from BMC contact Us... Parm Powar - 0208 814 6162 | firstname.lastname@example.org
24 Hour Global Support
Best Practice Consulting
No.1 choice for Service Management
For a quality & a reliable service... Call Fusion 020 8814 4888 | email@example.com | www.fusion.co.uk
Fusion is an elite Solution Partner of
iPads and 30 BlackBerry phones, and more than 500 servers, switches and wireless access points. On top of this, mobile devices enter and leave the network when temporary staff are appointed and when students bring their own devices. “We quickly realised that there was a lot more to consider than just being able to dial out to users’ computers,” says Davies. “We looked at our IT estate and saw that the split between PCs running Microsoft Windows and Apple devices was about even. We also have a lot of media and creative students, so we had an influx of new touch devices and tablets connecting to the network, which had to be considered. “There was also the theme of security. As we deal with students’ and staff members’ devices, the security issues around remote access were a big concern for us. We had to work with the HR department to prepare our policies for remote support, and the security of information on staff and student devices was one of the points that they raised.”
we looked at the cloud-based and SaaS options, there wasn’t the same level of granular control available, and they were also reliant on the reliability of the vendor’s systems,” comments Davies. “Finally, the ability to support Macs, Windows PCs, tablets and other devices through one, centralised solution made the choice an obvious one.”
The impact of remote support The implementation has led to direct benefits for both the UCA IT team and for students and staff. For the service desk function, Davies has seen an improvement in the number of calls handled, as well as increased service satisfaction. “We are proud of the fact that users now spend less time on hold, as we can connect to them quicker and have streamlined the support process. With the remote support functionality we are now able to handle more calls and still provide the same high quality of service our end-users expect,” comments Tempest.
The evaluation phase led to Davies and Tempest narrowing down their potential choice of solutions to two types: those based on a Software-as-a-Service (SaaS) model or a remote support appliance. “As the solution we chose is hosted on our own network, the amount of control over access levels was an immediate plus point for us. When
With the Embassy functionality, UCA can allow third-party vendors to securely access their network to assist with particular systems or issues. The UCA team securely manages these sessions with a full audit trail of activities, including video recordings of each session. “We sometimes have requirements to bring in outside support resources in order to deal with problems that arise. Before, this would require a wait for those resources to be available, scheduled in and connected. We can now actually bring an outside IT vendor into a support call There was also the theme of security. As we deal immediately,” says Davies. “We have full control over with students’ and staff members’ devices, the security the permissions that are in place and the connection is only maintained for the life of the session. This ability issues around remote access were a big concern for us. to collaborate while maintaining security is a huge We had to work with the HR department to prepare bonus for us. The fact that we can record all of these sessions means that we have a record of what was our policies for remote support, and the security of done and how, which can also be a learning resource information on staff and student devices was one of for us going forward.”
the points that they raised.
www.vital-mag.net | May-June 2013
De-risking change Transforming desktop delivery can deliver significant benefits, but getting it right needs careful planning in order to meet user and business expectations, writes Centralis IT consultant Ewen Anderson.
sing cloud and virtualisation technologies and delivering desktop as service (DaaS) is seen as a great opportunity for any organisation looking to increase the flexibility and mobility of its workforce.Whether the main aim is to avoid the cost and complexity of managing Windows migrations, respond to changing business models, enable a shared services model, or support initiatives like Bring Your Own Device (BYOD), the outcome has the potential to be positive. From a strategic perspective, however, a programme of transformation entails much more than simply swapping out ageing PCs and outsourcing or cloud sourcing. Rather, it’s about transforming the entire working environment and the underlying operating model of the business in order to realise new levels of agility, efficiency, and flexibility. Organisations differ as to what this transformed working environment should be called, but we like to refer to it simply as the ‘desktop’ because delivery of a simple, effective desktop to users is what organisations are seeking to achieve.
Desktop In its essence, the desktop represents the combination of workforce requirements and work styles and describes a place of work as delivered by corporate IT and tailored to the individual needs of the user. While that sounds straightforward, it takes significant planning and investment to achieve. It also entails a significant level of risk. Although most organisations may have a good idea of what they want their future desktop to look like, those that start a
transformation journey without having a clear idea of their current state, or what the best route would be to achieving their objectives, soon encounter problems. The risk is that they end up with a solution that fails to deliver the expected benefits or meet the needs of the organisation and its users. Too many business leaders today believe the hype surrounding cloud computing and virtualisation. They see a wide range of productivity tools being delivered via app stores for free, and then are shocked when they are presented with a cloud or virtualisation proposal with a hefty price tag. Similarly, end users are accustomed to information anytime, any place anywhere, and expect IT to be able to deliver similar results in the corporate environment.
Transformation and risk Transformation occurs when organisations change the way they deliver applications, desktops, and personalisation to their users. But while the motivations and commercial pressures are compelling, change at the desktop impacts directly on user productivity. This makes it inherently more difficult and risky for an organisation than many of the other types of technology change they may have delivered in the past. Such a transformation also poses a huge personal risk for those tasked with its delivery. But in raising objections at the outset, CIOs and CTOs can often look like they’re trying to avoid answering awkward questions. This tends to reinforce the rather simplistic view that everything is made unnecessarily complicated by corporate IT. Bringing in an independent partner to substantiate their concerns can be a massive help. An experienced partner will listen, analyse,
www.vital-mag.net | May-June 2013
Instant and Secure Remote Control, Whatever the platform, whatever the location
Remote Control for any platform
Instant and Secure Remote Control
Whatever the platform, whatever the location With comprehensive multi-platform support for WindowsÂŽ, Linux, MacÂŽ and mobile devices, combined with advanced system management functionality, NetSupport Manager remote control software has been giving helpdesk professionals the power to meet their daily support challenges for over 23 years.
Find out more:
And with the new NetSupport Manager Controls for Mac and Mobile devices giving you the ability to remotely connect to your business-critical systems and servers from an Apple Mac or any iOS or Android tablet and smartphone, youâ€™ve got even greater flexibility to support your user community from HQ or on the move. Learn more and download a free 30-day trial at www.netsupportmanager.com
w: www.netsupportmanager.com | e: firstname.lastname@example.org | t: 01778 382270
Consider for a moment the experience with business process outsourcing (BPO). The most common mistake companies make is attempting to outsource a problem. Processes have to be problem-free before they can be outsourced; otherwise the firm doing the outsourcing ends up paying over the odds for a worse service than it started out with. And in the long term, decreasing cost without increasing value is a sure-fire bet for going bust. Likewise with the cloud, it’s naive to think that simply adopting cloud technologies without making any structural or value-added changes will deliver long-term benefit. Of course, CIOs and CTOs are going to be on a sure footing if they can demonstrate with certainty that adopting cloud will reduce cost, complexity and risk, increase the efficiency of the business and ensure that the infrastructure that’s left still allows it to achieve its corporate objectives. DaaS (desktop as a service) for example, is a cloud solution that is tempting for almost any business looking to reduce costs. It is a subscription-based model, with the desktop provided to the organisation for a fixed price, sometimes expressed as a ‘per user per month’ cost.Yet there are numerous ways to deliver DaaS. Finding the right approach, balancing levels of service and security against risk and cost is therefore a case of matching the solution with the needs of the business.
The Devil is in the detail
Too many business leaders today believe the hype surrounding cloud computing and virtualisation.They see a wide range of productivity tools being delivered via app stores for free, and then are shocked when they are presented with a cloud or virtualisation proposal with a hefty price tag.
and propose practical and sensible solutions to meeting the changing needs and goals of the business. They can also provide some much needed support at a difficult time, when even the most trusted brands might not be the right answer.
Importantly, finding a partner with experience in consultative engagement at c-level offers an effective way for those tasked with delivering change to secure stakeholder buy-in. It gives stakeholders the confidence they need to plot the best course forward, as well as the empirical analysis necessary to understand current state and design requirements that meet both the immediate needs of the business and its long-term strategic objectives. Some would argue that stakeholders and senior managers should already have this level of understanding. In reality, how many c-level executives, if asked, could provide an accurate picture of what each and every role and responsibility within their organisation entails on a daily basis?
Only fools rush in The clamour for the cloud has been such that it has become a staple for almost any corporate IT strategy document. Indeed, ‘evolve or die’ has been the overwhelming message for quite some time, yet experience shows that organisations simply cannot afford to jump into the cloud without a parachute. It’s simply too difficult to see what’s on the other side.
Many organisations have taken a serious look at virtualising the desktop and, like cloud it is considered a technology with the potential for massive impact on the bottom line. But the bold predictions made by analysts in the last few years have yet to materialise. This is because many pilots of the technology have been conducted on a small scale. While the majority of these pilots perform extremely well, the problems typically emerge when trying to scale a solution across the organisation. It is only at this stage that the true implications of its requirements in terms of infrastructure, network management, storage, and application delivery become apparent. Introducing cloud solutions such as DaaS changes the conventional operating model, and unless that change takes place from the top down, all that a cloud implementation achieves is shift CapEx to OpEx without actually changing the operating model itself. More likely than not, the outcome will be counter-intuitive – namely increased cost and complexity. This is why a strategic review, comprehensive design requirement, and transformation methodology are so essential. Understanding your requirements, both current and future, is fundamental if you are going to successfully transform your infrastructure to meet your future business requirements – whether physical, virtual, cloud, or mobile. Ultimately, it is only possible to de-risk technology change if it is combined with organisational change by involving stakeholders and operational change to implement effective management. Cloud and virtualisation aside, what’s really exciting about the future is that it’s flexible. It’s about having the ability to instantly shift your desktop from your home PC to your tablet, to a company laptop or a desktop, or to a touch screen in a boardroom. And it is that flexibility that gives organisations the opportunity to evolve and operate faster, stronger and leaner – a mantra that is vital to remaining competitive in the current economy. www.centralis.co.uk
www.vital-mag.net | May-June 2013
VitAL Supplier Profile
Real-time IT management With a no-frills approach to delivering an IT management portfolio with value and functionality at its heart, ManageEngine is getting to grips with today’s game changing technologies.VitAL speaks to the company’s european director, David Howell.
ManageEngine sets out its stall with what it calls a no-frills focus on delivering an enterprise-class IT management portfolio, with value and functionality at a fraction of the price of other suppliers. It serves more than 72,000 established and emerging enterprises - customers with IT infrastructures that it says are far more dynamic, flexible and elastic than ever before. The net result is what ManageEngine calls real-time IT. “Real-time IT calls for IT to make the most of today’s game-changing technologies and deliver immediate services to organisations that are operating at an ever-increasing pace. It compels IT to operate at the speed of business, leveraging technologies to support new business models and applications.”
By providing a real-time, single-paneof-glass approach to IT management, ManageEngine enables an IT organisation to be proactive, empowered and better positioned to play a strategic role within the enterprise.
To help IT organisations control, manage and optimise IT infrastructures that are more consolidated, virtualised and automated than ever before, ManageEngine says it takes an approach that challenges the status quo of complex, expensive IT management products delivered by high-overhead sales organisations with high-margin product portfolios. Its nofrills philosophy is driven by research and development and 100 percent focused on the technology needs and business imperatives of the customer. Today, ManageEngine is a large company with customers of every size and type in over 200 countries. It claims to be the fastest-growing alternative to traditional network management frameworks with three out of every five Fortune 500 companies using its products. “But we haven’t forgotten our original inspiration,” says the company, “to put our customers first and deliver great IT management tools.” VitAL spoke to the company’s European director David Howell. VitAL: What are the origins of the company; how did it start and develop; how has it grown and how is it structured? David Howell: ManageEngine was Founded in 1996 as AdventNet, a division of Zoho Corporation. Currently we have over 1,500 employees, 80 percent of whom work from the Indian Headquarters in Chennai. ManageEngine has a second headquarter in Pleasanton. California. First product included WebNMS - the number one EMS/NMS platform for telecom and today we have more than 20 products for real-
www.vital-mag.net | May-June 2013
VitAL Supplier Profile
time IT management including IT360 for integrated IT management. The company has a no-frills focus on delivering enterprise-class IT management portfolio, value and functionality at a fraction of the price of the big four’s high-overhead offerings. Our focus is on realtime IT for the new speed of business.
