For cloud services to deliver their promised value, they must be underpinned by effective and efficient processes.

Similar documents
Q&A: The Many Aspects of Private Cloud Computing

Research. Key Issues for Software as a Service, 2009

2010 FEI Technology Study: CPM and BI Show Improvement From 2009

Cost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products

Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing

When to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud

The Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption

IT asset management (ITAM) will proliferate in midsize and large companies.

Invest in an analysis of current metrics and those missing, and develop a plan for continuous management and improvement.

Research Agenda and Key Issues for Converged Infrastructure, 2006

The Lack of a CRM Strategy Will Hinder Health Insurer Growth

The Current State of Agile Method Adoption

Private Cloud Computing: An Essential Overview

IT Operational Considerations for Cloud Computing

Key Issues for Identity and Access Management, 2008

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users

BEA Customers Should Seek Contractual Protections Before Acquisition by Oracle

Eight Critical Forces Shape Enterprise Data Center Strategies

Cloud IaaS: Service-Level Agreements

Cloud, SaaS, Hosting and Other Off-Premises Computing Models

Deliver Process-Driven Business Intelligence With a Balanced BI Platform

The What, Why and When of Cloud Computing

The Five Competencies of MRM 'Re-' Defined

Q&A: How Can ERP Recurring Costs Be Contained?

Toolkit: Reduce Dependence on Desk-Side Support Technicians

The IT Service Desk Market Is Ready for SaaS

2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities

Managing IT Risks During Cost-Cutting Periods

Iron Mountain's acquisition of Mimosa Systems addresses concerns from prospective customers who had questions about Mimosa's long-term viability.

Integrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process

Microsoft and Google Jostle Over Cloud-Based and Collaboration

Research. Mastering Master Data Management

Tactical Guideline: Minimizing Risk in Hosting Relationships

Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity

Overcoming the Gap Between Business Intelligence and Decision Support

Case Study: A K-12 Portal Project at the Miami-Dade County Public Schools

Microsoft's Cloud Vision Reaches for the Stars but Is Grounded in Reality

Government 2.0 is both citizen-driven and employee-centric, and is both transformational and evolutionary.

Real-Time Decisions Need Corporate Performance Management

Case Study: New South Wales State Department of Education Adopts Gmail for 1.2 Million Students

Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets

Embrace Virtual Assistants as Part of a Holistic Web Customer Service Strategy

Organizations Should Implement Web Application Security Scanning

Transactional HR self-service applications typically get implemented first because they typically automate manual, error-prone processes.

Cloud Decision-Making Criteria for Educational Organizations

The EA process and an ITG process should be closely linked, and both efforts should leverage the work and results of the other.

Best Practices for Confirming Software Inventories in Software Asset Management

Governance Is an Essential Building Block for Enterprise Information Management

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools

Key Issues for Data Management and Integration, 2006

Business Intelligence Platform Usage and Quality Dynamics, 2008

Now Is the Time for Security at the Application Level

Data in the Cloud: The Changing Nature of Managing Data Delivery

Use These Guidelines for Making Better CRM Consulting Provider Selections

Business Intelligence Focus Shifts From Tactical to Strategic

IT Architecture Is Not Enterprise Architecture

Document the IT Service Portfolio Before Creating the IT Service Catalog

Understanding Vulnerability Management Life Cycle Functions

CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance

What Is the Role of Quality Assurance in a SaaS Environment?

An outline of the five critical components of a CRM vision and how they contribute to an enterprise's CRM success

Gartner Clarifies the Definition of the Term 'Enterprise Architecture'

Key Issues for Business Intelligence and Performance Management Initiatives, 2008

Predicts 2008: The Market for Servers and Operating Systems Continues to Evolve

2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase

Successful EA Change Management Requires Five Key Elements

EHR Advantages and Disadvantages

How to Develop an Effective Vulnerability Management Process

Use Heterogeneous Storage Virtualization as a Bridge to the Cloud

User Survey Analysis: Usage Plans for SaaS Application Software, France, Germany and the U.K., 2009

Gartner Updates Its Definition of IT Infrastructure Utility

The Six Triggers for Using Data Center Infrastructure Management Tools

X.509 Certificate Management: Avoiding Downtime and Brand Damage

Gartner Defines Enterprise Information Architecture

How Eneco's Enterprisewide BI and Performance Management Initiative Delivered Significant Business Benefits

Cost-Cutting IT: Should You Cut Back Your Disaster Recovery Exercise Spending?

Data Center Consolidation Projects: Benefits and Pitfalls

XBRL Will Enhance Corporate Disclosure and Corporate Performance Management

The Seven Building Blocks of MDM: A Framework for Success

Organizations Must Employ Effective Data Security Strategies

Discovering the Value of Unified Communications

How BPM Can Enhance the Eight Building Blocks of CRM

Repurposing Old PCs as Thin Clients as a Way to Save Money

Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost

Consider Identity and Access Management as a Process, Not a Technology

Roundup of Business Intelligence and Information Management Research, 1Q08

2009 Gartner FEI Technology Study: XBRL in the U.S. Enterprise

Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in

The Next Generation of Functionality for Marketing Resource Management

Containers and Modules: Is This the Future of the Data Center?

