This BriefingsDirect IT operations innovation panel discussion focuses on the changing role of IT service management (ITSM) in a hybrid computing world.
As IT systems, resources, assets, and information are more scattered across more enterprise locations and devices -- as well as across various cloud service environments -- how can IT leaders hope to know where their "stuff" is, whoâs using it, how to secure it, and then accurately pay for it?
Better than ever, it turns out. Advanced software asset management (SAM) methods can efficiently enforce compliance, reduce audit risk, cut costs, and enhance end-user productivity -- even as the complexity of IT itself increases.
We'll hear from four IT leaders about how they have improved ITSM despite such challenges, and we'll learn how the increased use of big data and analytics when applied to ITSM improves IT assets inventory control and management. We'll also hear how a service brokering role can also be used to great competitive advantage, thanks to ITSM-generated information.
To learn more about how ITSM solves multiple problems for IT, we're joined by Charl Joubert, a change and configuration management expert based in Pretoria, South Africa; Julien Kuijper, an expert in asset and license management based in Paris; Patrick Bailly, IT Quality and Process Director at Steria, also based in Paris, and Edward Jackson, Operational System Support Manager at Redcentric, based in Harrogate, UK. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.
Here are some excerpts:
Gardner: Letâs talk about modern SAM, software asset management. There seems to be a lot going on with getting more information about software and how itâs distributed and used. Julien, tell us how you're seeing organizations deal with this issue.
Kuijper: SAM has to square quite a complicated circle. One is compliance in a company, compliance with regard to software installation and usage, and also ensuring that while doing this, we must ensure that the software that is entering a company isn't dangerous. It's things like not letting a virus come in, opening threats or complications. Those are three very technical and very factual environments.
But, you also want to please your end-user. If you donât please your end-user and you donât give them the ability to work, they're going to be frustrated. They're going to complain about IT. Itâs already a complicated enough.
You have to square that circle by implementing the correct processes first, while giving the correct information around how to behave in the end-to-end software lifecycle.
Gardner: And asset management when it comes to software is not small, there are some very big numbers -- and costs -- involved.
Kuijper: Itâs actually a very inconvenient truth. An audit from a publisher or a vendor can easily reach 7 or 8 digits, and a typical company has between 10 and 50 publishers. So, at 7 digits per publisher, you can easily do the math. Thatâs typically the financial risk.
You also have a big reputation risk. If you donât pay for software and you are caught, you end up being in the press. You donât want your company, your branding, to be at that level of exposure.
You have to bring this risk to the attention of IT leaders at the CIO level, but they donât really want to hear that, because it costs a lot. When they hear this risk, they can't avoid investment, and the investment can be quite large as well.
But you have to compare this investment with regard to your overall software spending. Typically, if this investment is reaching five percent of your overall yearly software spending, you're on the right level. Itâs a big number, but still itâs worth investing.
Coming with this message to IT management and getting the ear of a person who is interested in the topic and then getting the investment authorization, you've gone through half the journey. Implementation afterward will be defining your processes, finding the right tool, implementing it, and running it.
Gardner: When it comes to value to the end-user, by having an understood, clearly-defined process in place allows them to get to the software they want, make sure they can use it, and look for it on a sanctioned list, for example. While some end-users might see this as a hurdle, I think it enables them eventually to get the tools they need when they need them.
Kuijper: Right. At the beginning, every end-user will see all those SAM processes as a burden or a complication. So you have to invest a lot in communication, smart communication, with your company and make people understand that itâs everyoneâs responsibility to be [software license] compliant and also that it can help in recovering money.
If you do this in a smart way, and the process has a delivery time not longer than three days, then you're good. You have to ensure, of course, that you have a software catalog that is up-to-date, with an easy access to your main titles. All those points from the end-to-end software lifecycle are implemented -- from software tool, then software delivery, then software re-usage, software, and also disposal. When all this is lean, then youâve made your journey. Then, the software lifecycle process will not be seen any more as a pain, but it will be seen as a business-enabler.
Gardner: Now, asset management doesnât just cover the realm of software. It includes hardware, and in a network environment, that can be very large numbers of equipment and devices, endpoints as well as network equipment.
Edward at Redcentric, tell us about how you see the management of assets through the lens of a network.
Jackson: We have more than 10,000 devices in management from a multitude of vendors and we use asset management in terms of portfolio management, managing the models, the versions, and the software.
We also have a configuration management tool that takes the configurations of these devices and runs them against compliance. We can run them against a gold or a silver build. We can also run them against security flaws. It gives us an end-to-end management.
All of this feeds into our ITSM product and then also it feeds into things like the configuration management data base (CMDB). So we have a complete end-to-end knowledge of the software, the hardware, and the services that we're giving the customer.
