Share this webinar
How can you adapt ITIL to be used in Cloud Computing
Cloud computing is here and being used by organizations to allow them to be more fleet footed in time to market, and nimble in aligning to changing business needs when it comes to delivering the services to the business and its customers.
From a service management perspective it makes no difference wether the service is delivered from the “Cloud”, an in house hosted infrastructure or a combination of both. You still need a framework for managing service delivery and ensuring services.
Presentation by Brian Lenner
Principal Consultant at Navvia
(Unintelligible lead in)… It doesn’t take very long and I just want to make sure we’re all on the same page… What’s it mean to IT, how much ITIL does it need? How will the processes change, because they will change? When we’re all finished with all of that, so that we all have a good understanding of what you have to do next. What’s coming up after that? What you need to do to be prepared. So that’s what I’m going to try to cover today.
I’m a principle consultant with Navvia. I’ve got 35 years. I’ve done everything you can do on IT. So I know all the things that don’t work. Why? ‘Cause I’ve done them and they didn’t work. And then I learned how to do them better and I learned about process. I learned about how to manage these better, and that’s where I’m coming from. So I’ve done operations manager, I’ve done application development, I’ve done service desk. I’ve done 13 years of consulting, so if you do the math you’ll find I’ve done a lot of time in the real world. I’m not a professional consultant even though I’ve got 13 years in. The last 9 are for a company called Navvia. We do an IT (unintelligible) docs and strategy development, process assessment, rationalization, gap analysis, all that neat stuff….deploying services, developing customer specific training. I’m a certified ITIL trainer, in case anybody’s interested. So, this is why I think I have some value to give to you guys.
So what is cloud computing? It’s just marketing, right? Just a whole bunch of people out marketing, making a big noise about the next best thing? Well, it’s not anymore. It’s here. It’s real. It’s not going to go away. You’d better know how to deal with it.
So what is it? It’s services that are provided to users over the internet. It’s as simple as that. There’s nothing magical about it, nothing mystical about it. It’s just that rather than deploying it out of your own datacenter, you’re deploying and having direct connections to that datacenter, LANS and things like that, we’re talking about delivering it over the internet. Pay as you go. Consume what you need. Don’t consume what you don’t need…just pay as you go. To go on from there.
Now all of the new people who just came in the room, are any of you cloud service providers? You can go. We don’t need you (laughter). Nothing I say has any bearing on you. (Attendee: I don’t represent that part of the company) OK. So you’re a cloud server consumer. (Attendee: Yes). Alright, good, ‘cause this is all you cloud servers consume. I just want to make sure we’re all on the same page. This is all much like a utility, if you will. It’s more evolutionary than revolutionary, regardless of what people have told you about it. It has evolved from previous delivery models.
I’ve done cloud computing over and over and over and over again. We just didn’t call it cloud computing. We started out with “central S” computing – you’ve got the big mainframe, back in the 1970’s, 1980s…yeah, I’ve got grey hair. I’ve been there. We did time sharing, went to service bureaus…oh, hey, that’s almost cloud computing. We took our computing services and gave them to service bureau and said “do something for us”. Only we didn’t access it through the internet and it wasn’t quite easy to (shape?), to dial up or dial down capacity, but we’re getting there. We did outsourcing, we outsourced various pieces of it. We had these ASPs, Application Service Providers. We put our applications in the cloud, well not quite, but we’re getting there. We’re moving in that direction. Now we’ve got Cloud Computing. Most classic example of them is Software as a Service. I work for a company called Navvia. We have a “Software as a Service” tool we use for process management. We’ve got Platform as a Service - “I don’t want to look after all of that stuff in my datacenter. I don’t want to worry about keeping my Windows servers up on the current release. I want somebody to do that for me, thank you very much”. Platform as a Service - I’ll put my applications on it, I’ll run all my applications, I’ll develop my applications but you guys take care of everything else. And I’ll get to all of that through the internet, so I need a browser of some kind, otherwise I’m not going to do much. Or, we have Infrastructure as a Service – “I want you of take care of my hardware requirements. I don’t want to worry about anything else”.
