IT and Log Search as SaaS Gains Operators Fast, Affordable and Deep Access to System Behaviors

Transcript of a sponsored BriefingsDirect podcast on how IT and log search and analytics are helping companies and MSPs better monitor, troubleshoot, and manage their networks and applications.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: Paglo.

Automatically discover your IT data and make it accessible and useful. Get started for free.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today we present a sponsored podcast discussion on efficient ways to keep IT operations running smoothly at the scale demanded of public-facing applications and services.

We'll explore IT search and systems log management as a service. We'll examine how network management, systems analytics, and log search come together, so that IT operators can gain easy access to identify and fix problems deep inside complex distributed environments.

Here to help us better understand how systems log management and search work, and how to gain such functionality as a service, are Dr. Chris Waters, co-founder and chief technology officer at Paglo. Welcome, Chris.

Chris Waters: Hi, Dana.

Gardner: We're also joined by Jignesh Ruparel, system engineer at Infobond, a value-added reseller (VAR) in Fremont, Calif. Welcome Jignesh.

Jignesh Ruparel: Hi, Dana.

Gardner: Chris, let's start with you. How has life changed for IT operators? We have a recession. We have tight budgets. And yet, we have demands that seem to be increasing, particularly when we consider that more applications are now facing the public and are under this large Web-scale demand?

Waters: IT never stands still. There are always new technologies coming on line. Right now, we're seeing a really interesting transition, as more applications become Web-based, both Internet-oriented, Web-based applications and Web-based applications provided out of the cloud.

For an IT professional, being able to monitor the health of applications like this and the successful deployment across the local area network (LAN) and the wide area network (WAN) to their local users provides them additional dividend that hasn’t been there in the past.

Gardner: What sort of requirements have changed in terms of getting insights and access to what’s going on within these systems?

More information

Waters: There are several things. There’s just more information flowing, and more information about the IT environment. You mentioned search in your preamble. Search is a great technology for quickly drilling through a lot of noise to get to the exact piece of data that you want, as more and more data flows at you as an IT professional.

One of the other challenges is the distribution of these applications across increasingly distributed companies and applications that are now running out of remote data centers and out of the cloud as well.

Gardner: As folks start to wrap their minds around cloud computing and the benefits, there's an inherent risk in being responsible for services that you don’t necessarily have authority over. Is this something that you are finding at Paglo? Are customers interested in how to gain insight into systems beyond their immediate control?

Waters: Absolutely. When you're trying to monitor applications out of a data center, you can no

You can’t do any IT at all, if you don't start with a good inventory. And, inventory here means not just the computers connected to the network, but the structure of the network itself . . .

longer use software systems that you have installed on your local premise. You have to have something that can reach into that data center. That’s where being able to deliver your IT solution as software-as-a-service (SaaS) or a cloud-based application itself is really important.

Gardner: So, as we're looking to do IT management and network monitoring, we're interested in log management at a higher level abstraction of analytics, the same old tools don’t seems to be up to the task.

Waters: That’s exactly right. They're much more oriented towards managing LAN environments than they are to managing the evolving IT landscape.

Gardner: Furthermore, this is not just for remediation and fixing, but audit trails, making sure you know what you have under your purview and what is actually supporting business processes. You can’t fix what you don’t know that you have.

Waters: You can’t do any IT at all, if you don't start with a good inventory. And, inventory here means not just the computers connected to the network, but the structure of the network itself -- the users, the groups that they belong to, and, of course, all of the software and systems that are running on all those machines.

Gardner: Many vendors that deliver enterprise infrastructure have some very strong tools for themselves, but they don’t necessarily extend that across their competitor's environment. So, we need something that is, in a sense, above the fray.

Bringing solutions together

Waters: You've got this heterogeneity in your IT environments, where you want to bring together solutions from traditional software vendors like Microsoft and cloud providers like Amazon, with their EC2, and it allows you to run things out of the cloud, along with software from open-source providers.

All of the software in these systems and this hardware is generating completely disparate types of information. Being able to pull all that together and use an engine that can suck up all that data in there and help you quickly get to answers is really the only way to be able to have a single system that gives you visibility across every aspect of your IT environment.

Gardner: As we see more interest in SaaS applications, as we see more interest in mixing up

Nothing in this world ever gets simpler. What you're trying to find are solutions that help you capture all that noise.

sourcing options, in terms of colocation or outsourcing, cloud providers launching their own applications on someone else's infrastructure, these issues are just going to grow more complex, right?

Waters: Nothing in this world ever gets simpler. What you're trying to find are solutions that help you capture all that noise.

Gardner: Tell us a little about Paglo. What makes it different? You deliver search for log systems as a service?

Waters: That’s right. Paglo is different from other IT systems in two significant ways. The first is that at the heart of Paglo is search. Search allows us to take information from every aspect of IT, from the log files that you have mentioned, but also from information about the structure of the network, the operation of the machines on the network, information about all the users, and every aspect of IT.

We put that into a search index, and then use a familiar paradigm, just as you'd search with Google. You can search in Paglo to find information about the particular error messages, or information about particular machines, or find which machines have certain software installed on them. So, search is a way that Paglo is fundamentally different than how IT has been done in the past.

SaaS offering

The second thing unique about Paglo is that we deliver the solution as a SaaS offering. This means that you get to take advantage of our expertise in running our software on our service, and you get to leverage the power of our data centers for the storage and constant monitoring of the IT system itself.

This allows people who are responsible for networks, servers, and workstations to focus on their expertise, which is not maintaining the IT management system, but maintaining those networks, servers, and workstations.

Gardner: I suppose that puts the emphasis on the data and the information about the systems and not necessarily on agents or on-premises' appliances or systems.

Waters: Exactly.

Gardner: Tell me a little bit about how that works. It sounds a little counterintuitive, when you

That’s why we have a piece of software that sits inside the network. So, there are no special firewall holes that need to be opened or compromised in the security with that.

first think about. I’m going to manage my system through someone else's software on their cloud or their infrastructure.

Waters: The way Paglo works is that we have what we call the Paglo Crawler, which is a small piece of software that you download and install onto one server in your network. From that one server, the Paglo Crawler then discovers the structure of the rest of the network and all the other computers connected to that network. It logs onto those computers and gathers rich information about the software and operating environment.

That information is then securely sent to the Paglo data center, where it's indexed and stored on the search index. You can then log in to the Paglo service with your Web browser from anywhere in your office, from your iPhone, or from your home and gain visibility into what's happening in real time in the IT environment.

Gardner: What about security? What about risks -- the usual concerns that people have with SaaS and cloud?

Waters: There are a few aspects there. The first thing is that to do its job the Crawler needs some access to what’s going on in the network, but any credentials that you provide to the Crawler to log in never leaves the network itself. That’s why we have a piece of software that sits inside the network. So, there are no special firewall holes that need to be opened or compromised in the security with that.

There is another aspect, which is very counterintuitive, and that people don't expect when they think about SaaS. Here at Paglo, we are focused on one thing, which is securely and reliably operating the Paglo service. So, the expertise that we put into those two things is much more focused than you would expect within an IT department, where you are focused on solving many, many different challenges.

Increased reliability

Ultimately, I think what people see when they use SaaS offerings is that the reliability they get out of their software goes up dramatically, because they are no longer responsible for operating it themselves or dealing with software upgrades. There is no such thing as a software upgrade for a SaaS service. It's a transparent operation. The same applies to security as well. We are maniacally focused on making sure that Paglo and our Paglo data center are secure.

Gardner: Is this just for enterprises, small or medium-sized business, or managed service providers (MSPs)? How does this affect the various segments of the IT installed community?

Waters: We see users of Paglo across all aspects of the IT spectrum. We have a lot of users who are from small and medium-sized businesses. We also see departments within some very large enterprises, as well, using Paglo, and often that's for managing not just on-premise equipment, but also managing equipment out of their own data centers.

Paglo is ideal for managing data-center environments, because, in that case, the IT people and the hardware are already remote from each other. So, the benefits of SaaS are double there. We also see a lot of MSPs and IT consultants who use Paglo to deliver their own service to their users.

Gardner: Let's go to Jignesh. Jignesh, you have been very patient, as we learn about IT search

That would not have been possible, if there wasn't one place where we could aggregate all this information and quickly extract it, either into a reportable format or a customized format.

as a service, but tell me about Infobond. What sorts of issues were you dealing with, as you started looking for better insights into what your systems are doing?

Ruparel: As far as Infobond, we have been in business for 15 years. We have been primarily a break-fix organization, moving into managed services, monitoring services.

The first challenge in going in that direction was that we needed visibility into customer networks of the customers we service. For that we needed a tool that would be compatible with the various protocols that are out there to manage the networks -- namely SNMP, WMI, Syslog. We needed to have all of them go into a tool and be able to quickly search for various things.

To give you a very small example, recently we had some issues with virtual private network (VPN) clients for a customer who was using Paglo. We took the logs of the firewalls, plugged it into the Paglo system, and very quickly, we were able to decipher the issue that was taking place with the client that wasn't able to connect.