Gardner: Knowing yourself and your organization allows for that lifecycle benefit that Julien referred to. Eventually, that gives you the freedom to manage and extend those benefits into things like helpdesk support, even IT operations, where the performance can be maintained better.
Jackson: Yes, that's 360-degree management from hardware being delivered on-site, to being discovered, being automatically populated into the multitude of support and operational systems that we use, and then into the ITSM side.
If you donât get it right from the start and you donât have the correct models defined for example a Cisco device or the correct OS version on that device, one perhaps where it has security flaws, then you run the risk of deploying a vulnerable service to the customer.
Thinking about scale
Gardner: Looking at the different types of tools and approaches, this goes beyond thinking about assets alone. We're thinking also about scale. Tell us about your organization, and why the scale and ability to manage so many devices and information is important?
Jackson: Being a managed service provider (MSP), we have about 1,000 external customers, and each one of those has a tailored service, ranging from voice, storage, to data, and cloud. So we need to be able to manage these services that are contained within the 10,000 plus devices that we have.
We need to understand the service end-to-end. So thereâs quite bit of service level management in there. It all ties down to having the correct kind of vendor, the correct kind of service mapping, and information needs to be accurate in the configuration items (CIs), so support can utilize this information.
If we have an incident that is automatically generated on the management platforms, it goes into the ITSM platform. We can create an effective customer list within, say, five minutes of the network outage and then email or SMS the customer pretty much directly.
Thereâs more ways of doing it, but itâs all due to having a tight control on the assets that are out there in the field, having an asset management tool that can actually control that, and being able to understand the topology of the network and where everything lies. This gives us the ability to create relationships between these devices and have hierarchical logical and physical entities.
Gardner: You have confidence that you work with tools and platforms that can handle that scale?
Jackson: All the tools that we have are pretty much carrier-grade. So we can scale a lot more than the 10,000 devices that we currently have. If you set it up and plan it right, it doesnât really matter how many devices you have in management. You have to have the right processes and structure to be able to manage them.
Gardner: We've talked about software, hardware, and networks. Nowadays, cloud services, microservices, and APIs are also a big part of the mix. IT consumes them, they make value from them, and they extend that value into the organization.
Letâs go to Patrick at Steria. How are you seeing in your organization an evolution of ITSM into a service brokering role? And does the current generation of ITSM tools and platforms give you a road to that service brokering capacity?
Bailly: Whatâs needed for becoming a service broker that is we need to offer the ability to extend the current service that we have to the services that are available today in the cloud.
To do that, we need to extend the capability of our framework. Today, our framework has been designed in order to run the operation on behalf of our customers, to run the operation on the customer side, or the operation on our data center, but more or less, traditionally IT. The current ITSM framework is able to do that.
What we're facing is that we have customers who want to add short-term [cloud capacity]. We need to offer that capability. What's very important is to offer one interface toward the customers, and to integrate across several service providers at the same time.
Gardner: Tell us a bit about Steria. You're a large organization, 20,000 employees, and in multiple countries.
Bailly: We're an IT service provider, and we manage different kinds of services from infrastructure management, application management, business process outsourcing, system integration, etc., all over Europe. Today, we're leveraging the capabilities that we have today in India and in Poland.
Gardner: Now, we've looked at what ITSM does. We havenât dug into too much about where itâs going next in terms of what analysis of this data can bring to the table.
Charl, tell us, please, about how you see the use of analytics improving what you've been doing in your setting. How do baseline results from ITSM, the tools we have been talking about, improve when you start to analyze that data, index it, cleanse it, and get at the real underlying information that can then be turned into business benefits?
Joubert: Looking at inadequacies of your processes is really the start of all of this. The moment you start scratching at the vast amount of information you have, you start seeing the errors of your ways, and ways and opportunities to correct them.
It's really an exciting time in ITSM. We now have the ability to start mining this magnitude of information thatâs being locked inside attachments in all of these ITSM solutions. We can now start indexing all that unstructured data and using it. Itâs a fantastic time to be in IT.
Gardner: Give me an example of where you've seen this at work -- maybe a helpdesk environment. How can you immediately get benefits from starting to analyze systems and IT information?
Joubert: In the service desk I'm involved in, we have about a total of a million interactions over the past few years. What we've done with big data is index the categorization of all these interactions.
With tools from HP, Smart Analytics and Smart Ticketing, we're able to predict the categorization of these interactions to a accuracy of about 84 percent at the moment. This assists the service desk agents to more accurately get the correct information to the correct service teams the first time, with fewer errors in escalation, which in turn leads to greater customer satisfaction.