So that’s where we’re at. And there’s benefits to cloud computing:
No capital outlay, it’s all expensed. Every year you write out an expense cheque…‘course you’ve got to go get budget. You don’t have to worry about capital expense. You don’t have to worry about writing stuff off, depreciation, which tax field it runs into or anything like that.
You pay only for what you use…if you’re smart. You will get into some of the processes which will help you be smart. But you pay for what you use. You don’t pay for what you don’t need.
You get improved time to market. Your developers are going to come in and say ‘I want to do some testing. But to do some testing I need a test area. And to have that test area I need a Windows 8 server, I need a patching server, I need X amount of storage. OK… Put a request in, you got it. 24 hours to 48 hours, it’s up and running. It’s all there. So, improved time to market. So now they can do their testing, they can get it out to market. You can get it out to market much faster. You don’t have to worry about provisioning stuff like you used to.
Access to features and capabilities outside your normal reach. “We want to try out something special. We want to put a whole bunch of stuff on Linux servers to see if that gets any better improvements for us. If there’s any application code specific to Linux we want to take advantage of that, but I don’t want to try and put Linux in my datacenter and all of my staff suddenly learn how to support the Linux operating system.” Well, I can do that with cloud computing.
Transparent Upgrades…well they’re supposed to be. Like I say, our software applications, software as a service…we do upgrades to that software as a service, you guys don’t care. We let you know it’s happening, and yeah, we may take a little window of time on a Sunday morning or Sunday afternoon. So that’s your only impact – “oh, we have to reboot something”. That’s our problem not yours. It’s all transparent to you.
Allows you to focus on the business and not the technology. It allows you to support the business, find out what the business’ needs are, satisfy those business needs and not worry about all this technology.
That’s what cloud computing is all about. That’s what the benefits are and that’s why we want it. Three things to remember please…very important things to remember. One, cloud computing will continue to grow. It may change it’s name slightly, it may have subspecies, but it’s going to grow. You’re not going to stay with a traditional datacenter where you’re managing all the equipment yourself.
Just because the application is in the cloud, doesn’t mean that IT is not accountable. We had a question earlier this morning from one of the other sessions. Somebody said “Does anybody in here use Sales Force?”...Go to salesforce.com. Well, if salesforce.com breaks, doesn’t do what you want, do you think IT is not accountable for that? The business will find a way to make it accountable. Why? Because the business did this before. Does anybody remember when PCs came out? Come on…somebody here’s got to be as old as I am. Why did PCs make such a splash in the business? ‘Cause IT was too slow. We couldn’t deliver the things the business wanted as fast as the business wanted. So they went out and listened to the sales staff and various PC organizations, the various places that wrote software and applications they run on PCs, and they bought them. And they loved it…until the first time the server overheated in the closet because there was no air. And then they went to IT and said “Help. Fix it for us”. Guess what. We’re right back there. The businesses are going to order these cloud services whether you want them or not, so you better be out in front of the cart.
The business will drive adoption as more application solutions become available. They’re not just going to wait for us. So it’s all business driven. IT has to have some accountability in here, some support in here. Great. “So because it’s all in their control, I don’t need no stinkin’ processes”… Not quite.
What’s it mean to IT? Don’t panic. There is some help here, folks. You’re not stuck out on your own. There’s an opportunity here. Everybody knows what an opportunity is, right? It’s the new word for problem (laughter). No, IT exists to support the business. It’s why we’re here, right? Does anybody disagree with that statement? There’s only one reason why IT exists…to support the business. IT has the skills and knowledge to mitigate risk to the business. The business is going out and buying an application, or wants to go out and buy an application through the internet, through it’s cloud computing. Do they understand the risk? “Hey, we bought this great application out, we put it out there, we got it on…Yahoo’s cloud. It’s wonderful. It’s terrific and then Yahoo’s cloud goes through denial of service and nobody can get to the business application. Did the business think of OT service continuity? Why? They didn’t have any equipment? That’s where we come in….where IT comes in. We know about the risks. We know about these concerns. We’ve got that knowledge and skills. IT understands the implications of moving something or everything out to the cloud. But remember, the business will drive cloud adoption. This is our opportunity.