That would not have been possible, if there wasn't one place where we could aggregate all this information and quickly extract it, either into a reportable format or a customized format. That was the major challenge that we had.

Advanced technology

We basically looked at various solutions out there -- open source and commercial -- and we found that the technology that Paglo is using is very, very advanced. They aggregate the information and make it very easy for you to search.

You can very quickly create customized dashboards and customized reports based on that data for the end customer, thus providing more of a personal and customized approach to the monitoring for the customers. We deal in the small to mid-sized markets. So, we have varied customers -- biotech, healthcare, manufacturing, and real estate.

Gardner: Now, you've been able to use this search function for this one-off remediation and discovery types of tasks, but have you built templates or recurring searches that you use on a regular basis for ongoing maintenance and support?

Ruparel: Absolutely. Right now, we have created customized dashboards for our customers. Some of them are a common denominator to various sorts of customers. An example would be an Exchange dashboard. Customers would love to have a dashboard that they have on the screen

At the end of the day, I look at it very simply as collecting information in one place, and then being able to extract that easily for various situations and environments.

for Exchange and know what the queues that are taking places in the Exchange Server, mailbox sizes, RPC connections, the service latency, and all this kind of stuff. We have an Exchange dashboard for that, which our customers use regularly to get a status update on what's taking place with their Exchange.

We also have it for VMware. These are some things that are a common denominator to almost all customers that are moving with the technology, implementing new technologies, such as VMware, the latest Exchange versions, Linux environments for development, and Windows for their end users.

The number of pieces of software and the number of technologies that IT implements is far more than it used to be, and it’s going to get more and more complex as time progresses. With that, you need something like Paglo, where it pulls all the information in one place, and then you can create customized uses for the end customers.

At the end of the day, I look at it very simply as collecting information in one place, and then being able to extract that easily for various situations and environments.

Gardner: So, from your vantage point, going SaaS for these values is not something to consider as a risk factor, but really is an enabling technology factor?

Ruparel: Absolutely. There is always going to be that. We are at a stage where SaaS implementations are taking place at a very rapid rate, and that is the wave of the future. Why? Because, if you look at it, what would you need to set up a monitoring system that supports so many protocols in your own network it would be very expensive.

Missing pieces

Not only that, but if you were to take some other piece of software out there, install it in your network, and monitor the systems, it will not be an end-all solution. There will always be pieces missing, because each vendor is going to focus on certain aspects of the monitoring and management. What Paglo is doing is bringing all of that together by building a platform where you can do that easily.

Gardner: Let's go back to Chris. Why don’t older approaches work? Why wouldn’t an on-premise server and appliance approach offer the same sorts of benefits?

Waters: There are a couple of issues. Jignesh just touched one of them, which is particularly appropriate to MSPs. Once the people who are managing the data are remote from the systems, then where are you going to put the servers as an MSP, if you want to manage information from multiple clients?

Now you are into the business of having to build out your own data center to aggregate that information, which obviously is costly and involves a lot of effort, not to mention the ongoing effort of keeping all of that stuff alive.

Gardner: Well, we've heard this makes great sense for the MSPs, the small and medium-sized businesses, and the ecology of play there. What about the large enterprise? They almost act like

Paglo can take data from all of those different disciplines, and, as you try to solve problems or improve the monitoring or service level agreement (SLA) monitoring that you are doing on your network, within Paglo you've got one place to look.

their own MSPs. How does this fit with their legacy approach to the log data from these systems and being able to search and index it?

Waters: If you look at the IT management landscape, especially for enterprises, what you see is a highly fragmented environment, where each different IT problem has a different system or set of tools that are applied against it.

The beauty of taking search and applying that to IT and log management is that it allows us to pull together in one place data that previously would have been considered completely different disciplines. The data was previously being fed into your network monitoring software, into your IT asset inventory, or into your server management software.

Paglo can take data from all of those different disciplines, and, as you try to solve problems or improve the monitoring or service level agreement (SLA) monitoring that you are doing on your network, within Paglo you've got one place to look. You can look across servers through the network to users in a single consolidated view.

Gardner: Jignesh, back to you. You mentioned several important industry segments. A couple of them are under quite a bit of regulation. Is there something about audit trail, search, dashboards, and the SaaS approach that in some way benefits compliance and adherence?

Configuration changes

Ruparel: Absolutely. Keeping track of configuration changes on devices is important. Some of the stuff that I am mentioning may not be available at this instant on Paglo, but knowing the infrastructure as I have learned it over the last four to five months on Paglo, I'd say that building such tools is very easy.

They already have a bunch of reports on there that give you a lot of support with various compliance measures, such as HIPAA, Sarbanes-Oxley, and provide reports on that. However, there is still a little bit of work that is required to get to that stage, where the reports are directly targeted towards a particular regulation.

As far as the generic reports that deregulation would require, say audit trails on who logged in, I mentioned to you regarding the VPN issue that I faced. I generated reports on all the users who had logged in via VPN over the last month in a snap. It was very, very quick. It took me less than two minutes to get that information. Having that quick of response in getting the information you want is very, very powerful. I think Paglo does that extremely well.

Definitely there is a huge advantage of having this information collected. As far as generating reports are concerned, that is something that not only Paglo can provide support on there, but Infobond, if you are interested, can provide support on it as well.

Gardner: We've talked about some of the qualitative benefits and the benefits of SaaS, but what

You would probably need a person dedicated for approximately two to three months to get the information into the system and presentable to the point where its useful. With Paglo, I can do that within four hours.

about cost? It seems to me that the implementation cost would be lower, but how about the general operating cost, Jignesh, now that you've been using this for several months?

Ruparel: Let’s look at it from two different perspectives. If I go and set things up without Paglo, it would require me, as Chris had mentioned, to place a server at the customer site. We would have to worry about not only maintenance of the hardware, but the maintenance of the software at the customer site as well, and we would have to do all of this effort.

We would then have to make sure that our systems that those servers communicate to are also maintained and steady 24/7. We would have multiple data centers, where we can get support. In case one data center dies, we have another one that takes over. All of that infrastructure cost would be used as an MSP.

Now, if you were to look at it from a customer's perspective, it's the same situation. You have a software piece that you install on a server. You would probably need a person dedicated for approximately two to three months to get the information into the system and presentable to the point where its useful. With Paglo, I can do that within four hours.

Gardner: Can you give me any metrics of success in terms of cost? It certainly sounds compelling?

Lowest cost

Ruparel: As far as cost is concerned, right now Paglo charges a $1.00 a device. That is unheard of in the industry right now. The cheapest that I have gotten from other vendors, where you would install a big piece of hardware and the software that goes along with it, and the cost associated with that per device is approximately $4-5, and not delivering a central source of information that is accessible from anywhere.

As far as cost, infrastructure cost wise, we save a ton of money. Manpower wise, the number of hours that I have to have engineers working on it, we save tons of time. Number three, after all of that, what I pay to Paglo is still a lot less than it would cost me.

Gardner: Chris Waters, tell me a bit about the future. It seems to me that this is a paradigm shift, if I could use sort of a cliché, in terms of cloud resources, and then using the network a bit more strategically. Now that you have taken this first step with Paglo, do you have any sense of where you expect to go next?

Waters: We're riding the wave of adoption of cloud by services, and we use that ourselves. The reason we're able to offer our service so cost effectively is that we leverage a very efficient data center. The Paglo back-end is designed specifically to support many, many tens of thousands of SaaS customers. So, they get to take advantage of the infrastructure that we have been building there, and we pass those cost savings on to them.

We all know that we're riding the benefits of Moore's Law as computational power becomes cheaper and network bandwidth costs less. Those things both allow us to do with Paglo more sophisticated analysis and capture more interesting data about the IT environment.

The most recent data source that we added to Paglo was the ability to capture information about

Companies like YouTube taught us . . . that if you for a second forget about bandwidth costs and you forget about storage costs . . . you can do some really interesting things.

your logs. I would say that the log management space is still barely scratching the surface of what’s possible with logs. As companies move towards more Web-based services, there is an interesting characteristic. Web-based services generate more log data, when you contrast that with more traditional client-server based software. So the possibilities for analyzing that data and drawing conclusions from that data, and having it integrated with an overall perspective of the entire IT system is going to be a pretty cool part of Paglo's future.

Gardner: In the past, there were a number of inhibitors to where you could go with this. There was the storage cost. There was the access cost. There were simply network and bandwidth issues, and then the ability to deal with that increasing load of data. Now it sounds as if you are pretty much free to start collecting everything.

Waters: Companies like YouTube taught us, and taught everybody, that if you for a second forget about bandwidth costs and you forget about storage costs, because they are rapidly hitting towards zero, and let your imagination run wild, you can do some really interesting things. Paglo takes advantage of those insights.

Gardner: For those folks who want to learn more about this, how does one get started? Is this a long process? I think Jignesh mentions only four hours, but tell us a little bit about the ramp-up process and where you might get some more information?

Principle of transparency

Waters: One of our fundamental operating principles here at Paglo is our principle of transparency. We want to make it extremely easy for people to find out information about Paglo, try it, and buy it.