Gardner: Julien, where does the analysis of what you're doing with software asset management, for example, play a role? Where do you see it going?
Kuijper: SAM is already quite complex on-premise and we all know today that the IT world is moving to the cloud, and this is the next challenge of SAM, because the whole point of the cloud is that you donât know where your systems are.
However, the licensing models, as they are today, refer to CPU, to on-premise, to physical assets. Understanding how you can adapt your licensing model to this new concept -- not that new anymore now -- this new concept of cloud is something to which even the software publishers and vendors have not really adapted their model.
You also have to face some vendors or publishers who are not willing to adapt their model, especially to be able to audit specific customers and get more revenue. So, on one hand, you have to implement the right processes and the right tools, which are now going to navigate in a very complex environment, very difficult to scan, very difficult to analyze. At the same time, you have to update all your contracts, and sometime, this will not be possible.
Some vendors will have a very easy licensing model if you are implementing their software in their own cloud environment, but in another cloud environment, in a competitor, they might make this journey quite complicated for you.
So this will be complex and will be resolved by correct data to analyze and also some legal workforce and purchasing workforce to try to adapt the contracts.
Gardner: In many ways right now, we never really own software. We only lease it or borrow it and we're charged in a variety of ways. But soon we'll to be going more to that pay-as-you-use, pay-as-you-consume model. What about the underlying information associated with those services? Would logs go along with your cloud services? Should you be able to access that so that you can analyze it in the context of your other IT infrastructure?
Edward, any thoughts as a managed services environment and a management of networks provider. Do you see that as you provide more services that you are providing insight or ITSM metadata along with the services?
IaaS to SaaS
Jackson: Over the past five or six years, the services that we offered pretty much started as infrastructure as a service (IaaS), but itâs now very much a software-as-a-service (SaaS) offering, managed OS, and everything up the technology stack into managed applications.
It's gotten to a point now that we are taking on the managing of bespoke applications that customers wanted to hand over to Redcentric. So not only do we have to understand the technology and the operating systems that go on these platforms in the cloud, but we also have to understand the bespoke software thatâs sitting on them and all the necessary dependencies for that.
The more that we invest into cloud technologies, the more complex the service that we offer our customers becomes. We have a multitude of management systems that can monitor all the different elements of this and then piece them together in a service-level model (SLM) perspective. So you get SLM and you get service assurance on top of that.
Gardner: We've recently heard about HP's IDOL OnDemand and Vertica OnDemand, as part of the Haven OnDemand. They're bringing these analytics capabilities to cloud services, APIs as well. As I understand it, they're going to be applying them to more IT operations issues. So itâs quite possible that we'll start to see a mash up, if you will, between a cloud service, but also the underlying IT information associated with that service.
Letâs go back to Patrick at Steria. Any thoughts about where this combination of ITSM within a cloud environment develops? How do you see it going?
Bailly: The system today exists for traditional IT, and we also have to have the tooling for designing and consuming cloud services. We are running HP Service Manager for traditional IT, legacy IT, and we are running HP Cloud Service Automation (CSA) for managing and operating in the cloud.
Weâd like to have a unique way for reconciling the catalog of services that are in Service Manager with the catalog of services that are in CSA, and we would need to have a single, unique portal for doing that.
What we're expecting with HP Propel is to offer the capabilities to aggregate services that are coming from various sources and to extend that by also offering them. When we're serving this live, we need to offer some additional features like collaboration, incident management, access to the knowledge base, collaboration between service desk and end user, collaboration between end users, etc.
There's also another important point and that is service integration. As a service provider, we will have to deliver and control the services that are delivered by some partners and by some cloud service providers.
In order to do that, we need to have strong integration, not only partnership, but also strong integration. And that integration should be multiple point, meaning that, as soon as we're able to integrate a service provider with this, that integration will be de facto available for our other customers. We're expecting that from HP Propel.
And itâs not only an integration for provisioning service, but itâs also an integration for running the other processes, collaboration, incident management, etc.
Gardner: Patrick mentioned HP Propel, do any of you also have some experience with that or are looking at it to solve other problems?
Joubert: We're definitely looking at it to give a single view for all our end users. There are various supportive partners in the area where I work. The end user really wants one place to ask for fixing a broken light, to fixing a broken PC, to installing software. It's ease of use that they're looking for. So yes, we are definitely looking at Propel.
Gardner: Letâs take another look to the future. We've heard quite a bit about the Internet of Things (IoT) -- more devices, more inputs, and more data. Do you think thatâs something thatâs going to be an issue for ITSM, or is that something separate? Do you view that the infrastructure thatâs being created for ITSM lends itself to something like managing the IoT and more devices on a network?