Global Talent Management Isn't Just Global

Risk Intelligence: Applying KM to Information Risk Management

Case Study: Mohawk Fine Papers Uses a CSB to Ease Adoption of Cloud Computing

What to Consider When Designing Next-Generation Data Centers

Case Study: Innovation Squared: The Department for Work and Pensions Turns Innovation Into a Game

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.

Assessing the Security Risks of Cloud Computing

ERP, SCM and CRM: Suites Define the Packaged Application Market

Mainframe Modernization: When Migration Is the Answer

In the North American E-Signature Market, SaaS Offerings Are Increasingly in Demand

Transcription:

Research Publication Date: 15 October 2010 ID Number: G00208009 ITIL 'in the Cloud' George Spafford, Ed Holub The cloud-computing delivery model is generating a lot of interest from organizations wishing to effectively and efficiently scale. To achieve desired benefits and properly mitigate risks around these services, supporting processes that are properly designed and implemented are mandatory. Key Findings The ITIL provides guidance on process best practices to improve the quality of service delivery that is equally relevant to cloud services as to traditional service models. Cloud service solution design, implementation and ongoing operation must address requirements not only technically, but also from process and human perspectives. For cloud services to deliver their promised value, they must be underpinned by effective and efficient processes. To adequately support IT services that traverse the cloud and the organization overall, processes must be designed with risks and objectives in mind to avoid creating constraints. Recommendations The design and implementation of cloud services must follow the same rigor as implementing IT operations services using service management. Thus, process requirements that underpin these services must be taken into account. Processes must be optimized for the cloud based on risks and objectives. If not, the processes may create artificial constraints that limit the ability of cloud services to deliver on commitments. Enterprises should take advantage of the potential standardization of services that a cloud environment provides by standardizing the processes that enable these services. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such informatio n. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

ANALYSIS The cloud-computing delivery model is generating a lot of interest from firms wishing to take advantage of lower capital costs, greater agility, and the ability to effectively and efficiently scale services. To achieve the desired benefits and properly mitigate risks around these services, supporting processes that are properly designed and implemented are mandatory. Processes that are not designed with cloud requirements in mind could result in suboptimal outcomes. All sustainable solutions that help organizations pursue and protect goals require a blending of people, process and technology elements. The cloud is no different. IT must view cloud offerings as services, because far more than just hardware and software are required to deliver value, and, moreover, these services will be traversing corporate- and noncorporate-controlled systems. All services that IT delivers to the business must be underpinned by processes that create a reasonable assurance of predictable outcomes to both end users and business management. This is done by embedding controls that business management deems necessary to reduce residual risks to acceptable levels. These controls can be manual or automated, depending on requirements, available resources, etc. Services existing in private, public and hybrid clouds will have differing levels of risks, and thus warrant controls that are commensurate to mitigate risks to a level acceptable to business management. A critical business service on a public cloud versus on a private cloud could require different change models to be designed and implemented (for example, in change management). This dynamic view of processes that are adjusted to risk levels, and the fact that they must be tailored to the needs of the business, is just as true for cloud services as anything else. To be clear, the need for processes "in the cloud" isn't eliminated; rather, the processes underpinning the cloud services must be designed to support the cloud delivery model in an effective and efficient manner. Organizations that do not revise existing processes, such as change management, may find they are inadvertently constraining their cloud services, causing suboptimal results. Consider, for example, a needlessly stringent change model designed for a traditional data center model with discrete physical servers that slows down changes due to controls over risks associated with server provisioning that are no longer appropriate. If the risks are determined to be low, given the capabilities of the particular cloud, a new model that automates the creation, updating and closure of change records could potentially be the outcome. This would enable the speed and agility possible with the cloud, while also allowing organizations to later have the information necessary to answer the question, "What changed?" Rather than wait for services to enter production, as cloud services are planned, processes need to be designed as well. In some cases, there will be current service management processes that need to be evaluated and revised as required, such as updating incident management to reflect multisourcing. In other situations, new processes may need to be identified, designed and implemented for the first time. In either situation, the ITIL can provide reference processes that organizations can review and pragmatically adopt to better support their internal and external cloud services. Enterprises should take advantage of the potential standardization of services that a cloud environment provides by standardizing the processes that enable these services. The ITIL should be viewed as guidance, not as a standard that must be strictly adhered to in practice. Organizations need to select, design and implement processes based on need. Based on organization-specific objectives, the above processes will not have equal value. This will affect the selection and prioritization of processes, and the differing risk profiles and objectives will impact the design and implementation. Publication Date: 15 October 2010/ID Number: G00208009 Page 2 of 5