You can go to paglo.com and read a lot more about how Paglo works and see a lot of screen shots of what the Paglo experience is like. You can sign up without a human ever being involved. So from sign up, to being able to search your own IT data is simply a matter of minutes.

Gardner: Very good. We've been learning quite a bit about the opportunity to do IT search and log search and management as a service. This gets to the heart of network management and analytics, and appears to be a value for MSPs, SMBs, and enterprises.

Here helping us discuss how we scale IT operations to the demands of the Web more smoothly and apparently at quite a bit of less cost, we have been joined by Dr. Chris Waters, co-founder and CTO of Paglo. Thanks for joining, Chris.

Waters: Thanks.

Gardner: We have also been joined by Jignesh Ruparel, system engineer at Infobond. Thanks so much, Jignesh.

Ruparel: Thank you Dana.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a sponsored BriefingsDirect podcast. Thanks for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: Paglo.

Automatically discover your IT data and make it accessible and useful. Get started for free.

Transcript of a sponsored BriefingsDirect podcast on how IT and log search and analytics are helping companies and MSPs better monitor, troubleshoot, and manage their networks and applications. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

ITIL 3 Leads Way in Helping IT Transform Via the 'Reset Economy' into Mature Business Units

Transcript of a sponsored BriefingsDirect podcast on the latest version of ITIL, and how it helps IT organizations transform how they operate as business units.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: Hewlett Packard.

Free Offer: Get a complimentary copy of the new book Cloud Computing For Dummies courtesy of Hewlett-Packard at www.hp.com/go/cloudpodcastoffer.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you're listening to BriefingsDirect.

Today, we present a sponsored podcast discussion on how to better understand the standards and methods around ITIL Version 3, Prescriptions and Guidelines. We'll unlock the secrets behind ITIL Version 3, and debunk some common misunderstandings about ITIL and how it can be best used.

We're joined by three experts on ITIL, and they are folks who have been instrumental in ITIL development. They'll help us look into ways that IT leaders can leverage IT Service Management (ITSM) for better efficiency, operational accountability and how to keep the IT trains running on time and also at the lowest possible total costs.

Please join me in welcoming David Cannon. He's the co-author of the Service Operation Book for the latest version of ITIL, and an ITSM practice principal at Hewlett-Packard (HP). Welcome David.

David Cannon: Hi, Dana. Thanks very much.

Gardner: We’re also joined by Stuart Rance, service management expert at HP, as well as co-author of ITIL Version 3 Glossary, and of numerous other service management pocket guides. Welcome, Stuart.

Stuart Rance: Hello. Thank you.

Gardner: Also joining us is, Ashley Hanna, business development manager at HP and a co-author of ITIL Version 3 Glossary, and other industry best practices. Welcome, Ashley.

Ashley Hanna: Hello. Thank you.

Gardner: Let me direct my first question to David Cannon. Tell us a little bit about why the need for ITSM is a bit more acute nowadays. What do a tough economy and lean budgets mean in terms of how ITIL can be of benefit?

Cannon: That's a very interesting question. The first thing that comes to mind, whenever we think about that, is that IT needs to save costs. In fact, the business puts a lot of pressure on IT to bring their costs down. But, in this economy, what we're seeing is that IT plays a way more important role than simply saving money.

Business has to change the way in which it works. It has to come up with different services. The business has to reduce its cost. It has to find better ways of doing business. It has to consolidate services. In every single one of those decisions, IT is going to play an instrumental role. The way in which the business moves itself towards the current economy has to be supported by the way in which IT works.

Now, if there is no linkage between the business and the way in which IT is managed, then it's going to be really, really difficult for the business to get that kind of value out of IT. So, ITSM provides a way in which IT and the business can communicate and design new ways of doing business in the current economy.

Gardner: Some of the popular business press released here in the United States has been calling the recession a "reset" and saying that "business as usual" is really not going to fly. Is ITIL something that can help with that, both at the IT level and the business level with this notion of a reset, David?

Changing operating models

Cannon: Yes, it is. That's not to say that, in every single case, IT is going to drive these changes to the business. What we're seeing in the reset is that businesses have to change their operating models.

Part of an operating model within any business is their IT environments and the way in which IT works and is integrated into the business processes and services. So, when we talk about a reset, what we're really talking about is just a re-gearing of the operating models in the business, and that includes IT.

The way in which IT works and the processes that you read about in ITIL Version 3, for example,

What I've seen recently is that organizations that have already achieved a level of ITSM maturity are really building on that now to improve their efficiency, their effectiveness, and their cost-effectiveness.

are increasingly being used in the business environment to create new services or different ways to manage their existing operational environments.

Gardner: I wonder if any of our speakers thinks that the economy has, in fact, provided an impetus or catalyst to embrace ITIL, whether it's in its versions, 1, 2 or 3. Is it possible that there has been a silver lining to this dark economic cloud?

Rance: That's a really interesting question. What I've seen recently is that organizations that have already achieved a level of ITSM maturity are really building on that now to improve their efficiency, their effectiveness, and their cost-effectiveness.

Maybe a year or two years ago, other organizations that were less mature and a bit less effective were managing to keep up, because things weren't so tight and there was plenty of fat left. What I'm seeing now is that those organizations that implemented ITSM are getting further and further ahead of their competition.

For organizations that are not managing their IT services effectively towards the end of the slump it's going to be really difficult. Some organizations will start to grow fast and pick up business, and they are going to carry on shrinking.

Gardner: Thank you, Stuart. Ashley, do you have anything further to offer?

Hanna: I think, as well, that if ITIL has been implemented correctly, then it is not an overhead. As times get tough, it's not something you turn off. It becomes part of what you do day-to-day, and you gain those improvements and efficiencies over time. You don't need to stop doing it. In fact, it's just part of what you do.

Gardner: For those of our listeners who might not be too deeply aware and have the background for ITIL, let's give them a quick primer. David, help me understand a little bit about the context of ITIL and where it fits in now.

Helping operations managers

Cannon: ITIL was initially created within the UK government to help operations managers within IT manage that environment a lot better. As the industry progressed, and as we became more mature about the way in which we managed IT, it became very clear that what we were really doing was not simply managing a set of infrastructure components and applications. What we were really doing was delivering a set of services to the business.

As that matured, we began to realize that we're not simply providing a set of outputs to the business and then forgetting about what the business does with them, and, as long as we produce the outputs, we've done our job. We began to realize that this approach wasn't good enough. What we had to do was focus on not only what we delivered to the business, but also what the business did with those services. So, we are focused more on the business outcomes.

In the current environment and in the current version of ITIL, we're looking at not only how IT manages itself, but how IT provides service to the business, and also how the business generates value based on the services that they use from IT. That's where the industry is right now.

And, just to stress, ITIL didn't invent the stuff. ITIL is not a theoretical approach that came out of the minds of a few academic individuals. It really is based on what companies have been doing over the past 20 years. So, when you read ITIL, everything you see in those books is something that has been done by a company somewhere, and it has worked.

What you have there is a set of recipes, which really talk about how I, as an IT professional, can play a strategic role within the business, and how I can help to measure my contribution of value within the business organization. That's really where we are within ITIL right now.

Gardner: Stuart or Ashley, do you have anything further to offer on a level set on ITIL nowadays?

Rance: I've got a lot that I'd like to say about value, but I'll hold off on that for now. I'd like to talk about what service management is from a more operational viewpoint, because a lot of people don't really get what we're talking about, when we talk about service management.

The point is that there are lots of different service providers out there offering services. Everybody has some kind of competition, whether it's internal, a sort of outsourcing, or alternate ways of providing service.

All of those service providers have access to the same sorts of resources. They can all buy the same servers, network components, and software licenses, and they can all build data centers of the same standards. So, the difference between service providers isn't in those resources they bring to bear. They are all the same.

Service management is the capabilities a service provider brings in order to deploy, control, and manage those resources to create some value for their customers. It includes things about all of your processes for managing changes, incidents, or the organizational designs and their roles and responsibilities, and lots of different things that you develop over time as an organization, it's how you create value from your resources and distinguish yourself from alternate service providers.

Gardner: Is there anything from you, Ashley?

Focusing on outcomes

Hanna: I'm just reflecting on what both have said. We've gone from managing technology processes, which was certainly an improvement, to managing end-to-end IT service and its lifecycle and focusing on the business outcome.

It's not just which technology we are supporting and what silos we might be in. We need to worry about what the outcome is on the business? The starting point should be the outcome and everything we do should be designed to achieve what's wanted.

Gardner: David, it certainly seems to me that the progression of IT is toward the delivery of processes, rather than technology sets. The feature function abstraction is perhaps elevated, particularly now, when we think about cloud services and a variety of different sourcing options. That seems to me to dovetail very well with the fact that we're changing the way that IT operates at precisely the same time as the way that IT is consumed is changing. Does that sound fair?

Cannon: Yes, it does sound fair. I think in terms of initiatives or movements like cloud, or should I say trends, what you're seeing is a focus on exactly what it is that I get out of IT, as opposed to a focus from the business on the internal workings of IT.

