The Entangled Web of a Multi-Vendor Cloud Environment Date: March 2013 Prepared by: Alex Hernandez, Senior Manager within the IT Service Excellence practice at Accenture
Copyright ÂŠ 2013 ITpreneurs. All rights reserved.
Content 1. Vendor Integration Office 2. VIO needs to be an Integral Part of the Service Management Office 3. Root Cause Analysis
White Paper ITpreneurs is pleased to share with you a deeper knowledge of various frameworks and domainsâ€”connecting their usage and application for the betterment of the IT profession. Our appreciation goes to the industry experts who generously share their invaluable knowledge and experience with us.
1. Vendor Integration Office Many large fortune 500 organizations have an established supplier procurement process that does basic contract negotiating, processing and management. However, most organizations do not have a centralized mechanism in place for carrying out the operationalization, integration, performance management and reporting of vendors in a holistic and connected manner. The advent of cloud computing will further complicate the web of vendor management by bringing additional intricacies in the vendor management process, especially in hybrid cloud environments where off-premise cloud solutions interface with critical onpremise client business processes and supporting application services. Integration will be the key attribute to implementing a successful vendor management process in a complex multi-vendor cloud environment. We are moving from the Vendor Management Office (VMO) taxonomy to a new holistic paradigm known as the Vendor Integration Office (VIO). The VIO is the future of vendor management. When the client decides to contract a cloud service provider, the client will need to consider the following six major disruptors depicted in Figure 1 as part of their overall 1 VIO strategy :
Generation of Now
VIO Disruptive Vendors
Vendor Value Chain Effects
Figure 1 - Disruptors Impact VIO
Regulatory Issues – Clients are affected by regulatory requirements and compliance issues in the areas of finance, global trade, anti-bribery and anti-corruption, privacy, security and data protection. The client really needs to ensure the cloud service provider will adhere to all security, regulatory and compliance requirements demanded by the client. In fact the client should ask the cloud service provider if they have successfully completed a SAS 70 Type II audit. SAS 70 audit is used to report on the "processing of transactions by service organizations", which can be done by completing either a Type I or a Type II audit. A SAS 70 Type I is known as "reporting on controls placed in operation", while a SAS 70 Type II is known as "reporting on controls placed in operation" and "tests of operating effectiveness". In addition, the client should see if the cloud provider has achieved certification against ISO/IEC 27001 information security management systems standard, incorporating the code of practice for information security from ISO/IEC 27002. These are good indicators that they are implementing good security practices.
Sullivan, Gayla. (2013, January 7). Agenda Overview for IT Vendor Management 2013 (ID: G00246879). Retrieved from Gartner database. 3
Generation of Now – The focus of (dynamically) providing immediate response is making organizations reconsider their vendor management practices. Speed takes priority over value, and brings inherent risks that need to be effectively managed through an effective VIO. Disruptive Vendors – Amazon, Apple and Google have become true disruptors at the consumer level; influencing specific consumer behaviors. For example, consumer-based storage options offered by Amazon could be seen as threats to IT departments and a threat to objectively sourcing and contract negotiating for the VIO. Market Consolidation – There are many vendor acquisitions and consolidations currently occurring in the industry. For example, the acquisition of Digital Fuel by VMware is a strategic play they made so they can provide an IT Financial Management SaaS platform for planning and billing. The client needs to be attuned to these acquisitions and consolidations, since it, more than likely, will impact the client by possibly eliminating the better terms and conditions that the client had negotiated prior to the acquisition or consolidation. Vendor Value Chain Effects - Many of these cloud vendors such as SaaS could have a chain of sub-suppliers, that support them, which the client has no control over; and these sub-suppliers could have an impact to the committed service level targets that have been established with the customer. Disruptive Technologies – There are many disruptive technologies such as cloud technologies, mobile technology, and software as a service (SaaS). This is resulting in a larger amount of the IT budget being spent outside the internal IT organization, further emphasizing the importance of establishing a VIO.