DH: Our customers include a range of companies from a broad spectrum of sectors including: AOL, BMI Healthcare (see case study elsewhere in this feature), Arjohuntleigh, Saint Gobain, Sony, AT & T, Lufthansa, Barclays and Thomas Cook.
We serve more than 72,000 established and emerging enterprises customers with IT infrastructures that are far more dynamic, flexible and elastic than ever before. The net result is what we call real-time IT. Our Approach is a no-frills philosophy driven by R&D which is 100 percent customer focused.
VitAL: What trends in IT are having an effect on your business and how do you address these trends?
To help IT organisations control, manage and optimise IT infrastructures that are more consolidated, virtualised and automated than ever before, ManageEngine takes an approach that challenges the status quo of complex, expensive IT management products delivered by high-overhead sales organisations with high-margin product portfolios. ManageEngine has a no-frills philosophy driven by research and development and 100 percent focused on the technology needs and business imperatives of our customers. As a result, our product portfolio and functionality are what you would expect from the big four at a fraction of the price. Our products enable IT managers to deliver an optimum end-user experience and harness IT to achieve business efficiencies in the face of increasing complexity. By providing a real-time, single-paneof-glass approach to IT management, ManageEngine enables an IT organisation to be proactive, empowered and better positioned to play a strategic role within the enterprise. Today, ManageEngine is a large company with customers of every size and type in over 200 countries. ManageEngine is the fastest-growing alternative to traditional network management frameworks -- 3 out of every 5 For tune 500 companies use our products. In the era of real-time IT, great IT management products, a singular focus on delivering the industry’s best business value, and a relentless commitment to customer satisfaction make ManageEngine your best choice. VitAL: What is the company’s specialist area or product group? DH: ManageEngine’s leading product is the IT helpdesk software ServiceDesk Plus. This product is used by over 20,000 customers across the globe. Well-known names like Lufthansa, Coca Cola and other are among the list of customers. This product is ITIL (Information technology Infrastructure Library) ready and offers best practices to ensure IT services are highly available. ServiceDesk Plus has three editions and the enterprise edition offers Incident Management, Problem Management, Change Management and CMDB (Configuration Management DataBase). ManageEngine added a feature to the product; Project Management. With this introduction, IT administrators now have a production-level, integrated tool for managing large IT help desk projects and for At the moment, collaborating with different ITSM is like a big teams and experts. One can cake from which use this product to keep track of the incoming tickets on their everyone cuts off a iphones thanks to the new slice.The market is voice-driven iphone app.
saturating and soon there would be only the best players producing the finest products for the market.
www.vital-mag.net | May-June 2013
ServiceDesk plus also has an MSP (Managed Service Providers) version and an ondemand, SaaS version.
DH: The leading trend in the market is Social IT. In the age of Facebook and Twitter, customers look at improved work environment by blending work and fun. Integrating IT software products with social sites specific to IT is the next biggest step in the IT industry. ManageEngine is looking at integrating its ITPulse, a private social network with the helpdesk product - and others later to bring a well-connected mechanism into IT solutions. VitAL: What is your view of the current state of IT Service Management and IT in business and the economy in general, the challenges and the opportunities? DH: At the moment, ITSM is like a big cake from which everyone cuts off a slice. The market is saturating and soon there would be only the best players producing the finest products for the market. This is the time when great leaders are being made who will play the field for SMBs and the big ones competing in large enterprise segments both in SaaS and on premise. VitAL: Has the company grown organically or by acquisition and how much is growth expected in the future? DH: At ManageEngine we believe in organic growth only. It cannot be assumed that once you acquire a company you will get a good relevant output. There are technology and cultural differences and in many cases these do not gel well. We will continue to grow without acquisitions. It’s quite tough to predict growth rate for the future, it depends on various factors. The US and UK are among our fastest growing markets. We look at growing further across the globe. Our software being downloadable gives us the advantage of being a truly global company. VitAL: How does your offering deal with the issues around security? DH: ManageEngine offers security solutions that provide a secure fortress for the enterprises. Below are the products and their offerings that provide a complete security blanket: 1. Security Manager Plus (Identify vulnerabilities & secure your boundary); 2. EventLog Analyzer and Firewall Analyzer (Monitor, analyze log data and alert on internal, external security threats); 3. Password Manager Pro (Protect the keys to your enterprise); 4. DeviceExpert (Establish a centralized authority for network device configurations); 5. Desktop Central (Constitute centralized control for servers & desktops). VitAL: David Howell, thank you very much. www.manageengine.com
VitAL: Who are the company’s main customers today and in the future?
VitAL Supplier Profile
Improved visibility and security ManageEngine’s integrated Desktop and Mobile Device Management solution automates patch management and administration, enhancing security and inventory compliance at BMI Healthcare offering visibility and security of devices accessing the central network while boasting savings of 70 percent in IT expenditure.
Effective desktop management is becoming more and more crucial to the entire healthcare industry.
MI Healthcare, a leading independent healthcare provider, claims to have delivered annual IT infrastructure management cost savings of at least 70 percent, improved security, automated patch management and increased visibility across its entire IT environment as a result of deploying Desktop Central from ManageEngine.
management tasks would tie an engineer up for a considerable amount of time and often resulted in suppor t calls being logged and contractors being hired to achieve the level of repor ting detail BMI Healthcare required.
With 69 hospitals and treatment centres, over 10,000 employees and 6,500 IP enabled devices across the UK, BMI Healthcare required a centralised management solution to ensure visibility and understanding of the entire IT landscape. This means that at any given time, the IT department has the ability to monitor devices including medical equipment across its estate and to administer the required software and security updates, enabling users to continue operating within a secure environment with maximum availability of systems.
“Effective desktop management is becoming more and more crucial to the entire healthcare industry,” adds Rooney. “The fastpaced environment requires a carefully planned and articulated approach to technological advancements and the ever-evolving threat landscape. As the ramifications of a network security breach can be catastrophic in a hospital, compliance reporting plays a hugely important role in daily operations. We need visibility of what version of anti-virus is installed on every device, which patches are yet to be deployed, the overall volume of devices connecting to the network and who is logging onto a machine and at what time. With Desktop Central we can quickly go from monitoring and reporting to remediation action.
Matt Rooney, IT desktop manager for BMI Healthcare, said; “We live in an age where technology and Internet enabled devices are now the norm. The global and local healthcare sectors have become more aware of their dependency on IT infrastructure, with medical equipment typically requiring a live IP connection to function. On top of this, staff are using a combination of personal and corporate PCs, laptops, Smartphones and tablets to access our central network and Wi-Fi. “Before deploying ManageEngine’s Desktop Central, we used Symantec’s Altiris, which had a complicated back-end SQL database and required heavy upfront investment from a solution customisation stand-point,” continues Rooney. “It also meant that we had to ensure one of our engineers was fluent in SQL reporting as none of the out-of-the-box reports met our unique regulatory standard requirements. As a result, we had little visibility into the exact inventory of our desktop estate, which presented a patch management headache. Especially when you consider the number of hospitals we maintain.” Desktop Central automates BMI Healthcare’s regular desktop management activities such as; installation of periodical software updates, weekly patch management, delivery of service packs to any Windows-based device including medical equipment, standardising desktop interfaces, administering company wide security policies and restricting the use of unsecured foreign devices, such as USB sticks and por table hard drives. In addition, the IT depar tment uses Desktop Central to audit its entire Windows estate and run the necessary repor ts to comply with healthcare industry regulatory standards. Automating these impor tant, yet traditionally manual IT functions has freed up the IT team to focus on other business critical IT disciplines and projects - such as network monitoring and security event management. Before the introduction of Desktop Central, these
“Much of the medical equipment we use is Windows-based so it is imperative that it is protected against external threats by ensuring a carefully devised patching schedule is implemented, which Desktop Central has allowed us to facilitate. Our hospitals see a large number of patients in a day and if, for example, a modality was unavailable due to OS issues, it would have a direct impact on our ability to operate effectively,” concludes Rooney. In addition to server and desktop management, Desktop Central now also enables management of mobile devices, such as smartphones and tablets, to perform profile management, asset management, app management, and security management. BMI Healthcare is currently evaluating these features in a trial roll-out. David Howell, european director, ManageEngine commented on the move “The BYOD trend in the healthcare sector is no different than in any other industry. Employees want to bring in and use a device that they are familiar with and that also enables convenience, for example, a doctor showing a patient their MRI scan at the bedside on an iPad. For organisations such as BMI Healthcare, it is impor tant that the management of this remains intuitive and user-friendly, and better still that it integrates with existing desktop management solutions. Following direct consultations with customers we enhanced the capabilities of Desktop Central to respond to market demand and to enable our customers to perform both desktop management and mobile device management in one streamlined dashboard.”
www.vital-mag.net | May-June 2013
Businesses that don’t support the evolution of IT will be left vulnerable As IT becomes more strategic, organisations must support the team with adequate resource, robust systems which are fit for purpose and a commitment to on-going investment, according to Thomas Coles, managing director, MSM Software.
T is fundamentally changing. A recent study carried out with 100 IT managers from large UK-based organisations showed that 95 percent believe the IT role has transformed over the past twelve months, most notably into a more strategic role. Because of this, skill sets are shifting and IT staff now spend less time working with and supporting in-house systems. What this means is that the role of IT is evolving. It is breaking out of its ‘silo’ and beginning to drive business transformation; supporting organisations’ tactical initiatives and strategic objectives.
shift is in part a recessionary influence, as limited funds have resulted in necessary cut-backs, prominently to those working in day-to-day IT roles, and this has led to a direct impact on internal resource.
The role of IT is evolving. It is breaking out of its ‘silo’ and beginning to drive business transformation; supporting organisations’ tactical initiatives and strategic objectives.
However, with IT focused on strategy, the study showed that 40 percent of IT managers no longer have sufficient resources available to support business-critical systems, or to undertake the host of software projects that business requirements necessitate; which can be both resource intense and complex. With IT taking centre stage and the demands on the department increasing, this strain has left IT teams at breaking point.
These cut backs are leaving organisations at risk and I believe the lack of IT resource will soon result in a failure to ensure the IT function can maintain and drive forward technology innovation. This may adversely impact upon business growth and increase the risk of software or technology failure, which can lead to loss of revenue, profit and customers – enough to concern any boardroom.
With IT taking on a more strategic role it is being denied the tools, in terms of resource, to operate effectively. I believe businesses must now carefully consider their IT needs and what resources are required to remain competitive. Establishing resourcing gaps is one thing, filling them is a different task altogether. Technical expertise can be hard to come by and furthermore, many organisations
Businesses are facing a faster pace of change than they ever have done before, due in no small part to the ever-shifting technology landscape. This is placing pressure on the IT department to keep abreast of developments. Driving this pressure is the increased expectation from IT. In this electronic age, customers have higher demands on technology; for example, if a customer places on order online, then follows up with a phone call to the contact centre a day later, they will expect the team to be aware of the purchase. To keep pace with the changing technology environment, IT must be able to support the business 24/7 and have the systems in place to interface with customers in a plethora of different ways. The heightened demand on technology has placed additional strain on IT to live up to expectation. Furthermore, the significant shift within in-house IT departments in the last year has created additional pressure that has left IT teams struggling to cope. This
www.vital-mag.net | May-June 2013
struggle with the Fit for nothing? The heightened demand on technology high training costs As the role of IT evolves, its and other overhead has placed additional strain on IT to live up to long-term success will not only expenses of expectation. Furthermore, the significant shift be dependent on resourcing; the recruiting specialist IT professionals. This within in-house IT departments in the last year has technology utilised also needs to be fit for purpose in the context ultimately leads to IT created additional pressure that has left IT teams of the business. Worryingly, this departments facing doesn’t seem to be the case for struggling to cope. constant resource many businesses. A study revealed problems – placing that collectively, 98 percent of IT an unhealthy pressure managers are not convinced that IT on existing teams to systems are matched to their business needs or fit for purpose. deliver day-to-day operations. If an IT system is not matched to a business’s needs it will become In my opinion, the changing nature of IT calls for a fresh strategic less efficient; wasting time and potentially incurring unnecessary costs. approach to resourcing. Some firms have considered outsourcing, It will also restrict the growth of the company as IT can not support which not only enables a company’s in-house team to focus on their this development. It also places the business at risk of technology core activities, but also brings dedicated, and in some cases more failure. This can introduce unexpected panic, confusion and turmoil experienced, hands on board to act as an extension of the team. into the company, which can have huge repercussions in terms of lost Outsourcing allows a business to plug essential skills gaps to ensure sales, revenues, custom and reputation. its competitive future; enabling day-to-day activities to be supported Businesses must develop a deeper understanding of their existing whilst IT teams focus on delivering strategic objectives. systems to stave off these potential issues. It is also fundamental that An alternative resourcing method is ‘body shopping’, where a businesses undertake technical audits, such as software health checks, business loans the technical expertise of an organisation’s employee to assess the current status of business critical systems, the efficiency on a short or longer-term basis. This can enable a business to meet of existing technology, what is working within the organisation, and staffing requirements, ease the pressure of skills shortages, but also the areas for improvement. keep costs to a minimum. This type of flexible resourcing differs from By carrying out a technical audit a business can document how the outsourcing, which presents one of the keys ways of introducing system is working, how it’s likely to perform in the future, and can change into business culture through outside innovation.
www.vital-mag.net | May-June 2013
establish whether it is fit for purpose and meets the evolving needs of the business. This information is crucial to provide assurance to an organisation that the systems in place are robust and adaptable enough to support the developing role of IT and achieve long-term technology innovation.
with the changing strategic nature of IT and its growing importance upon, and dependence from the wider organisation.