What you've seen historically is that the business has traditionally been very concerned about the internal workings of IT. They're very concerned about mitigating risk and very concerned about making sure that we're running in a cost-optimal way. What things like cloud tend to do is to provide business with a way of relating to IT as a set of services, without needing to worry about what's going on underneath the surface.

However, I need to point out that, even within a cloud environment, where you have a cloud-service provider, that service provider still has to worry about the processes.

So, business is going to look for clear solutions that meet their needs and can change with their needs in very short times.

They have to worry about managing the technology. These issues don't go away. It really is just a different way of dealing with the sourcing and resourcing of how you provide services.

Gardner: So, I suppose the point is that ITSM, how you run your IT department and how you provide for your users and their perceptions of IT as a business partner, is being elevated by some of these other trends in the sourcing environment?

Cannon: Yes, and what we're seeing is just the need for business to be able to react quickly and the need for them to be able to be very flexible within a rapidly changing volatile economy. So, business is going to look for clear solutions that meet their needs and can change with their needs in very short times.

Gardner: Ashley, let's go to you now about some of the myths or misunderstandings around ITIL -- what needs to be debunked or what lets people stray in understanding ITIL and how they could avail themselves of it?

Responding to change

Hanna: A lot of the issues are based on the fact that something has changed. We all know and love ITIL Version 2, and have a certain image of that in our minds -- and we all respond differently to change.

An issue that comes up quite a lot is that ITIL Version 3 appears to have gotten much bigger and more complex. Some people look at it and wonder where the old service delivery and service support areas have gone, and they've taken surprise by the size of V3 and the number of core books.

There is new content in Version 3, but actually Version 2 was pretty big, if you looked at the complete set of publications that came out. This view of it being small and self-contained was reinforced by what we were taught, when we studied Version 2.

The highest level of certification then was the Managers certificate and exam.

. . . these changes are long awaited and they're very useful additions to ITIL . .

This concentrated just on service delivery and service support. Yet, there were at least five other significant areas. Publications that came out from those other areas, such as business perspective and planning to implement, didn't get the same kind of attention.

When Version 3 came out, it launched with a much bigger perspective right from the beginning. Instead of having just two things to focus on, there are five core books. I think that has made it look much bigger and more complex than Version 2.

It is true that if you go through education, you do need to get your head around the new service life-cycle concept and the concept called "business outcomes", as we've already mentioned. And, you need to have an appreciation of what's unique to the five core books. But, these changes are long awaited and they're very useful additions to ITIL, and complementary to what we've already learned before.

Gardner: Stuart, just for the edification of our audience, what general characteristics would you apply to Version 2 and then Version 3, and what generally distinguishes them?

Better and cheaper

Rance: Version 2 was very much about how the IT service provider could do what it does effectively, efficiently, and cost effectively. All of the Version 2 processes led to ways that the service provider could deliver what they did better and cheaper. What it didn't really look to was the value of what they were doing, and were they doing the right things?

I'll give you a simple example. Version 2, in financial management, talked very much about what sort of cost units you should be looking at, how you should be calculating things, how you should be doing your accounting.

Version 3 includes that, but it includes it in quite a small part of the book in a couple of sentences that basically say your accountants will tell you how to do that. If you look at financial management in ITIL Version 3, it says you really have to understand the cost of supplying each service that you supply and you have to understand the value that each of those services delivers to your customers.

Now, that's a very simple concept. If you think of it in a broader context, you can't imagine, say, a car manufacturer who didn't know the cost of producing a car or the value of that car in the market. But, huge numbers of IT service providers really don't understand the cost of using its service and the value of that service in the market.

ITIL V3 very much focuses on that sort of idea -- really understanding what we are doing in terms of value and in terms of cost-effectiveness of that level, rather than that procedural level.

Gardner: Going to you David, is there something about ITIL and the confusion that might exist in some quarters around this notion of financial management? Where do you see this financial management aspect of ITIL and is that something that people need to better get their heads around?

Cannon: Financial management really hasn't changed in the essence of what it is. Financial management is a set of very well defined disciplines.

ITIL V3 very much focuses on that sort of idea -- really understanding what we are doing in terms of value and in terms of cost-effectiveness of that level, rather than that procedural level.

There are well-established procedures and practices. When applied within IT, financial management really starts to answer some very specific questions.

In Version 3, the nature of those questions changes. For example, in Version 2, we talk about how to account for the cost of providing IT services and how to track your assets, for example. It's very much a cost-based model of financial management.

Within Version 3, the financial management questions become more strategic. How do we calculate value? How do we align the cost of a service with the actual outcome that the business is trying to achieve? How do we account for changing finances over time?

For example, if we invest a certain amount of money this year, what is the relative value of that investment going to be in 5 or 10 years time? How do I align financial decisions that I make with the portfolio of services that I deliver? How can I track the investment in IT throughout the life-cycle of the services that I am providing?

Questions have changed

So, the questions that we ask in financial management within ITIL have changed significantly, but the underlying core procedures and practices are still the standard financial practices that exist within any organization.

Gardner: As we progress from applying financial management to systems, and then now to processes, it sounds as if we're starting to talk more the talk of the business side of the house. Business probably wants to understand the true cost of processes.

My question then is, do the folks on the business side of the house need to know anything about ITIL, or do they simply need to know what the fruits of ITIL are? Let me throw that out to Stuart.

Rance: Something that David said earlier, which I have also come across, is that a lot of businesses are in the service business themselves. It might not be IT service, but many of the customers we're dealing with are in some kind of service business, whether it's a logistics business or a transport business. Even a retailer is in the service businesses, and they provide goods as well.

In order to run any kind of a service you need to have service management. You need to manage your incidents, problems, changes, finances, and all those other things. What I'm starting to see is that things that started within the IT organization -- incident management, problem management and change management -- some of my better customers are now starting to pick up within their business operations.

They're doing something very much like ITIL incident management, ITIL change management, or ITIL problem management within the business of delivering the service to their customers.

. . . if you're running yourself as a business, you need to understand the business or businesses you serve, and you need to behave in the same way.

That completely gives you an end-to-end value chain, where the incident management, problem management, and change management you're doing within IT is simply a subset of your overall business incident management, problem management and change management. And, I could have listed all the other processes as well.

Gardner: It sounds as if we're moving toward some sort of a unifying theory of how to run both your business and your IT department. Essentially, they're both providing service management, provisioning, delivery, and measurement function. Why shouldn't they have a similar framework?

Hanna: I absolutely agree. Some of the shock that some people have when they pick up the service strategy book in ITIL V3 is they see it reads as a business book -- where is the IT, where is the data, where has my memory chip gone from this book? That's deliberate. It sets out that if you're running yourself as a business, you need to understand the business or businesses you serve, and you need to behave in the same way.

There's a great deal of new thinking that has gone into the service strategy side of things around providing a service of any kind. And as Stuart said, businesses can start adopting some of the IT process practice, but also the other way around. The IT people, when they start thinking about it, start to realize that it's not just them who have change management and incident management. Their business has to implement these aspects when they talk to their customers and the products that they sell. It is very much coming together in the industry.

Gardner: Is this a two-way street? Do the lessons learned on the business side apply to IT, and then vice versa? Does anyone want to offer an insight into the transfer of best practices?

Two-way communication

Rance: It's a very important question, but I'd like to go even further than that and say that, as a business unit, IT is already participating in a lot of this two-way communication. In many cases, IT doesn't think of itself as a business unit, but if you think about it, they really are. Today, the average IT department is delivering services to external customers and those services are revenue producing.

When that starts to happen, the IT unit starts becoming both an internal service provider, as well as a strategic business unit within the organization. And so, not only is it communicating with the business, it, in fact, is the business in many cases. That's a very important realization to come to within most IT organizations.

Gardner: I suppose we're all parochial and that we are involved with IT, but it sounds as if IT is not just a peer business unit, but perhaps a special business unit in a modern cooperation or enterprise. David, do you have any sense of whether we can claim special status in IT, or whether that gets us in trouble?

Cannon: We certainly could claim a special status, but I wouldn't try that. I think that the most important thing about ITIL and about ITSM is to ensure that IT is viewed as part of the business, that it is contributing to the value generated from the business, and that it is able to achieve its objectives.

I wouldn't try to create any special case for it. I would simply say that the management

I never heard an organization saying it needed to get the legal department aligned with the business or the finance department aligned with the business

challenges within IT tend to be more unique, and it's important to use approaches like ITIL, which are specifically designed around these challenges.

Rance: Can I speak up on that just for a moment? In the days of ITIL Version 2, a lot of organizations used to talk about business-IT alignment, and how important it was to align IT and its goals and strategies with the business and its goals and strategies.

I always found it very strange that you never heard a similar conversation about other business units. I never heard an organization saying it needed to get the legal department aligned with the business or the finance department aligned with the business.

I think that used to be a fundamental failing of IT organizations -- that they were trying to align with the business instead of trying to be a part of the business. That was one of the big changes in ITIL V3. I don't think an IT department should consider itself special or different. It should consider itself part of the business in exactly the same way as other core, shared services are.