2. VIO needs to be an Integral Part of the Service Management Office The Vendor Integration Office (VIO) needs to be an integral part of an organization’s overall service management program by effectively integrating it with the Service Management Office (SMO). If a VIO does not already exist, establishing one (or a strategic sourcing entity at a minimum) is warranted in a cloud environment. Doing so will go a long way in managing vendor relationships and ensuring the best value from your cloud service providers. Key considerations when establishing the VIO: • Articulates and maintains an ongoing strategic sourcing and vendor management plan with respect to cost and quality measurement, integrating with the overall IT services strategy and service management program. • Needs to be at the table to sensitize and align IT strategy with corporate strategic sourcing and ensure the VIO understands what is required of each cloud service provider. • Participates in regular service quality review meetings and owns the vendor relationship. • Establishes a specific structure and staff based on the diversity of the vendor community and cloud service providers. The Service Management Office (SMO) is established to provide the appropriate governance and structure in supporting the business priorities, and the VIO will be a critical component of this operating structure. Please note that it does not have to be a large and complex governance structure and will vary based on the size of the organization. For a small organization, you will more likely have a much more streamlined and smaller group of key personnel that make up the SMO and VIO operating model, while a large organization would need to have more structure and governance due to the large number of business units, operating groups and complex multi-vendor environment. An SMO provides the necessary governance to successfully implement a sustainable service management program roadmap within the organization. A sustainable service management program requires the establishment of an integrated enterprise-wide service management system, to drive effective application of policies, processes, procedures and practices throughout the organization to improve service delivery, vendor integration and coordination to support the business and customers.
The key benefits of an integrated VIO and SMO: • Provides an overlay on the current organizational structure by providing enterprise service management governance that is sustainable and repeatable across the entire enterprise. • Provides a huge opportunity for consolidating duplicate work efforts, reducing costs and centralizing service management process execution and reporting. • Provides an integrated manner for managing a complex multi-vendor cloud environment that includes both on-premise and off-premise cloud services. • Provides an integrated manner for effectively resolving complex major incidents and problems that cross multiple technology domains in a multi-vendor cloud environment through the establishment of an elite team known as the “vendor solution integration team”. • Provides an integrated approach to continual service improvement across all business units and vendors to more effectively manage the IT Enterprise and services that impact the end customers and business units. Figure 2 Illustrates an example of a holistic integrated SMO and VIO governance structure. Chief Information Officer
Vendor Integration Office Service Strategy
Business Unit 1 Leadership Representative
Business Unit 2 Leadership Representative
Infrastructure Services Leadership Representative
Application Services Leadership Representative
Strategy Management for IT Services Service Portfolio Management Service Management Office Architect WDPRO Service Service Owners Owners
GBTS Service Service Owners Owners
DTSS Service Service Owners Owners
Availability, Capacity, Continuity, Security, SLM, & Supplier Management Processes Change, Release & Deployment, Asset & Configuration, & Knowledge Management Processes
7 Step Improvement Process
Business Relationship Management
Service Management Advisory Council
Event, Incident, Problem, Request, & Access Management Processes
Run Support Team
Run Support Team
Run Support Team
Run Support Team
Accenture Copyright ©
Figure 2 - SMO and VIO Integration
The VIO interfaces throughout the service design, service transition and service operation ITIL lifecycle stages. It is central to managing cloud providers who have a large share in executing the client’s service management processes. The VIO needs to work in an integrated manner within the SMO to effectively manage a complex cloud multi-vendor environment by: • Negotiating, evaluating, and approving provider contracts to ensure that their agreements are working in an integrated manner with other dependent supplier interfaces to support documented operational level agreements (OLAs) and ultimately the final service level agreements (SLAs) promised to the customer. • Monitoring, measuring and reporting on the performance of cloud providers in a holistic and seamless manner, which allows the organization to effectively identify performance improvement areas from an integrated service perspective versus compartmentalizing vendors into silos.