This is where ITIL comes in and helps you. Remember that nice framework? 5 lifecycle stages – Strategy, Design, Transition, Operations and Continual Service Improvements. There’s 27 processes in ITIL. It covers everything. It’s wonderful. There’s also some sub-processes if 27 isn’t enough. There’s 470 plus terms. Common language, you all speak the same. You’ve already learned these 470 plus terms. Approximately 100 TLAs – 3-letter acronyms. Well, sometimes they’re 4-letter acronyms. I think there’s even a 5-letter acronym in there…but they’re all in there. And, there’s 4 functional areas (defaulting? Unintelligible) and of course, including 2 sub-functions. So this is where ITIL helps…or maybe not. Why did the business want cloud computing? Because IT couldn’t keep up. We couldn’t supply things fast enough. We couldn’t supply quality equipment, and when we did it was too darn expensive. So, the business wants fast. They want quick. They want cheap. Yeah, they want quality but they may not know exactly what they’re talking about to get that quality. That’s where we come in.
So, do you need all of ITIL? Do you need these 27 processes and 5 lifecycle stages? Well, I’m a consultant but I’m also an exec. It depends! Number one, are you just a broker for cloud services for you business or do also supply your own IT services to the business? Is everything done through the cloud or do you supply some of the stuff yourself for your business? Well, if you supply some of the stuff yourself, you’re going to need ITIL or some other process…and ITIL is a great framework. So you’re going to need ITIL for that. You can’t just chuck it. I also say you will need some ITIL processes for managing those cloud services. You can’t just buy them and turn your back on them.
Cloud computing is a vendor controlled service. You’re buying a service; you’re buying it from a vendor. They control it. There’re certain things they will allow you to do but generally speaking that’s more content related than anything else. If you’ve got infrastructure or platform as a service, yes, you can write all your own applications, you can put them out there, and you can start them and stop them and all that kind of stuff but you can’t play with the infrastructure. You can get more, you can get less. Your ability to directly manipulate it is limited - if you’re on an Infrastructure as a Service maybe 50%. The other 50% you can’t have any control on whatsoever. You can come down and say “I want another 300 servers, and I want them to be virtualized and I want them from Dell”. Oops… “300 virtualized OK, but you’re not going to tell us what supplier to use. We’ll use our own supplier”. You don’t have total control. SAS or PAS? Its considerably less. Software as a Service…Platform as a Service? You have less. You can’t even say what operating system you want on these servers. With Platform as a Service, they’ll sell you…that’s their offering. If it meets your needs “great”, if not “go somewhere else. I’ll live with it”.
The (Carton Availability??) typical service model won’t allow for full ITIL infused treatment. I can’t write up a change request and submit it to say “put a Linux operating platform as a service” when the service I bought was Windows platform. I can’t even go in and say “I want you to downgrade me to Windows 7, not Windows 8 server”, unless you specifically put that in your contract. You don’t have that control, so you’re stuck.
So were back to ITIL. How much ITIL do we need? Well we don’t need 5 lifecycles and 27 processes. We need to figure out what lifecycle stages we do need. We’ll have a little more strategy. From the point of view of (unintelligible) strategy, its do I rent? You know, strategy used to be buy/build and now it’s about rental.
Which processes do I need? I certainly don’t need all 27. There’s a lot of processes in there that just don’t apply to me as a cloud service consumer, but I can’t throw them all out. Some of the ones I’m going to want to have also need to change or adapt. How do we know which ones? How am I going to determine that? Which processes should I have? Should I have a change management process, as an IT brokerage for cloud services for the business? (Crowd answers: Yes) OK. You say yes. Anyone else? OK. Do we need a request fulfillment process? (Crowd: Parts of it). Yes..? I’m still not sure we need change management process, but we’ll get there. So how do you know that? How do you know how much ITIL you’re going to need?