Gardner: Perhaps another way to phrase the question is rather than to ask about whether it should be special, ask why it should not be special, and should be peer.

Rance: Exactly.

What do they want?

Hanna: Absolutely. One customer I work with felt they were getting a beating from industry best-practices consultants. The consultants were saying, "Look, you need to understand and align with your business. If only you did that, everything would be okay." What the IT organization found when they tried to do that was that, when they communicated with the business and got the right discussion around availability, performance, or whatever it was, the business didn't know what it wanted either.

So there's this idea that the magic is just a little bit further away, if you can get there. Once that organization engaged with the business, and they both realized they had challenges in this space, and it wasn't just one or the other's fault, they were able to start working together to get things done in a better way.

Gardner: I wonder if we could take a moment to understand better the relationship between HP and its approach to IT data centers, IT shared services and ITIL. Several of you here are instrumental, but also working with HP, what's the relationship?

Cannon: Dana, are you talking about the relationship between data-center management and ITSM?

Also I'm using it myself personally. I'm using ITIL guidance to help define and manage a service portfolio, which is a new concept within ITIL.

Gardner: No, I was asking about HP, as a vendor supplier, a partner and ITIL as a progression. How do they relate?

Hanna: I'm a business development manager within HP, within our Mission Critical Services organization, and I'm using ITIL as part of our assessment and continual improvement methodologies and tool set. So, I'm either helping to sell those kinds of ideas as a product or I am using it to improve what I do when I do that.

Also I'm using it myself personally. I'm using ITIL guidance to help define and manage a service portfolio, which is a new concept within ITIL. Within that, I have a pipeline of services that I offer to my customers, and new services or significant changes I'm bringing along. I've also got a service catalog of things that I sell to my clients today.

So, I am very much personally using ITIL, and I know many of my other colleagues are. But, it's not just how we go to market -- it's also within our own infrastructure.

Gardner: Does anyone else want to offer a way in which the philosophy of HP aligns with ITIL?

Everything is ISTM

Cannon: Absolutely. The point is that there is nothing in HP that we do that is not service management. Everything that we do -- from manufacturing and delivering computers to installing those computers, to making sure that they are operating effectively, to working with our customers to make sure that they are able to use IT and support their businesses -- are essential components of ITSM.

So, our whole approach to ITSM is not only that we help our customers do ITSM, but, as Ashley pointed out, we use ITSM internally to make sure that we are doing things in a quality manner and in a way that creates an added value for your customers.

For example, when I got into the data center services side of things, a lot of people said to me, “Oh, so you are leaving service management?” And the point is, no, absolutely not. How can you deliver IT services, how can you manage those services, if you have no control of your data center? Everything we do is tied into service management and how our customers are able to achieve value within their organizations.

Gardner: I would think that also end-to-end visibility, control management, and integration are essential to providing that end service in a timely and efficient manner. Is there a

Within our service management profession, it's incredible how many different things people are doing with service management.

comprehensive aspect to what HP involves in working with a number of partners and what you can then attain with ITIL guidelines?

Rance: We have within HP something we call a service management profession, which is part of our overall knowledge management. Interestingly, knowledge management, a relatively new process for ITIL was something we have been doing for a long time, as with many other organizations of course.

Within our service management profession, it's incredible how many different things people are doing with service management. They're all engaged with service management and they're all sharing knowledge and capabilities with each other, but it ranges from people who are developing, planning and delivering ITIL training courses. People are developing, delivering, configuring, installing, and managing our complete range of software products.

Our internal IT organization, our outsourcing organization, many different people doing different source of consulting, anything you can think of in the service management space, there is somewhere in HP a team doing it. Usually, those teams are doing it in every country around the world. We all talk to each other and learn from each other, and it's a lot of fun. I don't think there is any other organization in the world that comes close to that.

Gardner: So, in a sense, it's a whole greater than the sum of the parts.

Rance: Absolutely.

Concrete examples

Gardner: We've talked about this ITIL set of benefits and we debunked some of the misunderstandings. We've kept it at a fairly theoretical level, but I wonder if we had some concrete examples. As you pointed out earlier, ITIL has come from practices and not academics. Where are people applying these guidelines and the increased role of ITSM to a benefit? What are some of the metrics of success? Let's start with you, David.

Cannon: It all depends what each company is trying to achieve with their implementation. For some organizations it's about simply trying to solve a very specific problem. For example, how do I become more responsive to my customers when my IT services break, or how do I control changes within the organization?

If that's all that you are trying to achieve right now, then your metrics are going to reflect what it is that you've been working on. So, am I getting quicker at resolving these incidents? Am I getting fewer incidents? Are changes being more controlled, and are there fewer incidents as a result of rolling out changes? Some of the metrics that you are going to focus on are going to be very operational and very much focused on the problem that you're trying to solve.

In other organizations, which are trying to go for a more holistic implementation and are trying to really get into a growth mode for their organization, they are going to approach this in a very different way. They are going to look at things like, "What kind of services am I delivering? Are those services achieving the desired outcomes?"

The metrics are going to be a combination of what their businesses are using to measure their

So, the discussion changed very, very quickly from, "How much does ITSM cost us?" to, "Hey, can we have some more of this kind of thing?"

success, as well as how IT is measuring the consistency, the reliability, and the availability of their services. It's going to be a combination of that.

We've seen a number of organizations, which have really been using ITSM extensively, coming up with some very interesting ways of measuring the success of the program. What's interesting is that they may start out with looking at, "What is the cost of ITSM and how can I demonstrate the return on investment (ROI)?" But, where they end up is very interesting. Where they end up is, "How does IT support our business?"

I was sitting in one customer organization and they were talking about the cost of IT. We switched the discussion around and took a very specific example of a service that was used commonly within the business. We said to them, "Let's not focus on the cost of IT for now. Let's focus on what you get out of the service."

The managers in the business sat around and talked about the things that they do with the service. It turns out that by using the service, the business was able to save something like $20 million a year in certain testing procedures that they were running.

So, the discussion changed very, very quickly from, "How much does ITSM cost us?" to, "Hey, can we have some more of this kind of thing?" Again, it really depends on the kind of initiative that you have going within your organization and how you're going to measure the success of your ITSM program.

Gardner: Stuart, how about you? Do you have any examples of ITIL in practice and perhaps any metrics on its impact?

Service management journey

Rance: I'll tell you about one of my customers. I don't think it was a metric when they stopped, but it was certainly an outcome. This was an organization that started on their service management journey about four years ago. It was a big mobile phone company somewhere in Eastern Europe.

They started on an ITIL implementation program at the time of ITIL Version 2, and their goals and metrics were largely around quality of service and cost of delivering service, the sorts of things that we think of when we think about ITIL Version 2. It was a really good program and it went really well.

They got the cost reductions they were looking for. They got the improvements in services they were looking for. The other thing that wasn't originally on their goals was that was they got a massive improvement in the relationship with the business. As a direct result of the improvements that they made with their ITIL program, the IT manager became the IT director. In other words, he got himself a seat on the board.

He was quite happy to come back to us afterward and say, "Thank you for your help. Implementing that program directly led to me getting a seat on the board."

The outsourcer couldn't complete the deal, and the IT organization is still in house today. So, that's a great success story from that IT organization.

It's a really nice piece of feedback, because the next thing he said to me was, "Now, what does ITIL V3 mean for me, and how can I capitalize on that and get even better?

I've run quite a few strategy and planning workshops to look at the best way of implementing ITIL V3 in different organizations. We did one of those here and came up with a number of ideas for his next four- or five- year program to improve the relationship even better and to improve the outcomes he's delivering in the business.

Gardner: Ashley, similar question to you.

Hanna: I have a very interesting example as well. I've worked with one of our customers on the Mission Critical Partnership and we helped them implement continual improvement over a number of years. We benchmarked them as to where they were against best practice and against peers in the industry. Then, we helped them identify key risks to address and the improvements that they could make. We helped them measure their progress on an annual basis.

What's very interesting is that they were so successful that, when the decision was made to outsource the IT organization, the outsourcer found that they were already so efficient and effective, they couldn't make the required saving to make the deal worthwhile. The outsourcer couldn't complete the deal, and the IT organization is still in house today. So, that's a great success story from that IT organization.

Looking into the crystal ball

Gardner: Before we wrap up, I'd like to take a peek into the crystal ball, looking into the future a bit. As I mentioned earlier, it strikes me that the emphasis on process over systems and on services from a variety of sources, over monolithic and tightly controlled centralized delivery, is probably going to be growing in importance over the coming years. That perhaps augurs well for ITIL and particularly ITIL V3. So I'd like to go one last time through our panelists on this crystal ball notion. David, what's your prediction for how ITIL Version 3 progresses?

Cannon: What we're going to start seeing is the market will continue to mature, as it has been over the last 20 years. More and more organizations will get in control of their IT environments. They will be articulating value to the business more and more.