3. Root Cause Analysis A multi-vendor environment, depending on the cloud provider also introduces complexity on determining the root cause for complex problems. An organization should consider using Kepner-Tregoe, which is a useful approach for investigation and diagnosis of problems (developed by Charles Kepner and Benjamin Tregoe). In a complex cloud multi-vendor environment the client needs to clearly understand all vendors involved in their solution and how they impact one another, from a cloud provider perspective, so that effective root cause analysis can be performed. This further supports the importance of having an effective VIO that will assist in understanding the dependencies and integration points that exist between the vendors supporting the solution; and also how to effectively mobilize a tier 3 team called the “vendor integration solution team” to efficiently and effectively determine root cause for complex problems that involve numerous integration points, technologies and cloud environments. This tier 3-client team is comprised of application owners with deep knowledge across multiple technology areas and subject matter advisors from the cloud providers to provide expertise in identifying root cause for their application solution that has been moved to the cloud provider.
Conclusion Remarks There are definitely many advantages to cloud computing like providing IT with the agility to provision resources dynamically, enabling and encouraging business innovation—not simply IT innovation. Cloud computing overcomes long known IT challenges such as rigid application development, provisioning, and deployment; providing an agility that fundamentally lowers the barriers to business innovation. It will enable businesses to test new business models, new markets, new products, and new strategies. Cloud solutions provide the ability for the business to act and react quickly, ultimately differentiating the organization from its competitors. As we can see, the advantages are fantastic, but we cannot be blinded by the awe of benefits cloud computing provides. An organization needs to perform the necessary due diligence when they start building out an intricate web of integrated cloud providers in a complex multi-vendor environment. Creation and execution of a holistic VIO and SMO program is paramount to effectively and efficiently manage an integrated multi-vendor environment with a continual focus on achieving service excellence and creating desired business outcomes. If you wish to survive in this ever changing multi-vendor cloud landscape, then your organization needs to seriously consider establishing some form of a VIO approach or else your organization runs the risk becoming extinct, irrelevant and inflexible. “Not Comfortable with Cloud Computing yet? à Start with a CompTIA Cloud Essentials course”: http://www.itpreneurs.com/cloud.
About the Author Alex Hernandez is a senior manager within the IT Service Excellence practice at Accenture, whose mission is to improve client outcomes through the practice of service management. Alex has more than 20 years of professional experience in numerous high-end engagements involving business process transformations in the areas of organizational and operational transformation, ISO/IEC 20000, ISO/IEC 27001, change, business continuity, incident, problem, information security, capacity management and other service management processes. Alex currently serves as the global leader for the community of practice within the IT Service Excellence practice at Accenture. Alex is an ITIL Master and a Fellow in IT Service Management, PRISM. In addition, Alex serves as an adjunct professor at the University of Dallas, teaching service management curriculum in the graduate MBA program. Alex is a published author, publishing one of the first ISO/IEC 20000 implementation books. Most recently, he has been intensively involved as a contributor to the ITIL and Cloud international publication to be released soon, and he is the author of the ISO/IEC 20000 and ITIL practical handbook to be released in May 2013.
Acknowledgements Cloud Essentials Course is a Trademark of ITpreneurs. CompTIA® is a registered trademark, of CompTIA Properties, LLC. ITIL® is a registered trade mark of the Cabinet Office
Contacts Connie Tai Product Manager – IT Service Management – ITpreneurs Tel: +31 (0) 10 71 10 260 email@example.com ITpreneurs www.itpreneurs.com Weena 324-326 3012 NJ Rotterdam The Netherlands
Corjan Bast Product Manager – Emerging Technologies - ITpreneurs Tel: +31 (0) 10 71 10 260 Email: firstname.lastname@example.org ITpreneurs www.itpreneurs.com Weena 324-326 3012 NJ Rotterdam The Netherlands