Investing in the future of IT
Every department must have the ‘IT’ factor
The recessionary environment has had an impact on many organisations’ approach to investment in technology, and in my opinion it’s another reason why an overwhelming majority of IT managers cast doubts over the long-term suitability of their IT systems. Research shows that in the last two years, investment in new, innovative business-critical systems has fallen significantly, with 45 percent of businesses choosing not to invest in IT. Alongside this, over a third of businesses (33 percent), have put aside projects, waiting for economic times to improve . I believe a lack of investment in IT is a fundamental reason why IT managers do not believe their systems are fit for purpose or can support the changing requirements of the business. Holding back on investment is a dangerous strategy for organisations to pursue, as retaining older equipment or software leaves a business vulnerable to competitors making fresh investment – reaping productivity rewards, ensuring satisfied customers and making low investment organisations look out-dated in the process. Firms which are reluctant to invest in IT are taking the wrong approach. Without new investment in projects, technologies and the resource to support these developments, no new wave of productivity improvements is possible. It’s also a strategy which contrasts sharply
As a result, businesses must reassess their approach to IT investment, or this could lead to detrimental long-term effects on their future growth.
The role of IT is changing; the IT department is beginning to fundamentally power activities at all levels of how a business operates in today’s competitive environment. Whether it is end user adopted or company mandated, technology is taking a lead role in everything a business does, and every decision it makes. As IT develops, businesses must consider how to maximise technology in the best way possible. For example, technology is taking on a greater role for delivering the customer’s experience, so businesses must consider how IT can deliver this in the most effective way possible. As IT becomes more strategic, organisations must support the team with adequate resource, robust IT systems which are fit for purpose and a commitment to on-going investment. This is the only way firms can enable IT to meet the long-term objectives of the business, whilst ensuring that the department is not spreading itself too thin – leaving the wider organisation vulnerable in the process. www.msmsoftware.com
Outsourcing allows a business to plug essential skills gaps to ensure its competitive future; enabling day-to-day activities to be supported whilst IT teams focus on delivering strategic objectives.
www.vital-mag.net | May-June 2013
The five myths of organisational change Chartered psychologist and Appreciative Inquiry expert Sarah Lewis discusses the five myths of change management and why these mean that managing change within an organisation can actually hinder the change process.
e are constantly told that, in today’s world, change is a permanent feature of organisational life. Given this is it surprising how many myths abound, and the extent to which organisations struggle with the concept of change! I believe that part of the problem is that our ideas in this area are outdated.The organisation is not a machine and our leaders are not all seeing and all knowing. In my experience, working within both large and small organisations, there are five erroneous beliefs that mean that ‘change management’ can actually hinder change within an organisation:
You can’t implement the change until you have thought through every step and have every possible question answered Not True. In many situations it is sufficient to have a sense of the end goal along with some shared guiding principles about how the change will unfold. With these in place leaders can call on the collective intelligence of the organisation as it embarks on learning by doing: taking the first steps, reviewing progress, learning from experience and involving those who know the detail in their areas. This ‘all-seeing’ belief leads to exhaustive energy going into detailed forecasting and analysis of every possible impact – and this slows the whole process down.
You can control communication about change within the organisation Impossible! People are sense-making creatures who constantly work to make sense of what is happening around them. This means it is not possible to control communication in this way. By withholding information we convey something, usually distrust or secrecy. But more than this, in this day and age there is no chance of being aware of everything that is being said about the change. Instead leaders need to focus on making sure they get to hear what sense is being made of what is going on so that they can contribute a different or corrective perspective.
To communicate about change is to engage people with the change Not necessarily. People start to engage with the change when they start working out what it means for them. They find out through exploration and discovery. They become more engaged when they are asked ‘how and what’ questions. People then have to use their imaginations and creativity to start visualising what their bit of the world will be like when ‘the change’ has happened. The belief that communication alone equals engagement leads to
an over-emphasis on communicating about ‘the change’. Staff hear managers talking endlessly about how important this change is, yet no one seems to know what the change actually means for people.
Planning makes things happen Sadly no! Creating plans can be an extremely helpful activity but until people translate the plans into activity on the ground, the plans are just plans.
In many situations it is sufficient to have a sense of the end goal along with some shared guiding principles about how the change will unfold.
This belief in ‘plan as action’ fuels a plethora of projects and roadmaps and spreadsheets of interconnection, key milestones, tasks, measures and so on. A much more energising alternative is to bring people together to start exploring ‘the change’ and generating ideas for action, and then to write documents that create a coherent account of the actions people are taking.
Change is always disliked and resisted No. If this were true none of us would emerge from babyhood. Our life is a story of change and growth, of expansion and adaptation, of discovery and adjustment. What is true is that change takes energy, and people don’t necessarily always have the energy or inclination to engage with change. It is not change itself that is the issue, it is the effect imposed change can have on things that are important to us: autonomy, choice, power, desire, satisfaction, self-management, sense of competency, group status, sense of identity and so on. If we attend to enhancing these within the change process then there is a much greater chance that it will be experienced as life-enhancing growth like so many other changes in our lives. So, what is the alternative? Many new approaches that focus on achieving collaborative transformation are emerging such as Appreciative Inquiry, Open Space and World Café. These approaches recognise organisational change as a collective effort, as a social process that can be inspiring and dynamic with leaps of understanding as well as being messy and confusing at times. They work with the best of the human condition – the importance to us of our relationships, our imagination, our ability to care and to feel and to create meaning in life. In this way they release managers and leaders from the impossible responsibility of foreseeing all possibilities and instead liberate the organisation to find productive ways forward in an ever-changing organisation landscape, together.
www.vital-mag.net | May-June 2013
Feature sponsored by
Achieving more with fewer clicks Software tools should be all about doing more with less. As we come out of a long, hard winter here in the UK, David Brown, internal sales team manager at TopDesk suggests itâ€™s easier to book that longed for holiday in the sun if you can trust the Service Management tools and staff you leave behind; and you can rest easier if you know that shared functionality is saving the company money too.
Beautifully designed service management software should truly focus on areas of a tool that allow both operators and end users the ability to achieve more with fewer clicks.
www.vital-mag.net | May-June 2013
Feature sponsored by
eep having to push back that much-needed holiday? Find it difficult to get work off your mind even when you are trying to top-up your tan on the beach? With the longest winter in over five decades, we could all use a little relaxation. Service management tools are designed to make your life more manageable, so that you wonâ€™t worry about missing another deadline or keeping your work prioritised. Reducing stress is an important investment in people, which makes good business sense. People who can reduce their stress tend to live longer, fuller lives; it also helps avoid burn-out. Peace of mind is the benefit of knowing that your employees can manage themselves and that the office will still be in prime working order when you get back. So go ahead and schedule those non-refundable flights and soak up that well deserved sun.
www.vital-mag.net | May-June 2013
Demand more from your service desk software A service desk should work for the business; not the other way around. Having a Plan Board is an innovative feature that allows you to access the core functionality of your service desk. Beautifully designed service management software should truly focus on areas of a tool that allow both operators and end users the ability to achieve more with fewer clicks. We found that many companies used rudimentary procedures such as spread sheets and sticky notes to manage employeesâ€™ workflows and availability. They also used this method to assign jobs to the appropriate operators. In other words, this created a lot of confusion, and information was lost along the way.
Feature sponsored by A Plan Board provides excellent resource planning, granting its users unprecedented overview and control. This helps an organisation plan the availability and workload of its employees, and helps operators coordinate the services they provide. Essentially, organisations can schedule appointments and assign workload by simply dragging and dropping tasks to the specific operator or team at the appropriate time and date. What’s more, the appointment created in the operator’s calendar may contain multiple tasks to further optimise their efficiency. A coordinator can immediately see how busy the operators are by checking a team member’s availability per role and per time slot. Therefore, if a need arises to reschedule an appointment, it can easily be achieved. Likewise, if certain operators are too busy or taken ill suddenly, a manager can delegate their workload by reassigning tasks in a matter of clicks. Users found graphical overviews in a Plan Board hugely beneficial, as it allows for an instant analysis. It can be tailored easily via useful filters, and can be utilised to colour-code recurring tasks for short- and long-term planning. As always, innovations in software are driven by the end-user experience. As a result, a tool should have augmented features such as the Plan Board to simplify service management.
your Dashboard, whether they are pie charts, bar charts, line graphs, Gantt charts, etc. Clickable reports allow extremely busy managers to stay on top of all process statistics, while enjoying the beauty of extensive graphical possibilities.
Most commonly used reports should be viewed on your Dashboard,
Shared service centre Collaboration between departments has always been of paramount importance for service management tool users. Software programs encompassing multi-department functionality is currently a trend in the service management market.These programs, can handle more than just IT processes, and streamline the workflow of differing departments such as - Human Resources, Facilities and Finance, to name but a few. Synergy between departments comes from using the same tool which reduces the chance of duplicating organisational tasks, and saves you time and energy. If different sectors within an organisation all provide services to the clients and staff, then surely there is scope to centralise the Service Desk through shared Service Centres.
a tool should have augmented features such as the Plan Board to simplify service management.
Seeing is believing Dashboards are another essential feature of service desk software, offering a key insight into the effectiveness of your ITSM solution. They provide a bigger picture concerning all the key features and functionalities for managers. Within a few minutes, the single-page format may be populated with numerous reports and overviews specific to your organisation. All the relevant information that you could need may be viewed in a single screen, whether it is used for individual processes or multiple process reporting: customisable widgets will give brief summaries all in one place. This gives you real-time insight into your organisation’s performance and exposes connections between the separate processes specific to any single operator or team. Reporting should be simple. A tool should be able to produce comprehensive reports in a couple of steps, and drill down to assess extensive information. They add value and save a company time by assisting in short-, medium- and long-term progress evaluation. For example, you can select the data, operator groups and the type of report you require, and the desired information should be there in a couple of clicks. Most commonly used reports should be viewed on
If you are looking to upgrade your holiday trip to business class, or add another star to the hotel you’re staying at, then it doesn’t hurt that a shared service saves your company from having to purchase separate tools; possibly leading to that additional bonus at the end of the year. In fact, the importance of shared service centres has increased as an ever- competitive marketplace dictates the need for cost efficiency from within the whole organization. If the licence cost is shared, for example by IT, HR and Finance, then all three departments can maximise their annual budget to greater effect rather than each department purchasing its own software package. Typically in the past, departments in an organisation would have their own specific IT infrastructure, escalation process and vocabulary; with the standardised approach of shared service centres, you can lower software and maintenance costs by adhering to tried-and-trusted processes and best practices. Thus, your time is saved, your head isn’t pounding and your pockets are properly stuffed. If you are looking
Clickable reports allow extremely busy managers to stay on top of all process statistics, while enjoying the beauty of extensive graphical possibilities.
www.vital-mag.net | May-June 2013
Feature sponsored by department, on the other hand, is responsible for arranging a desk, chair and telephone line, whilst Finance and HR are responsible for setting up contracts and payroll. With standardised planning within a shared service centre, the organisation of setting up a standard workstation becomes effortless. Although a rather straightforward example of how departments may collaborate, this case illustrates the differing considerations and levels of responsibility that could be applied to all the working processes of a company.