But, two additional things are going to start happening as we move forward. The first thing is

In addition, we're going to see ITSM moving more-and-more inward into the IT organization.

that service management is going to move outward. We are already seeing how organizations are starting to use the procedures, the practices, and the principles of ITIL within the business. For example, a lot of businesses are using simple IT event management to drive some of their business operations. So we are going to see ITSM moving out and being applied into business environments.

In addition, we're going to see ITSM moving more-and-more inward into the IT organization. We're going to start seeing ITSM being applied to the actual infrastructure, applications and networks within the IT organization, and we are going to see more and more technical applications of ITSM as well.

Gardner: Stuart, your view on the future?

Rance: I'm not sure if I agree with David on this. Rather than more organizations getting good at service management, what's going to happen is a massive consolidation. There will be fewer really good organizations that understand service management, do it well, Increasingly, they're going to be dominating the market, and the small, ineffective IT organizations aren't going to suddenly learn how to do service management. They're just going to go out of business.

The other thing that I see happening is that those organizations that are currently running their services using good service management practices and developing the capabilities and managing end-to-end services are in a really great position to take on new technologies, paradigms, and ideas to invest in things like virtualization, clouds, blades, and other technologies which provide a more complex infrastructure environment.

Because they're already managing these things from the viewpoint of the service, they're going to find adoption of new and interesting architectures much easier. So again, those organizations that do service management well are the ones who are going to be able to take advantage of all of the flexibility and cost savings of new technologies.

Gardner: Last point to you, Ashley.

Much easier to do

Hanna: Speaking to that idea around the new technologies, some organizations have used some of the new blade infrastructures in virtualization as being easier to deploy than some of the old style mainframe heavy-duty things, but are finding that actually a lot of it is absolutely much easier to do. There is more automation and things work better and smoother.

But, with many more devices and new concepts, they still need to apply these traditional service management approaches. So, I think, we'll see a lot of these organizations that have branched out recently into new technologies realizing that they need to equally invest in new service management guidance.

And I think, best practice today is relatively high level, and I think we'll see the actual sources of best practice like ITIL will get deeper down, and we will get more day-to-day operational advice and templates made available that also adhere to this best practice.

Gardner: Very good. We have been discussing how to better understand the standards and methods around ITIL Version 3, Prescriptions and Guidelines. And we have been better understanding how that can impact the modern enterprise.

I want to thank our panel for today's discussion. We have been joined by David Cannon, an ITSM practice principal at HP, thank you David.

Cannon: Thanks for having me.

Gardner: We have also been joined by Stuart Rance, an ITSM expert at HP and author of the ITIL V3 Glossary. Thank you Stuart.

Rance: Thank you. It's been fun.

Gardner: And Ashley Hanna, an author of Version 2 and Senior Examiner for ITIL V3 as well as a business development manager at HP. Thank you so much, Ashley.

Hanna: Thank you.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a sponsored BriefingsDirect podcast. Thank you for listening and joining us and come back next time.

Free Offer: Get a complimentary copy of the new book Cloud Computing For Dummies courtesy of Hewlett-Packard at www.hp.com/go/cloudpodcastoffer.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: Hewlett Packard.

Transcript of a sponsored BriefingsDirect podcast on the latest version of ITIL, and how it helps IT organizations transform how they operate as business units. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.

Portfolio Management Techniques Help Rationalize IT Budgets in Tough Economy

Transcript of a BriefingsDirect podcast on managing IT departments in the face of an economic downturn and an infusion of stimulus cash.

Listen to the podcast. Download the transcript. Find it on iTunes/iPod and Podcast.com. Learn more. Sponsor: Compuware.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, we present a sponsored podcast discussion on the importance of managing IT departments in dynamic business environments. The current economic downturn has certainly highlighted how drastically businesses and, of course, the IT operations within them need to change, whether in growth, in terms of cutting out business units, functions, or processes, and then also setting themselves up for either a change in market direction or renewed growth in existing businesses.

For the past year or so, organizations may have watched their revenues decrease, their customers slide, and their supply chains change drastically right before their eyes. So, as budgets in the IT department have reacted to this reality, they've been managing change, but they also need to manage the horizon, keep their eye on what's coming next in terms of growth. For many industries, that includes a large amount of stimulus money being driven into certain activities.

We're here to talk to an executive from Compuware about how IT organizations can better understand managing change, how they can employ IT portfolio management techniques and products and processes, and better manage their short-term shrinkage or reduction needs, while maintaining an opportunity to be flexible when the tide turns.

So please join me in welcoming Lori Ellsworth, Vice President of Changepoint Solutions at Compuware. Hi, Lori.

Lori Ellsworth: Hello.

Gardner: We're also joined by David A. Kelly, Senior Analyst at Upside Research. Hello, Dave.

David A. Kelly: Hey, Dana, great to be here with you.

Gardner: Dave, let me start with you. We have seen over the years, complexity increasing in IT organizations. They've taken on more activities that IT departments are responsible for and that includes people, process, products, and technologies. Tell me, if you will, about the lay of the land when it comes to IT portfolio management, perhaps a little historical context, and then we can get more into the problems that we are facing nowadays.

Kelly: Sure, Dana. The place to start with IT portfolio management is the idea that it's really hard to improve, if you don't have a way to measure how you're doing or a way to set goals for where you want to be. That's the idea behind IT portfolio management, as well as project and portfolio management (PPM), which is an early nomenclature for a similar type of goal. That was to take the same type of metrics and measurements that organizations have had in the financial area around their financial processes and try to apply that in the IT area and around the projects they have going on.

It measures the projects, as well as helps try to define a way to communicate between the business side of an organization that's setting the goals for what these projects or applications are going to be used for, and the IT side of the organization, which is trying to implement these. And, it makes sure that there are some metrics, measurements, and ways to correlate between the business and IT side.

What we've also seen recently is this move toward IT portfolio management, where the focus is not just upon the projects themselves that are going on in the IT organization, but also on the applications and the resources that the IT group has deployed and measuring how well those are meeting the business needs.

Gardner: Now, correct me if I'm wrong, but it seems that for the last several years, managing growth and complexity has been paramount for these technologies and approaches.

Sea change in IT

Kelly: Absolutely. That's where the economy was and that's where a lot of organizations have been over the past three or four years in terms of ramping up new services and deploying new things. As you said in your intro, there has pretty much been a sea change over the past nine months or so in terms of the economy as well as how organizations need to react to it.

Now, there's an opportunity for organizations to step back, take the same type of tools, and begin to apply them to tougher economic times. They can make sure they're making the right decisions for today, as well as to lay the groundwork for future growth.

Things are going to turn around maybe later this year or next year. When that happens, resources are going to be tight and constrained. So, organizations are going to have to have the right information to be making the best decisions to capitalize upon that growth when it comes, as well as to get them through this tough period, where they have to optimize the limited resources they have to deal with the current business situation.

Gardner: Lori Ellsworth, perhaps you could share with us what you're hearing from your customers. It seems the keyword here is "change." How does this change management relate to IT portfolio management from where your customers are sitting now?

Ellsworth: It ties into the business environment that David was just talking about. IT organizations now are moving towards acting in a more strategic role. As we've just talked about, things are changing rapidly in the business environment, which means the organizations that they're serving need to change quickly and they are depending on, or insisting on, IT changing and being responsive with them.

It's essential that IT needs to watch what's going on, participate in the business, and move quickly to respond to competitive opportunities or economic challenges. They need to understand everything that's underway in their organization to serve the business and what they have available to them in terms of resources and they need to be able to collaborate and interact with the business on a regular basis to adjust and make change and continue to serve the business.

I can contrast that historically to different times, where IT played a different role, and there were different economic conditions, where it was much easier to make decisions and work on a project and go off and work on that project for a year. That's not the world we live in today, and IT needs to be as responsive as the rest of the business.

Gardner: I'm sure IT is not alone in needing to very firmly rationalize their spending, both operationally and on new spending. It also appears to me that you have to be able to have the actual data in hand. You can't go to a budget-minded executive -- a COO, for example, or a CFO -- and rationalize your budget with estimates or soft approaches to this. What is it about IT portfolio management that puts data into the process?

Ellsworth: First of all, we have to think about it as a company. Those COO's

. . . they need to understand who are the people, what is the cost, and where can we make changes to respond to the business.

who you've just referred to, are investing money in IT. It may be coming from the business units, but they're making an investment in technology to serve the business. IT needs to understand how they, in collaboration with the business, are making decisions to use that money, what they're investing it in, and where they have an opportunity to make changes to better serve the business.

If IT wants to engage in a conversation about moving investments, about stopping something they're working on so they can respond to a market opportunity, for example, they need to understand who are the people, what is the cost, and where can we make changes to respond to the business.

Gardner: Making those priorities requires a comparison. So, a cost-benefit analysis might be one approach. Again, if you don't have the details about what it is that IT is doing and what it's capable of, you're not able to bring a true cost benefit analysis into this discussion.

Cost-benefit analysis

Ellsworth: Absolutely. And, this approach as you suggested, the cost-benefit analysis, that's about a business approach. In other words, this isn't about IT deciding on different projects they could work on and what benefit it might deliver to the business. The business is at the table, collaborating, looking at all the potential opportunities for investment, and reaching agreement as a business on what are the top priorities.

