09.08.2013 by Martin Kuppinger
Some days ago I had a briefing with BMC Software on their new MyIT offering. MyIT is a self-service approach that enables end users to request services. It focuses on the user experience and tries to close the gap between the IT-centric view of services and the view business users have.
This aligns well with two areas of KuppingerCole research:
- One is the Future IT Paradigm by KuppingerCole, our definition of how we expect and recommend that IT organizations change in order to be able to deal with the changes in IT itself – the change from on-premise IT to hybrid models and an increasing portion of Cloud Computing and the overall influence of the Computing Troika (Cloud, Mobile, Social Computing).
- The other is what we call Assignment Management, i.e. an approach that allows managing not only access rights (as in Access Governance) but all types of assignments, including physical devices and flexible service requests for users.
We have various publications out on both of these topics. The Future IT Paradigm is covered extensively in the KuppingerCole report “Scenario: Understanding IT Service and Security Management”. The model described therein, now called the “Future IT Paradigm”, splits IT into three levels, with business service management on top, the management of services, information and security in the middle, and IT service production at the bottom. BMC MyIT fits well to the upper layer in this model. Another document worth reading when looking at that model is the KuppingerCole report “Scenario: The Future of IT Organizations”. That document describes how IT organizations have to adapt to the fundamental changes I have listed above.
The second area, Assignment Management, is covered in a whitepaper I wrote a while ago in which I outline the basic concept. It also is one of the investment areas for CIOs we have identified in our CIO GPS.
As mentioned, BMC MyIT aligns well with these concepts, by moving IT closer to the user. Instead of relying on IT-centric Service Catalogs and, in general, an IT-centric view, it is about translating this view into a user-centric perspective and making it accessible for everyday use by all users in a simple way.
BMC seems to push this strategic approach. Yesterday they announced BMC AppZone, based on an acquired technology, through the purchase of Partnerpedia. That allows companies to implement company app stores that again can be integrated with BMC MyIT. Such a move, i.e. allowing users to shop for apps when looking for IT services as a business user, is just so logical you wonder why it has been so long it reaching reality.
It will be interesting to see how BMC further executes on their strategy around AppZone and MyIT. I see a massive potential for both upselling to their existing customers (and leveraging existing investments) and approaching new customers. The biggest challenge as of now is that while the solution is designed to be ITSM agnostic, the standard integration of MyIT is currently limited to existing BMC backend infrastructure. Providing more standard integrations and simple, flexible interfaces for integration will be the critical success factor. If BMC solves that, this might enable them to be not only an IT Service Management, but also a Business Service Management leader.
06.10.2011 by Martin Kuppinger
Some two weeks ago I’ve been at the EMC EMEA Analyst Summit in France. In one of the session Chuck Hollis, VP Global Marketing CTO of EMC Corporation (what a title, isn’t it?) made a very good comment when of the presenters talked about the needs for
- agility and speed
- service level fulfillment and improvement
- cost optimization
of IT when providing services. He pointed out that IT looks at this typically in the order of cost – service level – agility, while business looks at agility – service level – cost. I really like that.
You might argue that business always is talking about IT being too expensive. Yes, they do. But there are reasons for that. On reason is that business still frequently doesn’t really has an answer on the “what’s in for me?” question. If business doesn’t see a value (and supporting the need for agility, e.g. enabling business to become better, is sort of the big theme behind the business value) it looks at costs. No surprise at all. However, if IT provides what business really wants, then the discussion is much less about cost.
With other words: IT has to understand what business really needs. Look at the business services they want, at the business value, and how IT supports agility and speed. Ensure the service levels. And then try to do it at optimized cost.
Honestly: That isn’t a groundbreaking insight. Many of us are talking about this since years. But do we act accordingly? Not always. Always having in mind that the order better should be agility – service level – cost than the other way round might help us to become better in Business/IT alignment.
28.10.2010 by Martin Kuppinger
When looking at all the discussions around the “cloud” I still miss some focus on the real essentials of a strategic (!) approach for using clouds. Clouds are, when looking at the right now common understanding of private, hybrid, and public clouds, in fact nothing else than IT environments which produce IT services. These services are provided at many different layers, like in the common (and pretty coarse grain) segmentation into SaaS, PaaS, and IaaS. But: It is about the (efficient, scalable,…) production of standardized, reusable services.
Cloud Computing is about using these services. It is about procurement, management, orchestration, accounting, and so on. With other words: Cloud Computing is mainly about service management, in a standardized way. In a perfect world, all services of all products (internal and external) would be managed consistently. There could be one consistent accounting, ending up with something like an ERP for IT. However, the service management aspect of Cloud Computing appears not to be in the centre of most discussions around Cloud Computing. Many discussions are just about tactical comparisons and views of parts of Cloud Computing. Many discussions are around security. But about service management, the really strategic thing? The part which will fundamentally change the way we are doing IT?
