The truth about ITIL and SaaS As the SaaS model increases in popularity, several misconceptions have arisen regarding ITIL and SaaS. This article dispels some of these rumors. By Malcolm Fry 1
2
The sky is the limit, or so the saying goes. Open skies policies have broadened the competitive landscape and consumer choices for air travel. Similarly, the Software as a Service (SaaS) model of deli vering applications increases competition among software suppliers by giving business customers more options. With the increasing availability of on-demand technologies, local managers within a company can very quickly and directly get appli - cations delivered through SaaS. But with its vast knowledge base, IT should be involved to make sure that customers get the best possible service. The flexibility of SaaS works if participants have rules to play by. Many IT organizations already have adopted best-practice processes, such as those defined in the IT Infrastructure Library (ITIL ), to manage the IT services they provide. Now those processes can provide some rules and control for managing SaaS. But with new approaches come misconceptions about technologies and best practices. The sections that follow will dispel some common misconceptions about combining SaaS and ITIL. Misconception 1: ITIL is old school. SaaS is modern. They re incompatible. During the last 20 years, SaaS has revolutionized some businesses. SaaS is more sophisticated now, but it isn t that much younger than ITIL. As today s SaaS becomes more widely used, the ITIL processes still apply. However, organizations must apply them a bit differently. To manage SaaS, the IT organization needs feedback from those using SaaS applications. In the past, IT provided the technology for the customers use, and IT recorded details about every incident, who called to report it, when they called, and what they did. With SaaS, IT doesn t always know the details. Now, business managers can easily opt for their own SaaS solutions, but IT still needs to be involved in supporting, integrating, and managing those solutions. All the basic tenets of IT service management and ITIL still exist today with SaaS. Take, for example, a SaaS consumer who repeatedly encounters a problem when using a sales force automation tool that integrates with internal systems. Each incident will be logged, and the root cause can be identified and eliminated using problem management. However, if these incidents are logged by the SaaS supplier, the IT organization will not be able to perform proactive problem management itself unless the SaaS supplier collects the correct data and makes that data available. All the basic tenets of IT service management and ITIL still exist today with SaaS, but the form of communication with the supplier is different. The compatibility of information between SaaS suppliers and consumers must be absolutely precise, so that both sides know what the other is doing. If both the IT organization and the SaaS supplier are using ITIL terminology and processes, then both 3
are speaking the same language and will better understand each other. For example, if the language and processes are compatible, then the IT service desk can share resources, data, and knowledge with the SaaS supplier. Support can be maintained regardless of where an incident originated. In other words, if the original point of contact for the consumer is the SaaS supplier, the incident can be escalated to internal support automatically and seamlessly without the need to re-enter data or other information. Conclusion: SaaS and ITIL are compatible. They go together like James Bond and fast cars. Misconception 2: ITIL doesn t matter with SaaS. Organizations that have spent years establishing ITIL processes and getting ITIL certifications probably will want to use a SaaS solution that is also ITIL focused. In particular, if you are buying a ser vice management SaaS product, ITIL certification shows commitment to the industry and commitment to the product. ITIL-compatible products are more likely to be adaptable with other products that you might use to support internal service management. Even if the SaaS supplier is not ITIL focused, your IT organization should be. For a service management tool, look for a solu tion with built-in ITIL-based best practices and an embedded cross-function process model. If the SaaS supplier is providing another type of business tool, then be sure that the supplier is prepared to work with you even if the tool and supplier are not ITIL focused. When putting together a service portfolio, clearly describe the services and the rules that must be followed. Even if the SaaS supplier is not ITIL focused, your IT organization should be. Follow good ITIL processes; you ll still need to implement changes and adhere to processes, and you ll need to make sure you impose the right regulations from your end. Conclusion: Just as it is critical for an airplane pilot to complete a checklist before takeoff, following ITIL processes is critical to success with SaaS. Misconception 3: SaaS should not affect how you manage ITIL processes. It s tempting to think that if you use SaaS, you will not need to adjust how you manage ITIL processes. But you do. For example, with SaaS, who will be in charge of the ITIL process of change management? If the SaaS supplier must make a change, how does the customer get involved in change management? In those circumstances, you can t have the same kind of change advisory board (CAB) that ITIL recommends. When incidents, problems, and changes occur to a SaaS application, IT needs to know that the SaaS supplier will resolve problems and implement changes. Ask the supplier questions such as: How do you manage your changes? How do I know your changes are going to be successful? What s the process if the change fails? How will you notify us of proposed changes? How do you manage incidents? 4
The answers to these questions will differentiate SaaS suppliers. If SaaS suppliers don t have good service management processes behind their applications, then this is cause for concern. Clear lines of responsibility and stringent controls will help you know exactly what is happening and where. Bottom line: IT is no longer the owner of changes. So, in addition to rethinking the way it handles change management with a SaaS supplier, IT might include something about change management in the service contract. Conclusion: Clarify how SaaS suppliers follow ITIL processes and how their own processes integrate with yours. You may also need to evaluate your processes to ensure they are effective in a SaaS environment. Misconception 4: ITIL gets in the way of SaaS agility. The on-demand nature of SaaS can offer tremen dous agility to IT organizations and business users, and they may not want to stifle that agility with processes such as those in ITIL. But agility without discipline is dangerous. If you make changes too quickly, without considering the ram ifi cations to your strategy, design, and operations, you might inadvertently create tremendous problems that affect service