The benefits of a standardised approach
for happier customers, the collaboration of your workforce will offer a complete service as opposed to a ‘quick-fix’ and with one point of contact, rather than several. Indeed, one of our happy customers, McDonald’s IT Manager Raik Müller commented: “By using the application, our bunch of specialised groups now forms a cohesive team.”
The role of the operator It is also important to consider the role of your operators when orchestrating collaboration between departments. There will be more tasks, and the staff will be responsible for the success of the innovation. Indeed, the development of policies can be an empowering experience for all involved and, in this way, the satisfaction of employees will no doubt increase as they see direct results of their influence in their day-to-day work. An exploration of the points discussed is exemplified in the following simple, yet classic case study. A new employee begins at a company, and the IT department is required to provide a computer, login details and licences for the relevant software. The Facilities
One size doesn’t fit all, but that doesn’t mean you need to custom build a system from the ground up. Bespoke work takes time and effort for all parties involved and doesn’t guarantee that the staff will be able to use it efficiently when it gets completed. Standardising a tool to a certain degree saves you that impending headache, and passes on the pricing benefit of economies of scale. TOPdesk is a global leader in the service management software industry and began trading in 1993, specialising in standardised, modular and platform-independent solutions for IT, FM and HR support desks. With over 5,000 plus unique customers worldwide, TOPdesk’s award-winning functionality allows multi-national organisations and SMEs alike to streamline their services and reduce their workload. TOPdesk’s ITIL-aligned tool has won numerous accolades for its user-friendliness and industry innovations, ensuring that their customer base has the latest technology at their fingertips. TOPdesk has offices in the UK, Netherlands, Germany, Denmark, Brazil, Belgium and Hungary, and the software is available in no less than 10 languages as either an on-premise or Software as a Service offering. TOPdesk’s flexible licensing structure, highly skilled support team and extensive experience of all types of installations and integrations allows them to cater for any type of helpdesk software requirement. Don’t forget your SPF 50, and send us a postcard. www.topdesk.co.uk
Synergy between departments comes from using the same tool which reduces the chance of duplicating organisational tasks, and saves you time and energy. If different sectors within an organisation all provide services to the clients and staff, then surely there is scope to centralise the Service Desk through shared Service Centres.
www.vital-mag.net | May-June 2013
Intelligent communication in a social world Intranet improvement pioneer and founder of Interact, Nigel Danson says itâ€™s time to get social with your internal comms infrastructure and take a fresh look at the growing importance of your organisationâ€™s intranet.
www.vital-mag.net | May-June 2013
One of the biggest developments which kick started the intranet evolution was the ease by which anyone can upload content, which happened around four years ago. or far too long intranets were viewed as the poorer relation to the website.The website, which is the external face of a company, was long perceived as having a greater impact on sales and therefore more imperative to business success. Meanwhile the intranet was given a secondary placing in comparison. I believe this downgrading of the intranet was due to a fundamental issue with the way intranets traditionally operated which made them ineffective, inefficient and subsequently redundant to a productive workforce. Intranets were managed by one person, usually in the IT team, who made the decision on what and when information is pushed out. However, the problem with this traditional approach is that far too often the information is not tailored or suitable for individuals with different needs within the organisation. Over the past few years there has been a massive step change in both the perception and use of intranets. As a result of this, investment levels in intranets have increased significantly relative to corporate websites. One of the biggest developments which kick started the intranet evolution was the ease by which anyone can upload content, which happened around four years ago. Many organisations have introduced ‘Intranet Champions’ in various departments in the workplace, such as marketing, finance and HR, which has decentralised the way content is added. It has also made the updating of intranets less of a technical nightmare, meaning that an up to date intranet is no longer dependent on the IT department. This decentralisation of the intranet has led to the next step in the evolution of the intranet. Social business is becoming more and more prevalent in our everyday lives and we are seeing a significant change in the way people collaborate and share information, with the likes of Twitter, Facebook and LinkedIn, ultimately transforming how we communicate with those around us. Intranets have also been impacted by these social media platforms, and many organisations have begun to realise the numerous benefits that a collaborative intranet can bring in helping people to get work done.
The evolution into a social intranet A report from evidence-based user research company, the Nielsen Norman Group has revealed that social features within an intranet are essential for supporting employee collaboration and knowledge management. The report also highlights the ease at which users are taking to social tools when used for the right reasons and in the right work context. Intranet tools which resemble the social media actions employees continually make in their daily lives, such as ‘sharing’, hashtagging or ‘liking’, make it easy for the user and in turn encourage adoption. The benefit for the business is all of these one-click steps catalyse knowledge sharing and collaboration within an organisation.
www.vital-mag.net | May-June 2013
Whilst the power and importance of intranets has continued and will continue to grow, the task has got even tougher to ensure an intranet is equipped to play an essential role in carefully aligning itself to an organisation’s long-term success. One of a company’s biggest commitments to achieving success is trusting its employees. Therefore, by trusting staff, they can successfully create and maximise their networks, all based on need, not department or location. As organisations continue to adopt a ‘social’ intranet, it is not uncommon to have hundreds, if not thousands, of people contributing to intranet content on a daily basis, through blogs, comment on documents, ‘Likes’, ‘Shares’ and status updates. These social capabilities of an intranet not only aid knowledge sharing, but are particularly important when someone leaves an organisation, and they take with them their valuable knowledge and experience. A social intranet makes conversations more public and structured so knowledge is kept within the company. However, the social intranet has created a problem; there is an abundance of information which employees have to sift through to try and find the content relevant to their specific query. This not only causes people to become frustrated and in turn leads to a lack of employee engagement, but also individuals are more likely to miss vital information which can help them do their work. Therefore, the creation of this ‘noise’ can have great detrimental effect on an organisation’s productivity.
Increasing productivity through people-focused communication People want to be able to get work done and achieve results quickly. But when an employee requires information to do their job effectively, knowing who to approach in an organisation to find relevant information can be a minefield, whilst searching on intranets can be a very time consuming process. McKinsey recently reported workers spend approximately 28 hours per week searching and collaborating. The report from the Nielsen Norman Group shows that knowledge within a social intranet must be carefully managed to effectively support employee collaboration. Also, an integrated search functionality which searches the entire social layer on the intranet in addition to other content is essential. Most notably however the report highlights that social intranet projects must be driven by business needs to make them most effective. Far too often intranets are technology-focused, when to be most effective they must focus on the specific requirements and needs of the business, the employees and the tasks they need to do. In a business world where time is critical – not least due to the current economic environment, the demand for accurate and relevant content which supports specific business and employee requirements to enable people to get work done efficiently is more crucial than ever. I therefore believe for a modern day intranet to become essential to an organisation’s success relying on social alone is simply not enough.
Social alone is not enough
within an organisation can increase by 25 percent with the right technology and culture. However, we have seen with a number of our customers at Interact Intranet that this increase in productivity levels can not only be reached but surpassed. This can be achieved by utilising a blend of social and productivity tools which can aid internal communication, collaboration and carry out key business processes. This in turn reinvigorates employee engagement and interaction, empowers staff and perhaps most importantly for the boardroom, increases productivity. The benefits of a social intranet are numerous, but for the collaboration that it brings to be both effective and efficient, the noise must be intelligently filtered to make content more targeted and therefore appealing to its intended audiences. A prime example of this type of technology is Amazon recommendations, which makes suggestions to consumers based on previous searches and purchases. To truly aid productivity, intranets must take the same approach and use the data from social tools to look at an individual’s connections, interactions, intranet behaviour and profile data and from this information, construct a unique profile DNA for each intranet user and filter the most relevant content accordingly. The end result is a social intranet which works intelligently to make the right content find the right people. An intelligent intranet contains three elements which need to blend together, business process, collaboration and communication. The social layer uncovers information in the intranet which is relevant to what the user is doing in their daily role. For example, if two people have ‘liked’ something within a network, it is very likely to be relevant and of interest to another person within the same organisation. This layer essentially pushes information in a very focused way to the user. It is therefore imperative that the intranet is not a static tool, but continually updates and changes in order to remain relevant to the individual user. The intranet has evolved from a static data archive into a powerful digital workspace and a go-to-place for getting work done in realtime, which is constantly accumulating content, people, collaboration and services. Whilst the power and importance of intranets has continued and will continue to grow, the task has got even tougher to ensure an intranet is equipped to play an essential role in carefully aligning itself to an organisation’s long-term success. www.interact-intranet.com
A blend of social and productivity tools with intelligent communication is key. Statistics from Mckinsey show that productivity
www.vital-mag.net | May-June 2013
Unified Communications – Problems and solutions Unified Communications (UC) offers benefits such as allowing offices more streamlined communications.Yet it requires large investment and networks are not always ready. According to Ipanema’s Béatrice Piquer-Durand there is a need to take pre-emptive action to ensure UC works efficiently and that other applications are also protected.
When asked what would drive the greatest increase in data-networking requirements, 14 percent of respondents cited UC as the biggest contributor. with UC adoption. One major risk exists in the impact UC traffic flows have on the Wide Area Network (WAN), which in turn can impact the performance of other business critical applications.
nified Communications (UC) is increasingly common. It offers sizable benefits and will continue to be adopted. For instance, a study we conducted in April 2013 of 120 European customers indicated 77 percent were using UC.Yet with its development and expansion, UC puts stress on networks. Consider a statistic revealed last year in KillerApps 2012, a study examining CIO and IT decision makers’ perceptions on networking trends.When asked what would drive the greatest increase in data-networking requirements, 14 percent of respondents cited UC as the biggest contributor.
To understand what is meant by this, think of networks as roads. Networks are what connect an office to other branch offices, or to the cloud, or to an employee’s home. UC travels across these network ‘roads’. It is traffic. In the same way that the number of cars on a given road is rarely constant, so the amount of traffic from UC varies as usage fluctuates. UC flows are made up of video and voice, which is dynamic traffic. This means traffic levels grow or subside based on user demand. In turn, this can result in UC applications impacting the performance of other business-critical traffic during high demand. The network ‘roads’ that UC travel across have become increasingly clogged for many companies in recent years. Employees are now using company networks for their own recreational activities.This can be very, very expensive for a business. If there are traffic jams, then UC can falter or fail – which results in the ever-unpleasant experience of delay or jitter. UC requires a significant investment and steps must be taken to ensure the enterprise is prepared to handle its impact.
Delivering Unified Communications
What should companies do?
Gartner defines UC products as those that facilitate the interactive use of multiple enterprise communication methods. In brief, UC describes an integrated, real-time type of communication. It’s everything from video conferencing to instant messaging to telephony. Examples include Microsoft Lync or Polycom’s UC suite. By allowing companies, both small and large, to communicate across vast distances as though meeting face-to-face, UC provides considerable benefits.
There are two possible solutions: companies can purchase more bandwidth; and/or companies can use Application Performance Guarantee (APG) solutions, which control and dynamically guarantee the performance of critical across networks. Adding more bandwidth isn’t the complete and only answer, as more bandwidth is rarely enough. Applications are bandwidth hungry. The more bandwidth a company has, the more bandwidth its applications will consume. Every day, they will systematically cannibalise the successful performance of critical applications. Additionally, the added bandwidth will struggle to guarantee critical application performance.