Question your perceptions on ITIL. What is ITIL? (Answers from crowd). Framework! What’s a framework? It’s not constructed. It’s not paved in stone. It’s a collection of best practices, it’s a framework, it’s a great approach. They all tie together, they all point to each other. Who runs the ITIL police? I want to modify a change management process, and I want to get rid of authorizations. Is somebody going to lock me up, write me a ticket and have to pay money for it? No. It’s a framework. What do you do with ITIL? Do you implement ITIL? Hopefully everybody says no. I’m not even sure you adopt ITIL. I think you adapt ITIL. You take what’s there, you look at what your business and service needs are and you choose the process and the lifecycle stages you wish to be involved with, and processes and you look at it and say what can it do for me, to help me. And what parts of it are there that, quite frankly, just cause me more grief than they’re worth and you adapt it. So, question your perceptions. ITIL is a reference framework and to use these processes in a cloud environment as a consumer, you’ve got to adapt.
What’s it mean? Your direct control is limited. Why do I need a change management process to create a request for change to submit to…who? I’m going to submit my change to the platform as a server to apply an upgrade to that platform? Or, I’m going to submit my request for change to my SAS provider? What’s it going to do for me? Who’s going to authorize it? What’s the SAS provider going to do? How’s he going to schedule or evaluate? Who’s even going to listen to you? Not that you can’t give requests to change modifications to your SAS provider, but it’s not a change management process. It’s a request fulfillment, not a change management process. It’s a request fulfillment process provided you have your supplier management process to put those things ion the contract. So again, switch process. I’m not saying we don’t want to control changes, absolutely not because we do, but they’re service requests. They’re request fulfilments. I may go to service request to say I need to have this done, and you have somebody in your organization authorize that service request because there’s cost involved. “Oh, I want to (sped?) up another 15 servers”. It’s a service request not a change request but I put another authorization step in my service request to say who’s going to pay the incremental cost for this…more capacity. And, it goes off to the vendor to say “Hey, give me more servers” or goes off to whichever group if they can do it themselves…if they can self provide.
(Question/comment from an attendee: Unintelligible…)
What’s the change advisory board for? How do you (pack?) high risk? That’s how you (pack?) high risk about adding 15 more servers in a transparent department. There’s a cost implication, but I would probably say you don’t need a (kit?). Maybe you sit there and say…(Attendee: I agree with…unintelligible)…you sit there, and you request a fulfillment process and you say if this request is going to generate a cost of greater than $10,000 it must be approved by the CIO…something like that, but it is going to be a service request.
So, your existing focuses will need to refocus. Process will need to refocus. Some will gain importance and some will lose importance.
Different skill sets will be required. If I want to go out there and put more capacity on the floor, I don’t need to have somebody to identify which hardware, how big the footprint, how much electricity is it going to use, what kind of cooling do I need. I need somebody who knows really good how to negotiate a contract/. We’ve got a process for it…its supplier/manager but it’s got a different skill set from my team now. I also need somebody who can evaluate when I don’t need that capacity anymore, because I have the option of dialing it down and saving money. Before I went out and bought those 27 servers and then found out that I didn’t need half of them. Well, I could turn them off and save some electricity, but I still got the capital cost. Not very many suppliers will take them back or if they will, they won’t give you much money for them. Now I do have that, I have a different skill set required.
So how much ITIL do we need – a standard approach to this. I have identified your desired end state for Service Delivery Management. Am I going to have a hybrid group? Am I going to have my own that I control plus cloud? Am I only going to have a cloud? What do I need? What do I look like? How much do you really need in a cloud environment? How much do I have now? Do I have ITIL processes now for my current environment? Do they work? Do I want to keep them? Should I eliminate them? Do I have to modify them? How much do I have to modify them? What gaps do I have?
Identify the first step in the road to the end state. What are my quick wins? I can go out and get certain cloud services and not have to modify any processes. I might have to change the scope of change management a bit if I go and buy cloud services for some applications because there won’t be change requests to those applications…’cause they’re in the cloud. So, I’ll modify the scope on my change management process a bit. I’ll use request for the fulfillment process for anything on that side, but I have a request fulfillment process. So maybe I’ll have to write some new procedures. Where will I get the biggest payback the fastest?