availability. The on-demand nature of SaaS can offer tremendous agility to IT organizations and business users. You can compare ITIL processes to the highperformance brakes on a sports car; those brakes give you the confidence to be more agile and take a turn at a faster speed. In many cases, having established processes will actually streamline the accomplishment of your goals. ITIL brings the discipline. It will tell you where to set your parameters, how to manage those parameters, and so on. It s about having the right agility in the right place. Controlling the agility in all directions is important. IT professionals know that doing things quickly without proper planning and without proper notification is a road to disaster. Conclusion: Following ITIL best practices actually will increase agility. Misconception 5: IT doesn t need to be involved in relationships with SaaS suppliers. In many cases, SaaS makes it easy for business users to acquire services, so it might seem that a relationship between the IT organization and the SaaS supplier is un - necessary. But your ability to maintain your ITIL processes and the likelihood that your SaaS supplier also follows ITIL processes and will deliver services as promised can benefit your organization when you have effective lines of commu nication and clear responsibilities with your SaaS suppliers. Begin building a relationship with a SaaS supplier by appointing an ITIL/SaaS coor dina tor within your organization. Then, get a contact point for ITIL from the SaaS supplier; make sure the supplier is prepared to work with you on ITIL-related matters, even if the supplier is not ITIL cer tified. Together these individuals should identify the key common ITIL components so the respective 5
organizations can produce or alter processes as appropriate. One of the biggest challenges is getting the business customers to tell you they ve purchased a SaaS product. Typically, the ITIL components will include the following management disciplines: change, incident, problem, asset, configuration, capacity, availability, and all of the service management components. To help ensure an ongoing relationship, establish regular communications between the SaaS/ ITIL counterparts. One of the biggest challenges is getting the business customers to tell you they ve purchased a SaaS product. In many organi zations, the SaaS products will need to integrate with other internal IT solutions through the existing infrastructure. There fore, business managers should be required to always consult IT before entering into contracts with SaaS suppliers. IT organizations will need to be much more vigilant about what is running on their systems and what s allowed on their systems. The op erational and transitional ITIL processes can help you determine whether activities are occurring as expected and whether you have control. In addition to the ITIL/SaaS coordinator, identi fy a sponsor within your IT organi zation. The more senior the sponsor, the more effective the overall efforts. The CIO is the ideal sponsor for this sort of project. Conclusion: As in any relationship, communi cation is key between the IT organization and the SaaS supplier especially in regard to ITIL. 5 points to consider when choosing a SaaS supplier Strategy: Follow the IT Infrastructure Library (ITIL ) guidelines for setting your strategy before selecting your Software as a Service (SaaS) supplier(s). Design: Make sure that the service catalog includes what you want, and make sure that what you get is what you really need. Calculate the capacity and availability you ll require. Transitional and operational processes: Confirm your SaaS suppliers have clearly defined operational and transitional processes to ensure that issues will be resolved as quickly as possible. Also, unless your organization uses SaaS exclusively, you must integrate SaaS with your current services and systems. Contracts: Carefully construct SaaS contracts to ensure that you have the necessary visibility, processes, and performance and establish penalties for noncompliance. ITIL focus: Look for a solution with built-in ITIL-based best practices and an embedded cross-function process model. 6
Misconception 6: Establishing penalties for nonperformance is unreasonable. With SaaS, the service measurement, service catalogs, and service portfolios recommended by ITIL are essential to ensuring that the service being pro vided to the customer meets or exceeds the level of service that the customer expects. ITIL also encourages the use of service level agreements (SLAs) to help set para meters for IT service man agement. Now, with SaaS, contracts take the place of traditional SLAs to enforce performance. Ideally, the target performance level should be 100 percent, not 99.9999 percent. Keep in mind that 99.9999 percent is the lowest possible failure rate. It s not a success rate. If the performance is not 100 percent, then clarify the penalty that the supplier will pay if performance falls below the agreed-upon service levels. The SaaS supplier should have a goal of perfect performance; a failure of cloud services can have a serious effect on an organization. Conclusion: If the supplier doesn t enable you to play, then the supplier needs to pay. Supplier management is an important component of ITIL to control both the per formance of the SaaS supplier and to ensure that the sup plier meets its contractual commitments. Contracts must include very specific para me ters, especially relating to capacity, performance, and availability. Since you don t own the software, you must provide the controls to ensure that the SaaS sup plier meets service commit ments. A key way to do that is to build penalties into the contract. A framework for flexibility SaaS offers IT organizations and business users more choices and greater flexibility when selecting applications, but agility without discipline can be a problem. And unless your organization uses SaaS exclusively, you will need to integrate old and new IT solutions. The ITIL processes you already use for managing your IT systems can provide some rules and control for also managing SaaS. Follow ITIL best practices and watch your SaaS implementation soar. 7 About the author Malcolm Fry is a recognized IT industry luminary with more than 40 years of experience in information technology. Fry is the author of many best-selling books on IT service management and has had numerous articles and papers published. He is also the solo performer in a best-selling DVD series made for the Help Desk Institute, explaining the relationship between the ITIL processes and the service desk. Fry was a member of the ITIL Advisory Group (IAG), which was responsible for overseeing the development and publishing of ITIL v3, plus he was a mentor for the ITIL Service Transition book. In 2009, Fry was awarded the coveted Ron Muns Lifetime Achievement Award for his work in the IT service management arena. Over the last few years, he has authored seven ITIL-focused booklets, of which more than 100,000 copies are now in circulation. *221315*