While numerous articles have been written on the amazing, and very real, potential of UC, far less is said about the risks coinciding
www.vital-mag.net | May-June 2013
VitAL Eyes on
In general, application traffic tries to use up all the available bandwidth. Simply increasing it is like filling a bottomless pit: expensive and rarely enough to satisfy ever-growing usage demands. The additional traffic may also hinder the performance of the business-critical and often resource-thrifty applications. Another issue lies in the inability of additional bandwidth to respond appropriately to the variable nature of UC traffic. Perhaps during the call, an employee decides to share a large file or to ‘screen share’ on Microsoft Lync; another streams a video from an online host. Suddenly 100 percent of the company’s bandwidth is used in a burst, with several other users attempting to make VoIP calls or update SaaS CRM Systems. The bandwidth is already at capacity. Something will have to give somewhere, but the network doesn’t know where the ‘give’ should occur. Nor does it offer the ability to execute network control. Finally, additional bandwidth doesn’t allow for efficient troubleshooting. When issues do occur as traffic moves across the network, having a larger ‘road’ won’t allow companies to see where, when, and why problems happen.
An alternative approach Companies need solutions that will allow them to control and guarantee the performance of key applications as they use the network. These solutions must work anytime and everywhere. This type of monitoring and controlling is known as an ‘Application Performance Guarantee’ (APG) solution. APG solutions allow companies to see how each application is using the network, where, when and why. Companies can then guarantee the performance of top, business-critical applications, optimise end-user experience, manage global network resources, and reduce costs. Returning to the previous car example, think of networks as roads. Applications are cars. An APG solution in this case might be viewed as a police officer. It can direct cars into appropriate queues. It can slow cars or speed cars depending on their priority. This allows the right vehicles to get to their destination in a timely fashion – regardless of the amount of traffic on the ‘road’. It is very much about ensuring network resources are allocated in the most efficient way possible on a daily basis. Such solutions provide guaranteed performance and full visibility. This means the impact of UC deployment can be fully understood and when implemented traffic can be intelligently routed across the network.
The power and the reality of UC To go back to the first and overarching point: UC offers benefits such as allowing offices more streamlined communications. Yet it requires large investment. Networks are not always ready. There is a need to take pre-emptive action to ensure UC works efficiently and that other applications are also protected. www.ipanematech.com
Freedom to map my backyard Could Google’s collegiate mapping tool provide a new way for individuals and organisations to improve the way their localities are presented? Jonathan Westlake finds out. Maps have always been a source of fascination for me. I will happily pore over paper or digital OS maps finding endless interest. Evidence indicates that digital maps for business and location based services are now essential in terms of providing service to customers and the growth of smartphone ownership has contributed to the prominent use of map technology. We have also seen much activity in free to use mapping facilities over the last two years with particularly Nokia and Apple springing to mind. I have used open source mapping software extensively such as Openstreetmap; however, April 2013 saw the launch of Google’s browserbased Map Maker service. It has been available for some years in the USA but has now reached the UK. I urge you to take a look as it gives the Google user the chance to change the map of their backyard. You can add/edit and review other edits and for no cost. Four types of content are allowed currently: places; roads, railways; building outlines - allowing the inclusion of 3D graphics; natural features; and political boundaries. The changes you propose are then reviewed by Google and other users before making live – a sort of moderation process. It follows that businesses for example cannot delete details of other businesses! If the moderation process does prove to work then what this tool promises is an enrichment of local maps and maintenance in a sort of collegiate way. In order to test out the tool I looked for an example in my own backyard. I noticed that the local country park where I volunteer as a ranger was not showing on Google maps. A neighbouring country park was clearly showing as a green space. I would like the same please! To rectify this situation I used the map maker tool to identify the boundaries of my park and enter details of the visitor centre telephone number and website address. This ability to refine map details with local knowledge is very powerful and can perhaps improve customer service by providing more detail about the area that a business or organisation operates in. One could argue that this is what the Internet is all about; a community service where the power is leveraged to allow the ordinary user to help map their ever changing local world. Certainly with my volunteer ranger role this service will be invaluable for footpath mapping and showing historical features which might otherwise have been missed in my local area. More commercially oriented opportunities present themselves as well to organisations trying to encourage being found. Why not take a look? References: http://www.google.com/mapmaker Video of how it works: http://www.youtube.com/ watch?v=qyXTvj-Mm9k Openstreetmap http://www.openstreetmap.org/
www.vital-mag.net | May-June 2013
The security skills gap At this crucial time for cyber security, the UK is facing a cyber security skills gap. François Gratiolet, CSO EMEA at Qualys finds out what can be done to remedy the situation.
he UK’s National Audit Office (NAO) released a report in February this year (The UK cyber security strategy: Landscape review) that concluded that a lack of skilled workers is hampering the UK’s fight against cybercrime. The European Commission digital agenda commissioner Neelie Kroes recently told delegates at CeBIT 2013 that the EU’s competitiveness is “under threat” if it cannot fill an expanding IT expertise gap.The commission’s own figures suggested that there will be 900,000 vacancies for IT-related roles by 2015.Whilst these figures do cover other IT fields than just cybersecurity, the skills gap in our industry is plainly obvious to those in the profession, and it’s felt at every level: strategic, tactical and operational. Cybersecurity does not suffer from a lack of publicity – the nature of IT security means that it is in the spotlight – the media is fascinated by crime, data breaches at large, well-known companies, and the actions of politically motivated groups such as Anonymous. It is, however, an incredibly complex field – this forces companies to compete for top talent in order to protect their corporate brands, customer data and avoid any thefts of critical intellectual properties. Finding and retaining skilled employees is a classic business issue that is not unique to cybersecurity, however, the security talent market, unlike many similar knowledge economies (eg engineering), appears to be getting increasingly competitive as time progresses as more and more companies are forced to contend with each other in order to secure the best talent that is limited.
Reasons for the skills gap There are a number of reasons behind the growing skills gap: 1. Attacks upon IT infrastructure are becoming more complex and so there is a growing demand for specialist, highly-skilled employees and there simply aren’t enough qualified candidates to fill these roles. 2. Businesses grow more dependent upon IT every day – new usages for IT arise regularly, and with each advancement the security requirements and risks are heightened for the participating businesses. 3. New security and compliance regulations further segregate skillsets and limit the amount of professionals available for a particular role. 4. New trends such as hyper-connectivity, Big Data, BYOD and mobility are increasing the amount of opportunities for hackers to gain access to key systems. In the end, I believe the biggest consequence of the above is a steady deterioration in product quality in the security sector. The number of security vulnerabilities that businesses are exposed to continues to grow dramatically, and security products can barely keep up. This ultimately results in a loss of revenues for the businesses affected.
New trends such as hyper-connectivity, Big Data, BYOD and mobility are increasing the amount of opportunities for hackers to gain access to key systems. Solutions, not problems It may be that the cure for the technology industry’s security problem is, in fact, more technology. Automation of attack prevention and detection is growing much more advanced, and we are finding that companies can protect themselves against the vast majority of attacks without the need for a specialist engineer at all. The computers will start to do a good job of protecting themselves as time progresses and the technology matures. However, automation alone is not a magic bullet. Businesses themselves must start raising awareness of good security practices within their own organisations too. Big Data projects, for example, were found to be treating security as an afterthought at this year’s CSO Interchange event in London (a troubling thought considering the level of insight into people’s lives that can be obtained via this kind of computing).
Do we really need more security officers? With the expansion of the technology sector into virtually every business, we will certainly be seeing a greater demand for skilled CSOs. However, their role will change dramatically in the next 10 years. CSOs will move away from fixing problems and start to become more business orientated, working to make sure business objectives are met, whilst keeping security in mind. Successful CSOs will also partner with business leaders in the organization, enabling them to safely and securely adopt new technology that increases productivity and business transactions. The more technically-minded security personnel will still have a place, but as part of an Infrastructure as a Service (IaaS) or othercloud based service providing organisation. Once this migration of infrastructure to the cloud is complete, cybersecurity will become more “centralised”, with one organisation looking after the security of many. This is a bright future to look forward to, despite the dire warnings of a skills gap leaving us all vulnerable. With centrally-managed infrastructure, standards of security can start to be applied across the board, improving the security of hundreds of businesses that otherwise would not be able to adequately protect themselves. With these advancements made, cybersecurity will lose its stigma as a difficult field that will leave you in a forgotten corner of an office, and take its place amongst the other highly-skilled and respected occupations that have arisen in the last 20 years – securing the security professions’ future in the process.
www.vital-mag.net | May-June 2013
The benefits of flexibility Robert Rutherford, CEO of specialist IT consultancy QuoStar Solutions, offers a short guide to becoming a flexible employer.
he decision by Yahoo! to categorically ban remote working appeared to many in the industry to be a vain attempted to swim against the tide. Flexible working is more popular than ever amongst both employers and employees.The benefits of the remote working approach are real, and proven, but as the Yahoo! example aptly demonstrated, flexible working isn’t for every business. If you’re a small business looking to embrace flexible working, there’s a two stage process that you’ll need to work through. Firstly, you’ll need to conduct a thorough check of whether it is the right move for your business, and secondly you’ll need to construct a rigorous step by step plan to put it in place effectively and safely. Here is a three step guide to checking whether flexible working is right for your company:
1 Identify what the company is hoping to achieve in areas like
communications, operations and workflows, as well as the minimum IT requirements that will be needed to support this model – it will be important to map the technology to suit the business, not the other way around.
2 Review the relationship and interactional factors. Of course, if
your employees need to meet with clients and prospects on a daily basis then home working won’t fit, but what about creativity and the flow of information. If there’s an atmosphere which feeds creativity or constantly cross-educates the workforce with up-to-the-minute information, you need to assess what effect the loss or reduction of that will have.
3 Understand what technology is going to be needed and how much it’s going to cost. A big part of what makes flexible working possible is the level of technology that allows employees to be audibly and visibly in the office whenever it is required. To achieve this set up can be expensive, and will often require a powerful and secure cloud service. If the technology isn’t in place already then setting up remote working will mean taking a short term financial hit in the hope of long term gains. Don’t harm the business If the above three stages don’t throw up any roadblocks, the next step is three vital checks to ensure that flexible working doesn’t end
up harming the business:
1 Test it: There are
Depending on the nature of the business, homeworking can, and often does, provide a number of advantages in terms of both productivity and costs.
very few systems that can’t be trialled with little or no investment. Such trials are vital to avoid the loss of thousands of pounds in working hours, but also it will allow you review how effective the system is before making any large scale commitments to the workforce.
2 Check the infrastructure: One thing that the tests won’t always highlight is how network connectivity and the working platform perform at particularly busy times or when there are unexpected outages, say of an internet connection. Ensure that the internet connection will support the solution no matter what day to day problems it may encounter. Many businesses just rely on ADSL services, but these often won’t be sufficient.
3 Review security: The threat landscape will quickly multiply once
personal devices, dual-purpose devices and multiple locations are introduced. Have an expert analyse the specific security controls that will be needed to protect against these and other threats. Depending on the nature of the business, homeworking can, and often does, provide a number of advantages in terms of both productivity and costs. In addition, a viable homeworking strategy can often provide a valuable ‘fall-back’ if employees are unable to work from the office for any reason. Every business is different, however, and each will have its own unique objectives. As such, businesses should not choose to implement a homeworking model just because it happens to be a ‘trend’ among small businesses at the moment. Equally, businesses shouldn’t ignore homeworking because Yahoo! has deemed it unsuitable for its business. Instead, businesses that take this route should do so because it is the option best suited to their par ticular needs.
www.vital-mag.net | May-June 2013
ITAL Vdigest 2013 A vendor perspective of current IT management processes
THE EUROPEAN SOFTWARE TESTING AWARDS
CELEBRATING TECHNICAL EXCELLENCE THE EUROPEAN SOFTWARE TESTING AWARDS
CELEBRATING TECHNICAL EXCELLENCE
An independent awards programme designed to celebrate and promote excellence, best practice and innovation in the software testing and QA community.
NOW RECEIVING NOMINATIONS AND IS THE EUROPEAN SOFTWARE TESTING AWARDS OPEN FOR ENTRIES IN ALL ITS CATEGORIES
CELEBRATING TECHNICAL EXCELLENCE If you would like to enter the awards please contact Jade Evans on: +44 (0) 203 668 6942 or email her at email@example.com
Contents Broad spectrum cloud offering
Leader Welcome to the VitAL Digest.
Hornbill Service Management has announced changes to its cloud-based ITSM application myservicedesk.com which is now available as three distinct options: PRO, EXPERT and DEVELOPER. Matt Bailey spoke to the company’s CEO Gerry Sweeney.