Define my program, milestone and targets. What’s the first step? Which processes, to what level of detail? I’m going to tell you, if you don’t have a capacity management process you’re going to want a capacity management process. But, what level of detail do I want that capacity management process to have in it? Do I want to have the one that says produce a 5 year capacity plan? If I don’t have other requirements that I manage directly, I don’t need a 5 year capacity plan. I can get capacity on 48 hours. I need a 72 hour capacity plan, so I never run short. So again, to what level of detail? What functional units will be affected? And what’s in it for me (WIIFM), for the business and customers. If you don’t have that, the business won’t even pay attention to you. They’ll go out on their own anyway. Until that all starts to unravel and falls apart and then suddenly it will be “help me IT, fix it”. You want to be in there before then. But you got to have the WIIFM.
Execute your program and evaluate your results and ensure your benefits were achieved. We started out saying this is what I’m gonna do, this is what the quick wins are, here’s what I’m going to get, what’s in it for the business…OK, that’s executed now, let’s evaluate it. Did we do what we said? Did we go too far? Did we not quite get there? Did we get these WIIFMs? If we did, please tell the business we did.
What do we know now that we didn’t know before? I can remember way back in the good old days when you outsourced your datacenter, and you went and talked to the guys who negotiated a great contract and you go get a great price and you’re guaranteed to support everything you have today, and they kept everything running and it would be running smooth and everything was wonderful. And then, 3 months later the business grew, you acquired another arm, and you went back to this outsourcer and said “Hey, I need some more capacity. I need some more disk space storage, and I want it Level 1”. Then the service provider, the outsourcer came back and said “OK, this is how much we’re going to charge you for that extra disk”, and you’d go “but wait a minute. I’ve got 500GB of disk space now, and you charged me $1/GB. I want another 200GBs, and you want to charge me $20/GB. I don’t understand”. And the outsourcer doesn’t say “We gave you a break to get you. Now that we’ve got you we’re going to make our money back”. So what do we know now that we didn’t know before? Is this a reputable supplier? Did they do everything they said they would do? When they said they would give you capacity in 48 hours the first time we asked for capacity did they get it in 48 hours? When we negotiated to make sure that we could reduce capacity, and they said “great we’ll cut it back in 48 hours and your invoice will be adjusted”, the first time you asked them to reduce capacity did that happen? So what do we know now that we didn’t know before?
Last step of these steps. Repeat it… You’re not done and you never will be done. Go back again. What cloud services do we have? Are there any others out there that we can improve what we’re supplying now? Do we need to talk with the business and give them other options? Has the business come down and knocked on our door to say “By the way, we want this, this and this…source it for us.”? So you go back and start over.
(Question – Attendee: Real life situation…(unintelligible)…or an outsource cloud provider applied in other services and applications (unintelligible)…if a customer engaged us to say “we want your datacenter cloud services, and we want processes and tools to go along with them. We want to know what you’re doing in that area…”)
Yeah – you want you to have processes, absolutely. (Attendee: and then they finally come back, “You know what? You hold off on the cloud stuff. Tell me your process and your tools and then we’ll talk about the cloud”…)
OK, they’re doing some due diligence….and that could be a good spot for IT to help broker the business, to say “we have the experience. We know how to mitigate the risks.” We’re going to say “great idea about the cloud. It’s fast. It’s easy. It’s cheap…We won’t have the headaches. But, we’d like to talk to that cloud supplier to see what he’s doing to handle these headaches”. (Attendee: That’s the point) OK, so as a cloud supplier you need, wow do you need, processes. You need more than the original IT guy ever had. (Attendee: Yeah)
So I mentioned before, the process might change. So, how will these processes change? Service strategy, as I mentioned quickly from the beginning, changes from a build or buy “I’ve got a service out there, I’m going to design a brand new service. Do I build it or do I buy it off the shelf”, to “well maybe I just rent it”.
You’ll need to include cloud service continuity options. So as I’m making that strategy decision it’s not just OK, I’ll get it from the cloud, it’s what’s the continuity if that piece is on the cloud…(and some issues?). Do I want to source it all from the same place or do I just want to make sure that they’ve got some service continuity options, and I’m included in them.