Gardner: Dave Kelly, what else do you see in terms of the problem set here, when it comes to this dynamic environment and managing change, whether it's growth or whether it's contraction across people and process? We seem to have, of course, the need for the data, for the information, but then, once we get to the point of execution, it seems to me that this insight into the portfolio can also be important.

Kelly: Yes, it is important. I'm going to key on a couple of words that Lori mentioned in responding to your question. The other thing that's needed is consistency. When you're making these kinds of decisions, for a lot of IT organizations and organizations in general, if times are good, you can make a lot of decisions in an ad hoc fashion and still be pretty successful.

But, in dynamic and more challenging economic times, you want the decisions that you or other people on the IT team, as well as the business, are making to be consistent. You want them to have some basis in reality and in an accepted process. You talked about metrics here and what kind of metrics can you provide to the COO.

You need consistency in these dynamic times and also you need a way to collaborate, as Lori brought up. That's a really good point, in terms of being able to collaborate between the business and IT, because you are always making these trade-offs.

Unless you have all the money in the world, for these decisions about applications or projects within the IT organization you need to collaborate within the IT organization and have a consistent view on what's going on, as well as collaborating with the business stakeholders and making sure that you are making the right decisions there. Those are couple of key points to think about in these turbulent and dynamic times.

Gardner: I think you're also pointing to the need for automating those labor-intensive

So, the moment we rely on individual efforts or on people who have to go out and sit through meetings and collect data, we're not getting data that we can necessarily trust.

manual processes. Perhaps you're using spreadsheets or perhaps using a siloed approach of just looking at certain elements of the IT environment, rather than a comprehensive view that doesn't scale in terms of complexity or time. We need to reevaluate a budget now in two months, rather than on a yearly or six-month cycle. Let me take it back to Lori. To what degree do manual processes break down in terms of how IT manages its portfolio?

Ellsworth: There are a couple of problems with manual processes. As you suggested, they're very labor-intensive. We've talked about responsiveness. We need information to drive decision-making. So, the moment we rely on individual efforts or on people who have to go out and sit through meetings and collect data, we're not getting data that we can necessarily trust. We're not getting data that is timely to your point and we're not able to make those decisions to be responsive.

You end up with a situation where very definitely your resources are busy and fully deployed, but they're not necessarily doing the right things that matter the most to the business. That data needs to be real-time, so that, at multiple levels in the organization, we can be constantly assessing the health and the alignment in terms of what IT is doing to deliver to the business, and we have the information to make a change.

Kelly: Dana, if I could interject here. To me, it's a little bit analogous to what we saw maybe 10 years or a little longer ago in software development, when a whole bunch of automated testing tools became available, and organizations started to put a lot of emphasis in that area.

As you're developing an application, you can certainly test it manually and have people sitting there testing it, but when you can automate those processes they become more consistent. They become thorough, and they become something that can be done automatically in the background.

Fewer resources, higher quality

It takes fewer resources and less money to get much higher quality and a better result. We're seeing the same thing when it comes to managing IT applications and projects, and the whole situation that's going on in the IT area.

When you start looking at IT portfolio management, that provides the same kind of automation, controls, and structure by which you can not only increase the quality of the decisions that are being made, but you can also do it in a way that almost results in less overhead and less manual work from an organization.

You are always making a trade-off between the amount of investment required to effect a change like this and manage it on an ongoing basis and the benefit that it's going to pay back to you. So, you do want something that's going to be able to be automated and yet help deliver good results for you.

Gardner: Dave, to go further on your points, it seems that IT has been very busy for 10 or 15 years helping other aspects of the business do precisely this, which is to mature to gain access to data across different aspects of a process, a part of the supply chain, or manufacturing or transportation activity. Then, they allow that to be centralized and analyzed and then they implement what changes seem appropriate back into what's going on within those applications. So, IT is basically now at a point where it needs to start drinking its own tea, if you will. Lori does that make sense?

Ellsworth: Oh, absolutely. In the last several years, would we be running a business without visibility into the finance organization or the finance side of the business or into the sales forecast? The technology organization is now becoming more and more strategic to the success of the company. We need to understand what we're investing and what return we're getting for that investment.

Gardner: So, we're back to the economic environment and this need to mature more rapidly. Perhaps, like an adolescent, IT needs to have a growth spurt, rather than go through a long pleasant trip.

Now that we've recognized the dimension of the problem, how does one get started?

Choosing a tool is not going to be the answer to any of your challenges, unless you understand the business problem and the level of maturity, and you can embark on a combined people, process, and technology solution.

How does one begin to look at this as a solution and a maturation process for IT and not just, "Oh, let's pick out a product and drop it in?" It's really not a technology solution, is it Lori?

Ellsworth: Correct. What the IT organization has to start with is looking at that investment lifecycle that they're managing, from the demand coming into the business, through execution, managing what they're delivering back to the business, in this case, the application or the business service. They need to look across that entire lifecycle that they are managing and they need to do a couple of things.

They need to understand where their greatest pain points are. Many organizations, once they start a project, are quite comfortable and efficient in delivering effectively. Their pain point is collecting, managing and driving decision-making around the demand. So, it's important to understand the biggest pain points and to understand the organization's maturity. Choosing a tool is not going to be the answer to any of your challenges, unless you understand the business problem and the level of maturity, and you can embark on a combined people, process, and technology solution.

Gardner: Dave Kelly, just to keep the bean counters happy, I think it's important for us to look at a fairly short horizon for payback of some sort from any investments in IT portfolio management. Can you think of what might be low-hanging fruit in terms of where you could apply IT and portfolio management. Perhaps, it would be a consolidation or modernization factor, and we'd then say, "Aha, we've recovered the cost of this and now we can apply it to these other more strategic and transformative types of activity?"

Legacy transformation

Kelly: That's an excellent point. Areas such as legacy transformation or modernization are good for this, because you do have to make a lot of decisions, and Lori may have some other perspectives here as well. Any situation, where there are a number of stakeholders driving that decision-making may be difficult for some organizations, where you need to gain consensus. It's a good application for this type of solution.

It applies to any opportunity for managing new projects -- whether it's a legacy transformation or modernization, a new application or project that may have high dynamic components. It may be something that's not going to be a one hit wonder that you are just applying once, but is going to require some level of ongoing change. If you can justify the maintenance of that change and future changes through the use of the solutions like this, it can certainly help deliver that return on investment (ROI) much faster.

Gardner: How about that, Lori? Do you have any sense of where initial and speedy paybacks are available, perhaps even in regards to energy use?

Ellsworth: One of the things I see with customers is that some of the low-hanging fruit, as you described, is really in the area of redundancy.

It's an opportunity first of all to reduce the total number of applications, and the follow-on is an approach to being more efficient or investing in the applications that are strategic to the business.

It sounds pretty basic, but the moment an organization starts to inventory all of the projects that are under way and all of the applications that are deployed in production serving the business, even just that simple exercise of putting them in a single view and maybe categorizing them very simply with one or two criteria, quite quickly allows organizations to identify those rogue projects that were underway. They are investing resources. There is just no logical reason to keep them going.

Similarly, on the application side, they will quickly learn, "We thought we had 100 applications, and we've now discovered there are 300." They'll also quickly identify those applications that no one is using. There is some opportunity to start pulling back the effort or the cost they're investing in those activities and either reducing the cost out of the business or reinvesting in something that's more important to the business.

Gardner: So, employing IT portfolio management quickly will allow you to discover what application inefficiencies you have, which then, of course, translate back to infrastructure inefficiencies around utilization. Perhaps, you start deploying virtualization and taking the required or remaining applications in, and then deploying them with the most bang for the buck.

Ellsworth: Yes. It's an opportunity first of all to reduce the total number of applications, and the follow-on is an approach to being more efficient or investing in the applications that are strategic to the business.

Gardner: I guess I just wanted to affirm that the savings don't always just come from what you would get from reducing the number of applications. A secondary benefit would be in the way in which you produce these applications in production environment. Therefore, there could be savings on the infrastructure side as well.

Ellsworth: Absolutely.

Consolidation opens doors

Kelly: You could go through consolidation. As you said, it opens up new opportunities for cloud computing or other potential deployment opportunities.

Gardner: There is, of course, a lot of talk about more dynamic sourcing options, but if you want to take advantage of what you might perceive in that regard, you need to know what you have in place and what is required in terms of mission critical versus perhaps expendable.

Kelly: Exactly.

Gardner: Let's look at this again from another perspective for some industries. They may have seen a decrease very rapidly, but federal governments, both in the US and in other countries, have been injecting quite a bit of stimulus money into the environment for public sector and certain industries.

That should give these decision makers in IT and their counterparts on the business side some opportunities to say, "How should we take the stimulus money and most effectively invest it in our organization?" To me IT portfolio management should be in the top tier. Would you agree with that Lori?

Ellsworth: I absolutely would. There is no time where the investment being given to an organization, and in particular to IT, has been more visible. In addition to the money that's being invested as an ongoing course of doing business, there's an additional investment.