Once in a while it is highly instructive to take a fresh look at what some of the top vendors and movers and shakers in the IT and IT Service Management space are up to. It is interesting to find out what factors are influencing their products and services and what market and wider trends are moulding the way they do their business.
Covering all bases
In this VitAL Digest we hear from Hornbill’s Gerry Sweeney who explains his company’s approach to the perennially interesting subject of cloud-based service management. While FrontRange’s VP EMEA Roberto Casetta outlines his organisation’s hybrid approach with its fully integrated voice automation and client management capabilities, available both on-premise and in the cloud from a single platform.
Mobility Vs security: Getting the BYOD balance right:
Fusion Business Solutions discusses why dealing with the mobility and security implications of BYOD is a fine balancing act and one that can be made easier with the right choice of solutions; particularly as the onus for device control is shifting away from IT departments into the hands of employees. Dominic Anschutz, head of cloud services at Exponential-e investigates explains the benefits of Data centre-as-a Service. And finally David Struges demonstrates how virtual desktops are enabling companies to embrace remote working. I hope you find it useful
For a few years now it seems like the market has been clamouring for the cloud, but FrontRange VP EMEA Roberto Casetta says that often an on-premise solution is superior. FrontRange’s HEAT Service Management solution is a hybrid offering that has all bases covered.
Fusion Business Solutions discusses why dealing with the mobility and security implications of BYOD is a fine balancing act and one that can be made easier with the right choice of solutions; particularly as the onus for device control is shifting away from IT departments into the hands of employees.
Do your customers know what services you provide? Some IT organisations have established service management good practices but their customers and users often have difficulty understanding the services on offer. Shirley Lacy managing director of ConnectSphere and ConnectSphere training director Michelle Hales offer some advice.
Why the connection is king A perfect model for resource-intensive and fast-changing computing environments, such as financial services? Dominic Anschutz, head of cloud services at Exponential-e investigates Data centre-as-a Service (DaaS).
Going virtual Virtual desktops are enabling companies to embrace remote working according to David Sturges, chief executive officer of WorkPlaceLive. Matt Bailey Editor
www.vital-mag.net | May-June 2013
Broad spectrum cloud offering Hornbill Service Management has announced changes to its cloudbased ITSM application myservicedesk.com which is now available as three distinct options: PRO, EXPERT and DEVELOPER. Matt Bailey spoke to the company’s CEO Gerry Sweeney.
ornbill Service Management’s myservicedesk.com is a Software as a Service (SaaS) solution which supports ITIL best practices. Previously only available as a PRO option it is now being offered in three versions - PRO, EXPERT and DEVELOPER - to suit the varying needs of different organisations. “While the need for IT Service Management and support that meets best practice is a constant, there are variations between the needs, resources and levels of expertise in different organisations. We have a customer-first ethos at Hornbill, and as such, wanted to offer our customers a solution which is best suited to their needs. These three myservicedesk.com packages enable us to do this,” said Gerry Sweeney, Hornbill CEO. “Many of our customers tell us that being able to observe ITIL best practice is critical to their business; myservicedesk.com has support for 11 ITIL processes built in.”
Out of the box myservicedesk.com PRO, one of three SaaS options that Hornbill offers, is already one of the most cost effective enterprise level ITSM products on the market. One of the key benefits of myservicedesk. com PRO is that it can be used almost immediately ‘out of the box’, with no customisation needed. It is easy to deploy and delivers rapid value, ideal for service desks that need to get up and running quickly, and it offers an intuitive and easy to navigate interface. The application has been designed to support ITIL best practices and is highly configurable. Application upgrades and back-up are carried out automatically, enabling service desks teams to focus on their customers rather than infrastructure management. myservicedesk.com is also available as EXPERT and DEVELOPER versions, both of which offer the best practice functionality and flexibility of myservicedesk.com PRO; with the ability to tailor the product to more complex or mature business requirements. As a cloud-based solution, myservicedesk.com supports improved business resilience and customer service, allowing IT service teams to work from any location at any time. All three options support a range of functions; including incident logging and viewing incident history; change approvals and logging; and viewing and downloading operational reports.
Covering the extremes Hornbill has been delivering on-premise ITSM solutions for around 20 years, but about two and a half years ago it decided the time was right to build a cloud environment. “Our SaaS customer base has been growing steadily since we built our cloud offering,” says Sweeney. “It was important that we built a cloud infrastructure that is resilient and secure, with performance and availability being key, so we have spent a lot of time getting this right. When we went through ISO2701 certification the number of customers on-board accelerated and we expect this uptake to continue.”
Demand for cloud “A significant portion of new business coming down the pipeline is cloud-based so the demand is definitely growing.” According to Sweeney, demand is coming from across the board for cloud -initially from relatively small organisations that wanted all the functionality but only had a few users, “but now we have also seen success in large-scale organisations.” A common driver behind adoption is the ability for service desk teams to remove the hassle of infrastructure management associated with on-premise ITSM solutions, instead opting for the resilience and security delivered by our internally managed cloud platform.
Successful outcomes Hornbill is proud of its continued commitment to exceed contractual requirements when it comes to SaaS and is open and transparent about performance with its customers and in fact anyone who wants access to this information: “We have a website called trust.hornbill.net,” says Sweeney. “It is a portal for our SaaS customers that is actually open to the public. It gives full historical information on our service availability and the quality of the service we have been delivering over the full lifetime that we have been operating. We have a contractual service level agreement of 99.5 percent availability, but we measure ourselves at 99.95 percent availability and we almost always meet that. Each customer has a log-in to that area and we provide them all the real-time information about their back-ups, the size of their data, whether their data usage is increasing or decreasing, their system status and any specific notifications and all sorts of other information so they can see exactly what their systems are doing in our cloud.”
The future of SaaS “Based on our current pipeline and what we are seeing in the market in general there are clearly good opportunities for Hornbill in SaaS and I think it will continue to develop, but I can categorically say that isn’t going to be the be all and end all,” states Sweeney. “It is certainly not going to be the only solution. You could stick with on-premise or you could switch to SaaS and you will derive benefits with either option but I think that customers really want the flexibility of both.” Looking at the broader ITSM world, Sweeney sees a time when IT departments themselves are going to have to start becoming internal cloud vendors. “I don’t mean offering Dropbox as such but looking at a similar service model,” says Sweeney, “I mean thinking about what they deliver to their customers on the infrastructure that they manage, in a cloudless way, so they can identify services clearly and associate a price with them. At the moment the conversation in ITSM seems to be centred around the need for IT to demonstrate value back to the business and in the future the internal cloud and the ability to wrap a price around a service could hold one of the answers.” www.myservicedesk.com www.hornbill.com
www.vital-mag.net | May-June 2013
REAS NS TO BE
N I W
EE A FR
ll_s i b n r
How could help you: • Easy and fast to deploy • Delivers value, quickly
Definitely something to smile about!
Visit www.hornbill.com/smile to enter now.
• 11 Pink Verified ITIL processes • Peace of mind delivered by Hornbill’s highly secure and resilient cloud platform with proven availability and performance • We’re offering a subscription to myservicedesk.com PRO for your first 10 users FOR LIFE. Our QuickStart implementation package is included.
www.hornbill.com/smile For more info email: firstname.lastname@example.org
Covering all bases For a few years now it seems like the market has been clamouring for the cloud, but FrontRange VP EMEA Roberto Casetta says that often an on-premise solution is superior. FrontRange’s HEAT Service Management solution is a hybrid offering that has all bases covered.
ith its HEAT hybrid ITSM solution, FrontRange – one of the biggest names in Service Management - is attempting to bring something different to the market. According to the company HEAT delivers Service Management software with fully integrated voice automation and client management capabilities on-premise and in the cloud from a single platform, something none of the competition can currently offer. “Hybrid in my opinion is not just a matter of cost,” explains FrontRange VP EMEA Roberto Casetta. “Until a couple of years ago on-premise was fine, but then everybody got excited about the cloud; the reality is that the cloud doesn’t always save you money in the long term. It will save you money in the short term, maybe for three years, but typically the life of a Service Management system is
Our flexible approach is unique because the technology is exactly the same: the application, the user interface, the experience for the user is exactly the same whether on-premise or in the cloud.
from five to eight years, so over these sorts of timescales on-premise can be more cost effective.” Based in Milan, Northern Italy, Roberto Casetta holds a Bachelor degree in Computer Technology. He has over 20 years industry experience in software and services, both in enterprise and SMB markets, through channel sales and direct sales organisations. Having wide industry experience before joining FrontRange, he previously worked for Panda Security, MRO Software, Remedy, BMC Software, Hummingbird and Atos Origin. Casetta joined FrontRange in 2010 as director of the emerging market region covering the Nordics, Southern Europe, Benelux and the Middle East. Within one year he was promoted to EMEA Channel Director and in August 2012 he was named as vice president for EMEA. www.vital-mag.net | May-June 2013
Integration Explaining why the company has opted for a hybrid approach Casetta says, “It is a consequence of the fact that companies are now in a position where they can analyse, check and double check what is best for them moving forward. They have the flexibility to decide which the best strategy is for them. On one side the cloud is an apparently attractive solution short term, but it might not allow a group of things that are requirements from our customers, particularly in the European market for example integration with existing legacy systems, from ERP to HR and CRM.
When we talk about Service Management we are not only talking about a simple call centre or Helpdesk, we are talking about a more complex, well integrated solution that is a strategic part of the business.
“Most suppliers are either able to offer their solutions in the cloud and on premise, but not both,” says Casetta, “We like to offer our customers the opportunity to be flexible and move seamlessly from one to the other, providing exactly the same advanced ITSM technology, but with the ability to integrate end-to-end. We are always open with our customers and tell them that if they are looking to save cost in the short term the cloud is the best option, but, if they have the resources in-house, , then the on-premise option is often best. The decision will depend in large part on the maturity of the company and we put a lot of effort into understanding what the customer is looking for because Service Management can mean everything and nothing. It can be anything from a very small, basic Helpdesk solution with incident management only, up to much more sophisticated systems with change management, service request, S&A, analytics reporting, integration with mobile devices, virtualisation, release management, IT governance and so on. But the main difference between the cloud and on-premise models is a financial one rather than a technical one.”
Flexibility Flexibility is also a very important aspect of the FrontRange approach. “Behind the hybrid concept there is the opportunity to deliver a solution to the customer that is most suitable for their organisation,” says Casetta. “We might start with 20 people in the Helpdesk and in this case perhaps cloud is best, but in two years time they can extend the solution to other departments in the organisation. If they want to integrate more information into the system they can move to on-premise. Our flexible approach is unique because the technology is exactly the same: the application, the user interface, the experience for the user is exactly the same whether on-premise or in the cloud.” And the hybrid concept has switched on a light for customers according to Casetta. “It makes a lot of sense for them,” he says. “It helps them to focus on and think about their long-term strategy and we quickly realised that almost 70 percent of our customers want their solution on-premise many of which originally thought that they wanted a cloud solution.”
A strategic component of the organisation Beyond the cost arguments there are other reasons why many Service Management organisations are either sticking with or returning to on-premise. “Talking about the cloud has certainly been
www.vital-mag.net | May-June 2013
a way to open doors with the customer,” admits Casetta. “But there is still a lot of confusion. When the concept is clarified people start to worry about security and about losing control of their data. In Europe especially there is much more concern about data protection. ITSM systems and practises are much more mature than in the US and Asia, so when we are talking about Service Management we are talking about IT compliance and well defined processes and procedures. When we talk about Service Management we are not only talking about a simple call centre or Helpdesk, we are talking about a more complex, well integrated solution that is a strategic part of the business.”
More and more Service Management tools have to integrate far more than the traditional helpdesk roles. “Many tasks now involve complex processes that may include HR, logistics, purchasing and other departments as well as IT,” says Casetta. “Many of our customers are looking for this more integrated solution – the Service Catalogue concept. These days this isn’t so much a ‘nice to have’ part of the service, but a ‘must have’. And this is built in to our solutions. We are talking about processes and procedures based on a workflow engine that is the core of our application.”