The following ITIL processes merit review by organizations seeking to better support their cloud services: Change Management Availability, integrity and security all necessitate that risks be properly managed. IT organizations need to reassess their change models to ensure they meet the new demands of the services that may be multisourced (some combination of private and public clouds). It has been argued that change management may slow up cloud work. Actually, change models can be designed to properly balance agility and risk management. For example, there may be a greater number of changes that can be categorized as "standard changes," per the ITIL, to reduce overhead and expedite implementation. If self-service provisioning will be offered, the change management process must take that into account. Service Asset and Configuration Management (SACM) When left unaddressed, complexity and coupling of configuration items in cloud services are increasing, while tolerance for delays in time to market and/or loss of availability are decreasing. The SACM process is tasked with providing timely, accurate and relevant information regarding the IT environment to the various process groups so they can make proper decisions. This includes the planning for new and changed services, as well as understanding what has changed during operational and security-related incidents. Asset management, to aid with license compliance, etc., is also critical in cloud environments. The ITIL's SACM guidance is more applicable to configuration management, whereas comprehensive IT asset management (ITAM) is another discipline. Incident Management Service impairments and outages will happen, and IT needs to work with cloud service providers, both internal and external, to establish roles and responsibilities, how data will be exchanged, escalation protocols, etc. This is even more important when the number of service providers increases the heterogeneity of the technical, process and cultural environments. Problem Management To establish root cause, workarounds and solutions, IT and the cloud service provider must work out data exchanges and how the groups will work together. As the number of vendors/cloud service providers increases, the greater the need to focus on addressing problems and not devolving into low-value blame assignment, where one blames another and nothing is solved. Release and Deployment Management (RDM) This is required to manage the creation, testing and deployment of services into production. As the number of sources of elements in each service increases, the command, control and communication requirements exponentially increase, and need RDM to properly manage risks and coordinate activities, scheduling, etc. Service Catalog Management Both the business and IT need to have effective and efficient means to order business and technical cloud services. Service catalog management could work in conjunction with request fulfillment to automate and optimize the delivery of cloud services on demand. Service-Level Management (SLM) IT and the business must negotiate service-level objectives and the required roles and responsibilities that both have. This clarifies requirements on both sides, plus provides measurable targets that can be reviewed, and when required, service improvement plans are launched. The importance of underpinning contracts that support internal SLAs are critical with external service Publication Date: 15 October 2010/ID Number: G00208009 Page 3 of 5

providers, whereas internally delivered services will be more SLA-based. Don't assume that putting a service in the cloud will inherently address reliability challenges. Capacity Management No resource is infinitely available, and certainly not in a manner that always makes business sense. Cloud business models continue to evolve and IT must be prepared to optimize utilization of resources so that costs are controlled. For example, if a usage-based cloud model has tiered pricing with commitments, then it may be financially and contractually sound to properly understand what will be required over the term of a contract. Private cloud services must be underpinned with capacity management processes to ensure that resources are available to provide adequate scalability. Event Management IT has monitored systems for decades with mixed results. With the cloud, there must be a clear understanding of what activities the provider will perform, as well as which IT group will be responsible for the cloud services. For example, the cloud provider may only monitor the platform and not details about customer service, including availability and latency. Moreover, IT needs to not only understand what to monitor, but also how to respond. Event management can help enable both effective and efficient monitoring and responses, plus provide a means to enable discussions with service providers. Service Design Life Cycle Phase While not a process per se, the service design phase does present a significant opportunity. All value and significant amounts of risks and costs are borne by the organization once a service is in production. Even in cloud environments, care must be taken to properly design the services to optimize sustainable operations. This will necessitate that development, acquisition, operations and vendor groups work together to design and deliver optimized cloud services, which will also require careful management as the number of providers increases. IT Financial Management (ITFM) Cloud services are neither infinite nor free. Organizations must budget accordingly, understand costs, and, at a minimum, understand who is consuming what resources and what value is derived. This can be done through management reports that provide transparency regarding utilization and costs, or can even be evolved to chargeback models if deemed necessary. Without ITFM discipline and controls in place, the easy scalability of cloud services may result in costs that dramatically exceed estimates and available budgets. The above list isn't exhaustive; however, we feel these processes have the most potential relevance to organizations pursuing cloud-based service deployments. Bottom Line Cloud services be they private, public or hybrid present opportunities for IT organizations to pursue. Not only must the technical side of cloud services be evaluated, planned and implemented, but so too must IT processes and the softer "people" side of the equation. Organizations should use the movement to the cloud as an opportunity to develop standardized IT operations management processes that optimize the delivery of IT services. RECOMMENDED READING "I&O Roles for Private Cloud-Computing Environments" Publication Date: 15 October 2010/ID Number: G00208009 Page 4 of 5

REGIONAL HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 U.S.A. +1 203 964 0096 European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM +44 1784 431611 Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA +61 2 9459 4600 Japan Headquarters Gartner Japan Ltd. Aobadai Hills, 6F 7-7, Aobadai, 4-chome Meguro-ku, Tokyo 153-0042 JAPAN +81 3 3481 3670 Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, 12551 9 andar World Trade Center 04578-903 São Paulo SP BRAZIL +55 11 3443 1509 Publication Date: 15 October 2010/ID Number: G00208009 Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information