Organizations need to make timely and intelligent decisions about how to invest that money. They need to understand the different possibilities, create different potential views of what the future might look like, and really agree as a business, how to invest and keep the visibility in terms of how you are using those investments as well.

Gardner: Dave Kelly, the payback here, as we discussed, can be short-term, medium-term and then long-term, if we look towards that cloud or mixed sourcing future. What necessary steps are there for organizations, whether it's the reaction to stimulus money or just a renewed interested in investment for productivity sense? Where does the decision process for IT portfolio management need to come from? Is it just a CIO-level decision or an engineering VP decision? Where does this really become a purchase?

Kelly: It's generally the higher level, the CIO level. The senior management can drive it,

. . . it's a great time, if there's economic stimulus money coming into an organization. You want to make sure that it's well spent and used efficiently and effectively. . .

as well, and maybe an enlightened engineer also has some good ideas, wants to optimize things, and may be able to bring this process forward. But, It's clearly someone that you want to be able to drive this kind of change across different processes, projects, and applications and make it part of the foundation for an organization.

That doesn't mean it has to spread across the complete organization or complete IT system all at once. You can start in very tactical ways, but the vision is how you make these kinds of consistent decisions in a timely, intelligent, and reliable manner.

So, someone more senior is going to help drive a solution like this. As Lori said, it's a great time, if there's economic stimulus money coming into an organization. You want to make sure that it's well spent and used efficiently and effectively to set the foundation for the organization to deliver on what they are supposed to deliver on, as well as lay the foundation for going forward.

Gardner: And, the visibility that IT portfolio management provides, in my thinking, gets comprehensive in nature. That’s almost to think about an architecture-level decision. Lori, have you seen architecture getting involved with the requirements set around IT portfolio management or are the frameworks like ITIL, TOGAF, and DoDAF spurring on interest in getting this comprehensive view?

Benefiting from visibility

Ellsworth: I'll make a couple of comments. From an architecture perspective, I'm not necessarily seeing that area of the business driving this exercise, but they are participating. They're participating, because they are going to benefit from the visibility. They're driving initiatives across the IT organization. Certainly, the IT portfolio management solution plays a role in an ITIL initiative.

The other comment I would like to add may further David's comment. I'm also seeing an increased interest in participation, from a finance perspective, outside the IT organization. Often, the CIO and the executive in the finance area are working together.

The line of business executives -- the customers, if you will, the CIO -- are starting to be more mature, if I can use that expression in terms of their understanding of technology and of how they should be working with technology and driving that collaboration. So, there is some increased executive involvement even from outside IT, from the CIO's peers.

Gardner: Even at a general level, we're hearing the mentality that no crisis should go wasted, and, if you agree with me that the economic downturn provides an opportunity for transformation and not just for retrenchment, does IT portfolio management allow for a conversion within IT in terms of how it relates to its customers and perhaps even charges them?

That is to say, is this utilization of IT portfolio management a necessary step towards getting into an IT shared-services environment or a discrete charge back, where IT services are defined in business terms and charged accordingly. I'll direct this at Lori.

Ellsworth: It does provide another catalyst to IT behaving more like a business and,

Certainly, there are job-security issues for senior IT people, if they're not able to respond adequately to the CFO or COO or the business need changes.

as you've described, really managing the relationship with their customers, understanding their customers’ priorities, and the customer understanding the cost of what they need. Together, they're starting to work in that customer-supplier -- with a financial aspect -- type relationship.

That's something that IT has been moving towards for several years. Maybe they've been getting a little more push back from their internal customers, but the current economic conditions and the scrutiny on investment are more of a catalyst to get that customer-vendor type relationship going.

Gardner: David, we talked about what IT portfolio management can do. What are the penalties if you don't, if you continue to have manual and even paper-based or spreadsheet-based approaches to keeping track of your assets and resources? It seems to me that the complexity, those choices around sourcing, has been out of control. Furthermore, if I'm on the financial side of the house and I see that IT is floundering in its ability to run itself, I might be tempted to outsource significant portions of it. Right?

Kelly: Absolutely. I think you've highlighted some of the risks there for organizations that don't have good control in terms of the IT decision-making processes. Certainly, there are job-security issues for senior IT people, if they're not able to respond adequately to the CFO or COO or the business need changes.

The answer to your question of what happens if organizations don't move towards IT portfolio management depends upon the organization. If you have a slow-moving organization that doesn't have to make a lot of decisions and doesn't have a lot of investments, maybe they are just fine doing what they're doing, doing it ad hoc or doing it with the spreadsheets.

Consistent rational approach

But, as we've talked about throughout this podcast, any organization that is facing dynamic business conditions, that is investing in new applications or projects, that wants to be able to increase the efficiency in its IT organization, as well as increase the effectiveness of the application solutions it’s bringing to the business, absolutely needs to have some kind of consistent rational approach to gathering information, collecting metrics, being able to collaborate with the business and being able to make decisions in a consistent and rational way.

That really points very strongly towards IT and IT portfolio management or some similar type of solution. There is a little bit of investment required for any solution like this -- time, resources, and money -- but for organizations that have those conditions, it's a really strategic investment.

Gardner: Lori, did we miss anything? Is there a risk here that we didn't bring up yet about resisting a comprehensive view of assets in IT or perhaps even a downward spiral at some kind of that could ensue?

Ellsworth: No. The answer was comprehensive. You are absolutely correct that IT needs to recognize that there are competitive alternatives, and certainly, if IT isn't delivering, the business will go and look elsewhere. In some simple examples, you can see line-of-business customers going out and engaging with a software-as-a-service (SaaS) solution in a particular area, because they can do that and bypass IT.

The other side of that as well is when IT is executing.

. . . IT needs to recognize that there are competitive alternatives, and certainly, if IT isn't delivering, the business will go and look elsewhere.

If they're not making the right decisions and doing the things that have the highest return to the business or if they are delivering poorly, it's really about missed opportunity and lower ROI. So, while IT might be engaged and they might be delivering, they are minimizing the impact or the value they could be delivering to the business.

Kelly: Dana, let me just add one other thing in here. I really see these kinds of things as an opportunity for IT. We've talked about some of the challenges they may face and some of the problems that there could be going on, but, if you are able to implement a solution like this, it really frees up IT to be able to consider new opportunities.

As you noted, if you can do some application consolidation, you may be able to consider new deployment opportunities and cloud-based solutions. It will make the decision-making process within IT more nimble and more flexible, as well as enable them to respond more quickly to the line of business owners and be able to almost empower them with the right information and a structured decision-making process.

That enables them to take greater risks and take advantage of new opportunities that they might not have been able to, if they just proceed with whatever solutions they have in hand.

Moving toward strategies

Ellsworth: That's a really good point, because the one metric, if I can use that word, that is understood by executives outside of the IT organization is how much of our investment is just going towards keeping things running or of keeping the lights on and how much is towards strategic work. Certainly the lower amount is strategic today. Anytime the CIO can show progress towards moving from keeping the lights on toward more investment strategies, that's something that's easy to understand outside of IT.

Gardner: And on that same topic of metrics, Lori do you have examples perhaps even used cases where the proper deployment of IT portfolio management has the demonstrated tangible result?

Ellsworth: Sure. To just speak generally, we have customers who are seeing improvement, first of all, on the execution side, and those improvements are in the area of being able to deliver projects. So, let's assume for a moment, that we're doing the right things. You're starting to see a 30 percent improvement in delivering a project on time, on budget, and meeting the business need.

If you start to back up, just thinking about that project as strategic, it will have an impact on the business, maybe even a revenue-generating impact. I can increase the probability of delivering it, when it's needed for the cost and meeting the business need, and you can start to translate that into the value back to the business.

Something a little less tangible is making better business decisions. Now, we're not wasting our resources. We're investing them in the right things and looking for a higher return to the business. Most of our customers will start to see what I'll call the supply and demand side of the business, and start to see some tangible returns in that area for certain.

The other area is in your utilization or productivity of resources. Customers are seeing significant increases in that area.

Gardner: Well, we're almost out of time. We've been digging into the need for better-managed processes in IT for how IT operates itself. We're looking at contraction and the requirements to reduce cost at an operating level, but at the same time, needing to prepare for a transformation of IT into perhaps more of a mature business unit to be able to ramp up for growth and take advantage of what stimulus money might be available.

We've been joined by Lori Ellsworth the vice-president of Changepoint Solutions at Compuware. Thank you, Lori.

Ellsworth: Thank you very much.

Gardner: We've also been joined by David A. Kelly, senior analyst at Upside Research. Great to have you with us, David.

Kelly: Great to be here, Dana. Thanks for inviting me.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You have been listening to a sponsored BriefingsDirect podcast. Thanks for listening and come back next time.

Listen to the podcast. Download the transcript. Find it on iTunes/iPod and Podcast.com. Learn more. Sponsor: Compuware.

Transcript of a BriefingsDirect podcast on managing IT departments in the face of an economic downturn and an infusion of stimulus cash. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.