Not only Service Management Adding to the importance of the flexibility in selecting the delivery model that works best for you, having a solution that offers endto-end integration capabilities that enable the standardisation of business processes across the enterprise is crucial. With this, an important aspect of HEAT is that it doesn’t just concern Service Management, it is also a client management solution. “We are not only able to detect and collect the issues or requests coming from users, part of the solution is client management, so we are able to manage and control everything that is on the network from a device perspective and understand which is hardware and which is software and then know which version of the software is installed,” says Casetta. “The HEAT application can deploy software, deploy upgrades and can even deploy new operating systems through the network – remote control that even extends past the typical desktop machines to the virtualised environment beyond.” Additionally, a simple function like fully integrated voice automation allows secure management of password issues, the most common ticket item on the Helpdesk, clearly offering savings, but the HEAT solution does a great deal more. “When HEAT receives a ticket from a user it first understands the request, then it goes through an approval process, creates a plan to fix the issue and then at the point when a typical ITSM system stops activity the system can automatically deploy a solution,” says Casetta. “It can deploy a patch or an update in a way that is immediate and completely seamless for the user. “It is a matter of really being able to provide a solution that is flexible in giving the customer choice, technologically advanced with the most extensive workflow system and offering complete end-toend voice and client management integrations delivered on a single platform from a single vendor. Now the power is in the customer’s hands,” concludes Casetta. www.frontrange.com
Getting the BYOD balance right: Mobility vs Security Fusion Business Solutions discusses why dealing with the mobility and security implications of BYOD is a fine balancing act and one that can be made easier with the right choice of solutions; particularly as the onus for device control is shifting away from IT departments into the hands of employees
YOD, ‘Bring Your Own Device’ is one of the hottest trends in IT; analyst TechMarketView claims nearly 10 million UK employees will be using personal devices in the workplace – for work purposes – by 2016. With this in mind, many businesses are not only looking to increase the mobility of their workforce with new technologies but ensure that these devices are secure. But can they really have the best of both worlds? The challenge is the BYOD movement is evolving so quickly – new solutions, security policies and changing user expectations – that many business leaders just don’t know how to approach it. However, today, there are solutions available that can ease this process, particularly as the focus and control of devices is shifting into the hands of the employee. In order to gain competitive advantage and satisfy evolving user expectations, businesses need to act now to stay on top of current BYOD trends. Get the balance between mobility and security right and businesses can reap the benefits of a more flexible, collaborative and productive workforce.
According to a survey published in 2012 by CIO magazine, more than half of companies (52 percent) plan to encourage or require employees to ‘BYOD’ in the next 12 to 18 months. The user mindset is subsequently changing. There is rising demand from millions of company employees around the world for a better, faster, less frustrating IT experience during work hours. They want the same quality experience at work that they have in their private lives. But with more flexibility in terms of IT governance and mobile device integration, comes more security and control concerns. IT organisations need to know who is accessing their email and systems but also have the ability to cut off access when devices are lost, stolen, or when employees go ‘rogue’.
Tip top solutions To meet today’s challenges, businesses need to know what’s solutions are available and where to turn for help and support. The good news is that as user expectations change and technology evolves, so are the solutions supporting these changes. New solutions, such as BMC Software’s MyIT platform, which won the 2012 Pink Elephant Innovation of the Year Award, offers the
BYOD – a new approach With the evolution of technology such as smartphones and tablets and the acceptance of remote working, the traditional desk-bound worker is becoming an archaic notion. In fact, BYOD is becoming the rule rather than the exception in today’s workplace.
Get the balance between mobility and security right and businesses can reap the benefits of a more flexible, collaborative and productive workforce.
www.vital-mag.net | May-June 2013
B US I N E S S SOLUTIONS
There is rising demand from millions of company employees around the world for a better, faster, less frustrating IT experience during work hours.They want the same quality experience at work that they have in their private lives. chance for businesses to deliver self service IT in a seamless way whilst handing over IT control to employees. MyIT is a self-service application that employees can use from virtually any connected device anywhere, anytime, for managing the IT services that they use and need. With personalised, localised control over IT services, employees will become less frustrated with their mobile working experience as they will have access to everything they need via one application. With a solution like BMC Mobile Device Management (MDM), it is possible to deliver the control a business needs to securely manage a variety of mobile devices on a corporate network throughout their entire lifecycle. Businesses gain the visibility they need to understand usage patterns and user behaviour so they can better service organisational needs. The solution reduces vulnerabilities and security threats as it can protect personal and corporate data through encryption and passcode policies. Businesses also gain the ability to remotely wipe corporate data from personal mobile devices if the data is at risk.
No matter where an employee is working – at home, in the office or on the road – with the use of the latest solutions, a range of benefits can be achieved, not least increased productivity from employees as they don’t have to be affected by frustrating IT support. Getting the balance between mobility and security right means businesses can benefit from mobile IT services that fit seamlessly into users’ lives. This in turn, leaves you with a happier, more productive and empowered workforce.
www.vital-mag.net | May-June 2013
However, the benefits of MyIT don’t stop there; they are even greater for IT staff. Placing control in the hands of the user, there are fewer first-level support requests, which instantly boosts the perception of IT services and speeds up the resolution of more complex issues. On the other hand, BMC MDM enables businesses to restrict access to authorised mobile devices and keep critical corporate data from easily walking out the door. In addition, BMC MDM keeps the workforce productive by keeping them connected with the device of their choice. In turn, this can significantly reduce the impact on the service desk and cut the costs and time spent solving simple mobile device management questions as the solution issues automated requests and enrols corporate and employeeliable devices.
Bring home the benefits
TechMarketView claims nearly 10 million UK employees will be using personal devices in the workplace – for work purposes – by 2016.
tasks. Each user can also get updates on the IT services that matter most to them, while checking on pending requests, without calling the help desk – no more back-and-forth between users and IT.
Working with the BMC MyIT platform, employees get a tailored solution and great service, anytime, anywhere and with easy access to help resources in the application, workers can keep moving on their daily
In order to remain competitive and meet growing employee expectations, firms need to stay one step ahead of the BYOD movement. They have to ensure that they have the right solutions in place not only to enable mobility but to secure it as well. However, getting the balance right between mobility and security doesn’t have to be hard, not when solutions such as BMC Software’s MyIT platform and BMC MDM are available. BYOD is here to stay and the time has come for businesses to act, to ensure they are not only enabling mobility across the workforce, but securing it in the most effective way possible to spur on a more productive, happier workforce.
Do your customers know what services you provide? Some IT organisations have established service management good practices but customers and users often have difficulty understanding the services on offer.This can also lead to issues in service delivery. Shirley Lacy - managing director of ConnectSphere, author of ITIL Service Transition and project mentor for the ITIL 2011 update - and ConnectSphere training director Michelle Hales offer some advice. any service providers use a service catalogue to help customers, users, the Service Desk, other IT staff and suppliers to understand the scope of service provision and what to expect from each service. It typically includes information about service identifier, description, deliverables, prices, contact points, service hours, service targets, ordering and request processes. If you do not have a service catalogue this is a good place to start. However it is worth understanding the principles of defining a service (see the ITIL Service Strategy publication).These principles help IT organisations to understand the importance of focusing on the business value that each service delivers. By focusing on appropriate performance metrics and service level targets the services become more meaningful to customers.
The service catalogue â€“ is it fit for purpose? If you already have a service catalogue is it fit for purpose? Many organisations find that their catalogue of services has grown over time. For example, as mobiles, cloud services and BYOD have been introduced. Many services may provide the same thing, but on different channels or platforms. The sheer quantity of unstructured service offerings and options just becomes confusing for customers and users. Many IT organisations have a technical service catalogue rather than a customer-facing service catalogue. This means that IT staff cannot see how an application or technical component supports the business and this can result in mistakes that impact service quality and business continuity.
Adopting ITIL service management best practices helps IT organisations to focus on business outcome and value of the IT services.
It is best practice to separate the customer-facing services from the supporting services that â€˜underpinâ€™ the customer-facing services as shown in Fig 1.
www.vital-mag.net | May-June 2013
How can an IT organisation better market its customer-facing services to its business? In practice it is worth offering targeted service catalogue views for different customer and stakeholder groups. It means that the language you used can be more targeted and it can help customers to understand your services better. If you think of your services as technology-enabled business services you will communicate more clearly. Think of an online web store – there are many different ways of finding and accessing a service or product and there are usually options for you to select that help to clarify the offering. Users often want access to the service request catalogue, perhaps through on online self-service portal.
Redefining the services on offer An internal IT service provider has over 1,000 services in their service catalogue that had grown over time. Many of the services provide the same thing, but on different platforms. Many services were described in technical language that the customers did not understand.
Approach There was a clear need to simplify the catalogue of services whilst maintaining the ability to track what services were delivered on which platform. A project was set up to define services in way that all stakeholders could understand. An IT architect was a member of the project.
Adopting ITIL service management best practices helps IT organisations to focus on business outcome and value of the IT services.The ITIL service strategy publication covers many principles and processes to help with marketing customer facing services. Organisations use the ITIL Service Strategy management process to set objectives and expectations of performance towards serving customers and market spaces, and to identify, select and prioritise opportunities.
The principles described in ITIL service Strategy were adopted. The steps were:
There is an opportunity with new services and user devices to communicate clearly what the service does in business terms in addition to the constraints and conditions that apply. For example services that incorporate cloud computing, mobile centric computing, BYOD.
Step 4 – Classify and visualize the service
Defining market spaces and service models A market space is defined by a set of business outcomes, which can be facilitated by a service.The opportunity to facilitate those outcomes defines a market space.The following are examples of business outcomes that can be the basis of one or more market spaces:
• Sales teams are productive using sales management cloud applications via mobiles.
• Key enterprise business applications are monitored and secure. • Online bill payment service offers more options for shoppers to pay. • Business continuity is assured. Each of the outcomes is related to one or more categories of customer assets, such as people, infrastructure, information, and can these are linked to the services and underlying service assets that make them possible. A service provider creates the conditions under which outcomes can be met through the services they deliver. A service model shows how service assets interact with customer assets to create value. It is usually a list or diagram of items that will be needed in order to be able to deliver the service.
The service portfolio The service portfolio defines all the services a service provider plans to deliver (pipeline), those currently delivered (service catalogue) and those that have been withdrawn from service (retired). The service portfolio management process helps service providers to understand the business value of an entire portfolio of services throughout their lifecycles. It enables a service provider to compare what newer services have been offered over the retired services they have replaced. It is the service portfolio management process that ensures the IT organization maintains its service definitions in a way that customers and other stakeholders can understand.
Step 1 – Define the market and identify customers Step 2 – Understand the customer Step 3 – Quantify the outcomes Step 5 – Understand the opportunities (market spaces) Step 6 – Define services based on outcomes Step 7 – Service models Step 8 – Define service units and packages. The most popular combinations were bundled together and offered as packages. The business relationship managers were trained on how to offer the new packages. An improvement plan was developed to target specific consolidation and cost saving measures.
Results The result was a new catalogue of services that clearly described which services were being offered and how they could be combined. Customers had a clear understanding of each service and the value that each service could deliver to their business. The services were consolidated from 1,000 to 50 service packages with options. Business relationship managers could select the service package and specify which platform was appropriate. The service operation team found it easier to understand the individual services that made up the package. Service level targets, service level agreements and service reports were all simplified. Over time, efficiency savings were also realised through consolidation of the services and application licences.