Service portfolio management requires careful attention to maximize cloud benefits. I need to know what’s in my service portfolio. So, I need to know which of those services are the best bet eligibility for cloud services and which ones really aren’t. And, then I need to articulate very clearly to the business why this is in the cloud, and this is stuck the old way. I really shouldn’t say stuck the old way…why we’re going to handle this. What are the benefits? What are the reasons?
Service level management will need to strengthen the focus on underpinning contracts and who cares about OLA. It’s in the cloud. I don’t have an operating level management, but what I do have is an underpinning contract and I better make sure that underpinning contract is clear, has got all the support issue (unintelligible), its got recovery times, its got backup times, its got all of that capacity written into it…underpinning contract. Otherwise, I’ll never be able to do an SLA with my business customers, because I won’t know the timelines. I don’t want to sit there and say to the business “if you decide, or if you’re extending your business we can provide capacity for that extension within 48 hours” as part of my SLA for a service, if my underpinning contract doesn’t have anything about timelines for increased capacity. If the vendor has said in a sales pitch “Oh yeah, we’ll do it in 48 hours” but it’s not written in the contract, I’ve got nothing to hold the vendor to when he comes back and says… “Oh, we’ve got another client that needs capacity so it’s going to take 72”. “No, no, you said 48 its right there in the….Oh, its not there”. OK? Make sure it’s in under underpinning contracts, and it’s well written.
Supplier management is an absolutely must have process. Why? Because they’re going to do all of the contract stuff. They’re going to find the vendor and make sure the vendor is reputable and do the contract negotiations…its all got to be there. So where supplier management before was “ah, well I’ve got little requirements so…over to procurement, they’ll take care of it”. Now you’ve got to have your supplier management process as an IT service provider with your organization. No question. It’s got to be there. (Unintelligible question) Absolutely… (unintelligible)… you can’t get it rewritten. And so it takes on a lot more importance then maybe it had before.
Can anyone guess what my next process is going to be? Capacity management takes on an entirely new meaning. I don’t have a 5 year capacity plan to make sure I’m making the best (apple?) buy investments or anything like that. OK? I don’t need long term views to reduce capital costs. What I do need is controlling the quick acquisition and then releasing unused capacity. It’s easy now for people to get a lot more servers, a lot more data (??), a lot more bandwidth, add more users to the SAS application. It’s easy. It’s fast. But I better have some controls around it or cost is higher. The other side of it is I better have some way of releasing unused. With the old capacity management process, we were always trying to optimize the individual component use, optimize the overall use, make sure that we’re using everything in optimal levels for good performance…this one it’s the suppliers job to keep optimal levels and to tell me if I’m not at optimal levels and to ask me if I want to increase. My job is to say “whoa, I’m way over capacity. Let’s get some of it back so we can save some money”. So my capacity measure process has to have that kind of thing, where as today it doesn’t.
Event management has to adapt. What’s event management all about today? Monitoring my systems, looking for thresholds, having automatic scripts written so that if…something to adjust loads... All that neat stuff. Guess what? None of that works because I don’t have access to these things.
Underlying infrastructure is masked. So I’m going to be…user transaction will be the basis of monitoring. I’m going to have to put some other monitoring other than an agent on a device that looks. I don’t have that option. I also have to worry about I now need this process to generate an alert rather than the automated script or to generate an incident tick rather than an automated script. Alerts and incident generation would replace automated adjustments.
Incident management shifts from troubleshooting and implementing work-arounds to gathering information and communicating status. “Hey, I’ve got a real performance issue out there on such and such a server or such and such a service”. I’ve got to give that information to my cloud provider. I better gather the right information. I’d better have good information about it if I’m going to give it to the cloud provider. But, I don’t want a willy nilly (outboard?) capacity if that’s not the issue. I mean if it’s a problem on his end, I want to alert him I’m not happy. I’ve got an incident. And then I’ve got to have communication with that cloud provider to give back to my business side and say “Here’s what’s being done about it”, because I’m not doing it. But we’ve got a service contract out there. I’ll finish some good stuff under contract, protect my interests. But I’ve got to be good at communicating status, so I need that information.