Kuijper: For me, as asset management experts and software asset management experts, we have to draw a line somewhere and say, "There is this IoT, and there is some data that we have to say we donât want to analyze." There are things that are here on the Internet. Thatâs fine, but too much engineering around that might be over-killing the processes.
We also have to be very careful about false good ideas. I personally think that bring your own device (BYOD) is a false good idea. It brings tremendous issues with regards to who takes care of an asset that is personally owned by a person in a corporate environment, who deals with IT.
Today, itâs perfect. I bring the computer that I'm used to in the office. Tomorrow, itâs broken. Who is going to fix it? When I buy software for this machine, who is going to pay for it and who's going to be responsible for non-compliance?
A CIO might think itâs very intelligent and very advanced to allow people to use what they're used to, but the legal issues behind it are quite complicated. I would say this is a false good idea.
Gardner: Edward, you mentioned that at Redcentric, scale doesnât concern you. You're pretty confident that the systems that you can access can handle almost any scale. How about that IoT? Even if it shouldnât be in the purview legally or in terms of the role of IT, it does seem like the systems that have been developed for ITSM are applicable to this issue. Any thoughts about more and more devices on a network?
Jackson: In terms of the scale of things, if the elements are in your control and you have some structure and management around them. You donât need to be overly concerned. We certainly donât keep anything in our systems their shouldnât be in there or doesnât need to be.
Going forward, things like big data and smart analytics layered on top would give us a massive benefit in how we could deliver our service, and more importantly, how we can manage the service.
Once you have your processes is in place, and can understand the necessity of those processes, you have the structure, and you have the kind of management platform that your sure is going to handle the data, then you can basically leverage things like big data, smart analytics, and data mining to enable you to offer a sophisticated level of support that perhaps your competitors canât.
Gardner: It's occurred to me that the data and the management of that ITSM data is central to any of these major challenges, whether itâs big data, cloud service brokering, management of assets for legal or jurisdiction compliance. ITSM has become much more prominent, and is in the position to solve many more problems.
I'd like to end our conversation with your thoughts along those lines. Charl, ITSM, is it more important than ever? How has it become central?
Joubert: Absolutely. With the advent of big data, we suddenly have the tools to start mining this information and using it to our benefit to give better service to our end-users.
Kuijper: ITSM is definitely core to any IT environment, because ITSM is the way to put the correct price tag behind a service. We have service charging and service costing. If you donât do that correctly, then you basically donât tell the truth to your customer or to your end user.
If you mix this with the IoT and the possibility to have anything with an IP address available on the network, then you enter into more philosophical thoughts. In a corporate environment, letâs assume you have a tag on your car keys that helps you to find them, and that is linked on the Internet. Those gizmos are happening today.
This brings some personal life information into your corporate environment. What does the corporate environment do about this? The brand of your car is on your car tag. They will know that you bought a brand new car. They will know all this information which is personal. So we have to think about ethics as well.
So drawing a line of what the corporate environment will take care and what is private will be essential in this IOT. When you have your mobile phone, is it personal, it is business? Drawing a line will be very important.
Gardner: But at least we will have the means to draw that line and then enforce the drawing of that line.
Kuijper: Right. Totally correct.
Gardner: Edward, the role of ITSM, bigger than ever or not so much?
Bigger than ever
Jackson: I think itâs bigger than ever. Itâs the front end of your business, and the back-end of your business its what the customers see. Itâs how you deliver your service, and if you havenât got it right, then you are not going to be able to deliver the service that a customer expects.
You might have the best products in the world, but if your ITSM systems and your ITSM team arenât doing what they're supposed to be doing then you know itâs not going to be any good, and the customers are going to say that.
Gardner: And lastly to Steria, and Patrick, the role of ITSM, bigger than ever? How do you view it?
Bailly: For me, the role of IT Service Management (ITSM) won't change. We did ITSM in the past and we still continue to have that in the future. In order to deliver any service, we need to have the detailed configuration of the service. We will have to run processes and not have the service change. What will change in the future is the diversity of service providers that we use.
As a service provider, we'll have to walk with a lot of other service providers. So the SLA will be more complex to manage for service management. It will be critical. For the customer, you will have to not only manage - but to govern - that service even if it is provided by lot of service providers.
Gardner: So the complexity goes up, and therefore the need to manage that complexity also needs to go up.
Bailly: What is also very important in license management in the cloud is that very often the return on investment (ROI) of the cloud adoption has ignored or minimized the impact of software cost. When you tell your customers, internal or external, that this xyz cloud offer will cost them that amount of money, you will most likely have to add up 20-30 percent because of the impact of the software cost afterward.