Conclusion Simplify the services can achieve significant cost savings. To do this successfully, an IT service provider should adopt a structured approach, as described in ITIL, and use a project to facilitate discussions between existing customers and the IT service provider.
www.connectsphere.com Call 0845 838 2345
ITIL® is a registered trade mark of the Cabinet Office www.vital-mag.net | May-June 2013
Why the connection is king A perfect model for resource-intensive and fast-changing computing environments, such as financial services? Dominic Anschutz, head of cloud services at Exponential-e investigates Data centre-as-a Service (DaaS).
ne of the newest approaches to IT in recent years is Data-as-a-Service – which refers to the delivery of on-demand Virtual Data Centres (VDC) delivered across a private network rather than the public internet. Typically these are offered on a per unit basis – be it per-CPU, per-GB of Storage etc and can be dynamically provisioned. There are many reasons for enterprises to adopt this model, but the primary one is that it allows them to ‘own’ infrastructure on an OPEX model, thus avoiding large costs upfront. Instead, enterprises have the ability to scale resources up and down and
only pay for them when they are needed. This model is perfect for resource-intensive and fast-changing computing environments, such as financial services. However, this should not be confused with Infrastructure-as-aService. The benefits of Data Centre as a Service are completely absent from IaaS facilities, where you basically have no alternative except to use the servers, networking and other hardware supplied by the IaaS provider. In addition, what separates Data Centre as a Service from other similar approaches is the fact that it is run on a private network, which delivers significant security and performance benefits. The
www.vital-mag.net | May-June 2013
V ITAL INSPIRATION FOR THE MODERN BUSINESS
Print | Digital | Online For exclusive news, features, opinion, comment, directory, digital archive and much more visit
What separates Data Centre as a Service from other similar approaches is the fact that it is run on a private network, which delivers significant security and
resources in a Data Centre as a Service scenario should be managed as an extension of internal data centre resources. The private network is the key delivery mechanism which enables this. The network is often one of the most overlooked aspects of any cloud or as-a-Service deployment, despite the fact it remains the critical backbone for delivering services. Trusting non-critical services to the vagaries of the public internet may be acceptable, but for something as critical as core data centre services a far more robust connection is necessary.
Security & performance Two of the major issues and concerns end-user organisations have when moving to the cloud are security and performance. Where data might previously have been consumed by end-users over a highly secure corporate LAN, remaining within the firewall at all times, cloud and ‘aaS’ models potentially see data traffic go over the public internet, where it is inherently less secure. That said, it is performance where this model really tends to fall down – ultimately a service is only as fast as the slowest part of the network, and by bringing ‘best-effort’ internet into the equation you are potentially introducing a major bottleneck into the network infrastructure. By removing public internet from the equation, true Data Centre as a Service delivers not only a more secure environment, but one which performs more reliably. True Data Centre as a Service makes external virtual data centres available on-demand as if they were simply additional internal resources, and for this to happen, services on the WAN must behave as if they were on the local network. Ultimately, you need a LAN that acts like a WAN. Ethernet is the perfect platform to create this environment because it allows customers to easily and quickly introduce connections to new sites and services – including Data Centre as a Service - without having to reconfigure the existing design. A private Layer-2 or Layer-3 VPLS connection will allow Data Centre as a Service offerings to be managed across the WAN as if they were local resources. Furthermore, customers can begin to look at introducing end-to-end SLAs for their Data Centre as a Service deployments. The lack of
SLAs in cloud deployments has often been a sticking point, and while cloud providers will often guarantee uptime of their services, these promises do not extend to the availability or performance of the connection into their infrastructure. With a private VPLS connection, IT departments can have dedicated bandwidth and put in place SLAs with their service provider to ensure optimal performance. The importance of private connections in Data Centre as a Service deployments is magnified by use cases such as Business Continuity / Disaster Recovery and Test and Development. Recreating the performance of the local data centre is crucial and in order to successfully test application performance the infrastructure delivering those applications must behave and perform as it would on the local network. With Data Centre as a Service delivered over a high-speed VPLS WAN, this is eminently achievable. Although most organisations are usually reluctant to invest upfront in dedicated infrastructure, if a business is reliant on remotely deployed resources, a dedicated high-performance connection to those resources is of paramount importance. Delivery over a private network is one of the best ways of allaying these fears and ensuring safe, secure resource sharing.
A viable alternative Organisations are beginning to look at whether Data Centre as a Service is a viable alternative to costly physical data centre resources. Throughout the evaluation process, the supporting network should not be overlooked, due to the central role it plays. Not only is the network the critical interface between the externally-hosted infrastructure and the local IT resources, but it is the key enabling technology that separates Data Centre as a Service from a host of other similar models. Private VPLS-based networks blur the traditional LAN-WAN cloud perimeter, and create a highly responsive and flexible environment over which the IT department can have complete control. Ultimately, cloud computing will become a permanent and major part of enterprise computing. It should not be forgotten however, that connectivity is everything in this model. www.exponential-e.com
www.vital-mag.net | May-June 2013
Going virtual Virtual desktops are enabling companies to embrace remote working according to David Sturges, chief executive officer of WorkPlaceLive.
recent study by industry analyst Gartner revealed that 84 percent of organisations have a remote workforce to some degree. Remote working is increasingly being enabled by technologies such as virtual desktop solutions which allow people to work from any location in the world and access their emails, files and desktops using any device.The attractions for businesses are two fold – greater workforce flexibility and also cost savings, with reduced investment in IT and less administration. Yet, moving to a virtual desktop infrastructure is a major consideration involving the outsourcing of data and the IT infrastructure, storage and security to a third party provider. The provider will host and manage all the IT, the data backup, disaster and recovery and help desk support - it must be a relationship of trust. This solution allows companies to safely introduce bring your own device (BYOD) to work policy. With employees often using a variety of devices including tablets, laptops and smart phones, many companies have become increasingly about data security breaches if the devices were to get lost or stolen. There have many high profile incidents of data breaches because of laptops left on trains. With a hosted desktop solution no files or data are stored on devices which lowers the security risks and with greater numbers of employees using consumer apps, they can use their own devices to access their work desktops and switch between their personal and work data easily. So how do organisations create a virtual desktop strategy without compromising security, network capacity or IT performance? One thing to stress is the importance of mapping business objectives, plus current and future remote working IT requirements from the start, before deciding on the right technology and the right provider.
Considerations when developing a VDI Strategy Some organisations are already using solutions like Dropbox to share files and enable remote working. However, as Dropbox requires people to pull down files it can be slow and there have been cases of it being hacked. Google apps are also popular, but one of the draw backs of Google apps is that people don’t know where their data is being stored. For companies to have confidence in the security of their data, they should work with an accredited cloud computing provider with a UK data centre (if operating in the UK) to ensure security is watertight. Organisations need to check for accreditations too such as ISO 9001, ISO 27001 for IT security and ISO 14001, which is focused on environmental standards.
Other questions to consider are the level of disaster and recovery needed, time scales for implementation and when it will take place and the details of the project migration plan.
Cloud computing is not going away and neither is the demand for remote working.
Organisations also need to be wary of the contracts they sign and read the small print. There have been cases of companies signing up to fixed term contracts only to have these revert back to the start date when a new user is added. Needless to say, such contracts should be avoided at all costs. One business that has reaped the benefits of remote working is Waterloo Quarter BID a business-led organisation that works with and for businesses in the Waterloo district of London. This small organisation is funded by its members and delivers a range of projects for them aimed at improving their economic performance and their physical trading environment. Waterloo Quarter embraced cloud computing five years ago when it moved to a larger office in Waterloo. It is a small business that couldn’t afford to spend time sorting out IT or employ a technical expert but the nature of its business meant that the company’s main focus had to be on delivering excellent customer service and not sorting out IT issues such as performing data back-ups or worrying about server space running out. Cloud computing is not going away and neither is the demand for remote working. With the option to save money, reduce their IT administration and offer their employees greater working flexibility– it would seem foolish not to embrace ‘the cloud’ with open arms.
www.vital-mag.net | May-June 2013
Virtual Data Centre: the blueprint for business agility
The secret of my success
Adam Paton Customer Support Manager, IDBS VitAL: Name, company and job title please? Married? Kids? Adam Paton: Adam Paton, customer support manager at IDBS. Happily married with three wonderful sons. VitAL: What got you started in IT? AP: Like a lot of people I know, it ended up being a happy accident. After graduating, a change of circumstances meant I had to make some quick decisions about my career: IT came to the rescue. I was always interested in computing and luckily for me a position came up. The rest is history. VitAL: Was there any one person or organisation that was your inspiration? AP: IDBS itself has been a huge inspiration to me. Being here for over 14 years has been an incredible experience. Having the opportunity to use my original science background and combine this with cutting-edge technology is something that many people do not get to experience. For the chance to do just that, and to explore the capabilities and potential it offers, I am very thankful. VitAL: What was your first IT job, what was your first major IT triumph? AP: My first IT job was as a data analyst for a higher education college. Seeing the variety of people applying for various courses was illuminating; it really makes you see just how many people there are looking for something! My first major IT triumph was the first successful implementation of a production enterprise data management system, whilst working as an implementation consultant for IDBS. Of course, I’ve had quite a few more since then! VitAL: Did you ever make any embarrassing mistakes? What did you learn from them? AP: Mistakes are a part of life: show me someone who won’t admit to embarrassing mistake and I’ll show you a fibber. It’s how you react to and learn from mistakes that is really the mark of a person, not just at work but in everyday life. Probably my most embarrassing mistake was running a DELETE statement on a Product Oracle database without actually adding a WHERE clause, leading in turn to the server almost crashing. Luckily Oracle’s ROLLBACK statement came to the rescue. This experience taught me to check, check and check again before making production system changes. It’s also the reason why we make sure we’re using the best tools we can to manage our services, anything that makes embarrassing incidents less common is going to be a bonus. VitAL: What do you like best about your job? AP: Customer Support is often seen as a relatively thankless task, with workers likely to encounter a lot of negativity during the day. At IDBS we are fortunate enough to work with great customers and
also be part of a fantastic organisation. Basically, every day can be different while the scope to learn and improve is fantastic. This combined with having a manager who lets me run the Support Team pretty much how I see fit, with the technology I feel will help us best, allows us to evolve rather than just stick in a rut.
There is no real secret but there are a few things that seem to help be successful.Without a doubt the most important is to have a great team and to nurture and empower them as much as possible: it may be a cliché to say no one is an island, but it’s certainly true in ITSM!
VitAL: What is your biggest ambition? AP: My biggest ambition in all honesty is to keep being progressive in terms of providing Customer Service. IDBS Support has already achieved a considerable amount in a short amount of time, yet there is always something new to do and new challenges to face. Improving efficiency, introducing new working practices and experimenting with new ideas are, however, nothing without ensuring that your customers are always getting the best possible service. This is really the industry Holy Grail and, at IDBS I really think our quest for it will be successful. VitAL: What are your hobbies or interests? AP: Besides keeping my three boys entertained, anyone who knows me would say that I have two other main interests. Firstly are motorcycles, specifically racing. During the motorcycle season I somehow manage to eke out the time to watch every single MotoGP qualifying session and race. Second is my beloved weight training. Being able to get away from the office for an hour every day to throw some heavy weights around works wonders when you usually work lodged behind a desk. VitAL: What is the secret of your success? AP: There is no real secret but there are a few things that seem to help be successful. Without a doubt the most important is to have a great team and to nurture and empower them as much as possible: it may be a cliché to say no one is an island, but it’s certainly true in ITSM! Technology is great for us all but without talented individuals at the controls all the technology in the world is good for nothing. Listening to everybody’s opinion no matter how seemingly trivial is also a must, as enforcing change without knowing all the angles only leads to failure. Finally, I would say courage. Having the confidence to go with an idea and just get it done rather than running through lots of red tape and waiting for approval can often lead to great things. VitAL: Adam Paton, thank you very much.
www.vital-mag.net | May-June 2013
26th - 27th June 2013 • National Hall Olympia, London
Dr Jeff Jaffe CEO World Wide Web Consortium
Francisco Garcia Moran Dana Deasy Director General CIO Informatics BP European Commission
Oskar Stål CTO Spotify
Eric van Miltenburg Senior Vice President YouSendIt
Jim Reavis Co-Founder and Executive Director Cloud Security Alliance
Jeff Barr Chief Evangelist Amazon Web Services
Richard Harris CIO ARM
Paul Coby IT Director John Lewis
Daniel Marion Head of IT UEFA
Tony McAlistair CTO Betfair
Sujay Jaswa VP of Business Development Dropbox
1. Over 5,000 senior IT decision makers from around the globe 2. 200 visionary speakers – gain a unique insight from industry heavyweights and hear case study examples
3. 8 theatres with 150 seminars answering all of your cloud computing questions 4. 150 global exhibitors helping you discover the latest and most innovative IT products 5. Co-located with the Big Data World Congress – leading 2 day conference