So I’m not applying work on myself or in a lot of cases I’m applying work around myself. I’m reporting the incident to the vendor. If I haven’t outsourced my services… I mean that’s the last thing you want….oh, I shouldn’t say that…I respect...the last thing you want. If you’re using Salesforce, call that guy and if you’re in development, spitting up new servers, call that guy…No. That’s my job. Call me, call my service desk, call the business’ service desk. We’ll figure out who should be contacted. It’s just (isolation?) but I’m not planning to work on it myself.
Problem management disappears. Now I’ve got to figure out who does it. That’s why I got (???) computing. I don’t want that gig. I don’t need that problem.
No direct contact with the infrastructure or the applications. As I say, if you’ve got Software as a Server Application, if there’s something wrong with that, I don’t expect our customers to do (unintelligible)…analysis. That’s our job. I expect that information to be recorded. I’ve got to do something and then we take over….(unintelligible)…we do something about it.
A Request: Request fulfillment and supplier management replace change management. If you want to keep the standard (???) we’re OK But really when you’re doing those service requests now, because you’re doing supplier as a service, it’s the same as the business coming up to you guys with a service request and you’ve got your intake valve that says “Here’s my service requests. I want a better payroll system. I want the ability to do these tax assessments” and it’s coming to me. It’s probably coming from someone else. Those are requests and they’ve been generated for you from requests down the line and I don’t have anything to change because they’re still service requests.
(Unintelligible question from attendee…) Well it (unintelligible)… I mean yes, if a lot of people are worried about it, there’s an issue that’s firing up all over the place, is there a concerted plan? (Unintelligible back and forth with attendee) OK. The vendor will do the work if it’s in the contract. You guys won’t. The vendor will. If it’s not in the contract (unintelligible)… Supplier management will negotiate items outside the contract, if your contracts for cloud support, for cloud services. If you find out, ooh, you forgot about something the supplier management can renegotiate.
ITIL release and deployment management process basically gets replaced with the SDLC process components. I’m not doing releases if I’m doing software as a service. OK? Then I’m not doing anything. I’m not doing hardware changes. I’m not doing any software changes. If I’ve got it as a platform or as an infrastructure and I’m running my own applications on that, then yeah, I might have releases for applications. I don’t have releases for the other things. That’s the supplier’s issue not mine. That’s why I went to cloud. That’s where the speed comes from. So your release of deployment management you have to replace with the SDLC process or you have no systems lifecycle. Although I think the case being in the application lifecycle might have been (a day? Unintelligible).
So after that what’s next?
(Dialogue between Brian and attendee…unintelligible…he responds) How much do you figure you need? If you’re doing platform as a service or infrastructure as a service or software as a service how much configuration do you think you need? What’s the (unintelligible comment from attendee) yeah, maybe for a service fee or service catalogue you would absolutely. If you’ve got combined services to deliver the in-service to your business, yeah, you might get some free (??). Again, you’re going to have to evaluate each one of the one’s you have there, and say how much at this point, do you need. Do you need any? Or do I need a little? I just tried to pick sort of the big reason. To tell you the truth, I forgot about it. Well, if you’ve got service of components, yeah.
So by my watch we’ve got 2 minutes left? 3 minutes left?
So what’s next? Well governance and control. You are working with vendors now. You’ve got people supplying services to you. You’ve got processes out there to help you manage all that service delivery to you so you can make service delivery6 to your customers. You’ve got that governance in place. You have to know that the processes are being followed, the processes are being managed. There’s continued service improvement on the processes so I’ve identified any weak spots and them getting them fixed very quickly. I’m not talking about “oh, we did an unauthorized change and we had an incident and we got it fixed in 30 minutes and the customers aren’t super happy with us but we’re alive and well”. I’m talking about somebody who went and spun up $3,000/month with the servers and didn’t tell us…(Loud bang…unintelligible)…and for the next 6 months we’re paying $3,000/month for capacity I’m not using. These types of things… So compliance becomes very important. Deviation must not be allowed or all control is lost. We’ve already moved a lot of control out of your hands and into their pockets. If you don’t have goo process in place, if you don’t make sure your governance process is followed and make sure that process is reviewed, checked and updated regularly then you’ve lost any control you may have had.
Questions? Everybody OK?
Thank you very much for your time.