For sure there is a lot of discussion around service management today. ITIL is a good example. However, that covers just a part of IT. We have to look at it from the highest layer (business and its requirements, described as real business services like “managing contracts of type … in compliance with regulations and…”) down to granular web services used in SOA architectures. Services are sort of everywhere. And the future of IT is about having two layers:
- Service production (In the Clouds)
- Service consumption (Cloud Computing)
That requires fundamental changes in IT organizations. The core competency is to become best in class in mapping business requirements to the required services, e.g. in doing the “cloud computing” part right. For the “production” part of IT, it is about becoming best in class in providing efficient services. But typical IT organizations will be split into two parts: Consumption/Orchestration/Management and so on – and production in the private cloud environment. Enabling this shift is the key issue for any organization today.
You might now argue “what about security?”. Pretty easy: Security is a part of this. Every service has a functional part and a “governance” part: Where is the service allowed to run due to compliance? What about encryption of transport and data? Who is allowed to access the service (or parts of it)? And so on… With other words: When you’ve solved the service management piece, you’ve automatically solved at least a large portion of the security piece. You might argue that there are some infrastructural aspects not covered by this (how to enforce what you need for service governance). But that could be understood as well as part of your service environment.
A lot of aspects around Clouds, Cloud Computing, Cloud and Services, Cloud Security and so on will be discussed at EIC 2011/Cloud 2011 in Munich, May 10th to 13th.
07.01.2009 by Martin Kuppinger
The topic of IT-Business Alignment isn’t really new. It is discussed for years right now. And several software vendors, mainly in the area of “Business Service Management” claim to solve the threats in that area. But, honestly: I believe that we are, in most cases, far from a real IT-Business Alignment. I have blogged several times around this, topic (here, here, here, and here).
But let’s start with my definition of what IT-Business Alignment is: IT does what the business requires – not more, not less. That includes aspects like the ability to efficiently respond on new business requests, the ability to report on and enforce business controls (including all the GRC requirements), and the efficiency of IT itself in the sense of a streamlined, lean IT organization.
There are, from my view, two main steps to go:
- Reorganize IT
- Implement a consistent control layer between Business and IT
From my perspective, the lessons we’ve learned from outsourcing and outtasking are a good basis for IT reorganization. Strategy has to be in-house – that is the core part of the IT department. Other parts might be done inhouse as well, but organized in own “centers” with clearly defined SLAs. An IT organization which consists of a strategy/architecture department for guidelines, a GRC department which focuses on all relevant controls, and some decentralized IT knowledge in business organizations (define the requirements for applications and other IT services) might be the lean approach. That requires the competency for guidelines and strategies, including a strong influence on sourcing decisions. But IT itself would be pretty small. The “doing”, e.g. running systems can be done inhouse – there is no need to outsource this. But in that case, these are seperate departments which act, like described above, like external entities (or like the internal facility management or corporate security or any of these internal service providers).
The layer between IT and Business is, from my perspective, an GRC layer which goes well beyond Identity and Access Management related GRC approaches and well beyond BSM/ITSM, providing a consistent framework for business controls for IT.
For sure we can’t change an organization immediately. There are several prerequisites:
- The CIO role has to change, clearly focusing on that IT-Business Alignment, with the responsibility for GRC as main task.
- You will need architects and strategists for the central department.
- You will need persons with a good IT understanding in the business departments.
- You will need managers which can really manage the IT “centers” as business managers.
- GRC tools have to go beyond just IAM or BSM support, moving towards real platforms.
Thus it is a long way to go. But I strongly believe that we have to go that path, for more efficient organizations and to reach the target of IT-Business alignment.
06.08.2008 by Martin Kuppinger
My colleague Felix Gaehtgens recently has blogged about his discussion with Tom Bishop, CTO at BMC, about the BMC strategy for IAM. His findings are very consistent with the blog of Tom Bishop which was published some weeks later and appears to be some indirect response to Felix.
It is obvious that many BMC customers are insecure about BMC’s strategy for IAM. There have been several changes, as well in BMC’s organization as in the way BMC is adressing this market. BMC has moved the development of the IAM functionality to India, where they are developing as well other major parts of their products. Some people from the IAM team – as well from the product as the sales/marketing side – in North America and EMEA have left BMC, including Jeff Bohren, one of the guys behind SPML. Even while BMC states that there are more people involved in IAM activities than before, there are some still some open questions left. Read the rest of this entry »
13.06.2008 by Martin Kuppinger
These days I’ve read some entries in the Beteo blog, a blog provided by a swiss software and consulting company which is somewhere in between SOA and BSM – or BTO, the term they tend to use due to some affinity to HP. The interesting thing is that Beteo not only claims but proves that Service Management principles and tools which are commonly used more in the IT Infrastructure Management can be applied to the field of Software Change Management as well. Beteo, a company I’m in contact with since they’ve been founded (and I have been in contact even with their predecessor), uses this concept with success especially in SAP environments.
That leads to the obvious conclusion: There should be a much more common service understanding. There should be one BSM approach on the upper layer. BSM, as real business service management, should really address the business aspects like
- Defining services from a business point of view – like “manage a contract” including storage, access rights,…
- Mapping these business services to IT services
- Manage these services from a business perspective, e.g. accounting, controlling (do we need these services really?),…
The next layer are IT services, e.g. the more technical services IT provides to deliver a business service. These services can be managed with ITIL principles and – at least to some degree – with today’s so called BSM tools.
Whether the mapping of IT services to the IT implementations of business processes is part of the IT service layer or the business service layer is a matter of definition. I tend to place the description of business process at the business service layer and the implementation of business processes in IT – and thus, the relationship of these processes with IT services – at the IT services layer.
Anyhow, there is a layer below for the different types of IT services. Today, BSM focuses mainly on IT infrastructure services and provides mainly an ITISM (IT Infrastructure Service Management) – and not an ITSM (IT Service Management) or a real BSM (Business Service Management).
Besides the IT Infrastructure Services we have IT Application Services. These services tend to be more granular, down to web services and so on.
But regardless of the service you talk about: Each service can be managed with the same principles – and ITIL (and ISO 20000) is a good point to start if you focus on the principles for managing services. You can define, implement, run, optimize any type of service. Whether you look on high level business services or on low level application services, the way you should handle services is, from a conceptual view, the same. The business aspects like service accounting and controlling can be applied as well on every level.
Given that, a unified view on services and their management would bring a lot of benefits to IT – the reuse of management software, improvements in that software when the experiences of infrastructure and software change management are combined and influence the tools, the capability for an overall auditing and accounting of services, a consistent authorization management for services, their management and their use.
But that would mean that the siloes at the vendor side (where software management is in most cases another division than infrastructure management) disappear as well as the siloes in today’s IT organizations are opened for more cooperation.
29.02.2008 by Martin Kuppinger
In a, may be, simplistic view on IT there are three important pillars on the IT infrastructure level. Using the – sometimes improper – buzzwords, these are
- Identity (and Access) Management (IAM)
- SOA – in fact more the technologies for business processes and flexible applications, e.g. including BPM (Business Process Management)
- BSM (Business Service Management), or ITSM (IT Service Management), or BTO (Business Technology Optimization), or however you will name what has been systems management and now, with a new layer on top, is something “entirely new”. I would say it claims to be something new but the layer on top is far from being mature.
You might claim that the Enterprise Systems are missing in that list. Yes, they are missing. No, they are in, because SOA or BPM are the way to use these systems in the future – have a look on the strategies of SAP with NetWeaver or Oracle with Fusion.
Read the rest of this entry »
26.02.2008 by Martin Kuppinger
In the past I have several times published thoughts on the ERP for IT, and IT cost management (here and here…). Today I had a very interesting discussion with Econet, a german vendor which adresses IAM more from the process perspective and the ITSM (IT Service Management) area. During this discussion we came across the need for IT cost management and accounting – and to an interesting conclusion:
- There is one group which isn’t really interested in the real IT costs: The customer of IT. The customer is interested in a fair, reliable, stable assignment of IT costs he can budget. But he isn’t interested in exact, always changing numbers.
- There is another group which should be interested but in most cases isn’t: The IT management itself. They need to know the exact costs, assigned to services and the consumers of the services for planning, for the mentioned fair assignment, for improvement for IT. But most of the CIOs don’t really work on implementing a granular, service- and identity-based IT cost management, neither they have it in place.
The obvious question is: Why don’t they act? The main reasons are
- complexity of the topic
- lack of tools
- lack of economical knowledge in IT management – most IT managers aren’t business but IT people and not all really understand controlling, accounting, and so on
But it inevitable to work on a service- and identity-based, granular IT accounting and cost management and a controlling because it is the basis for IT as a real business unit.
Today’s problem is that the ones who need exact IT costs are often not ready for it. And the ones who were ready don’t want to have exact but stable, fair cost assignments. But I’m sure that this will change within the next time.
12.12.2007 by Martin Kuppinger
One of the IT market segments I’m observing for a quite long time ist the System lifecycle management market, including software distribution, OS installation, inventory, patch management and some other technologies. There are few segments which are that crowded. If I count the vendors/brands which compete in the central European region I end up with something aroung 20 at least. Given this number of competitors it is obvious that not all of them will survive. There will be the big ones to survive – and there will be the smart ones.
Read the rest of this entry »
07.12.2007 by Martin Kuppinger
The topic I discuss probably most often as well with vendors and system integrators as with end users is how to sell IAM. The problem behind this is that IAM is mainly seen as an infrastructure element (which IAM is). The potential business value is often quite unclear, as well as many people just don’t know that they need IAM even because they are using different terms. The CRM don’t see their system in the context of IAM even while it’s the biggest identity store in most companies – just an example.
One thing I’m intensively working on is a business-related argumentation which starts with the business problem and ends with IAM – and not the other way round, like it is done in most cases. The other aspect which came into my mind is to sharpen the relationship between IAM and the CIO’s agenda. The first step in this is to have a look on the CIO agenda – what shall be on that agenda (which are not necessarily the same issues that are on the agenda today).
Read the rest of this entry »