CA Community






This Blog
Syndication

May 2011 - Posts

"Go West young man" - Portland Oregon, June 9th and a effective use of service management

Published: May 31 2011, 09:34 AM | no comments
by Robert Stroud

Well after returning from Paris and the ISO meetings it is time to get back to the realities of service management implementations and visit the beautiful city of Portland, Oregon and actually get out of the airport this time.

On June 9, 2011 I will be joining the itSMF Portland LIG to speak on the topic of "Efficient, Effective, and Just enough Service Management to deliver Business Value." The topic is a result of my recent findings from discussions with practitioners that deliver more value, in less time and at a lower cost. The session will ensure that there will be loads of time for group discussion and of course we can play "stump the evangelist" which the prize will be buying me dinner!

The event is being held at Mentor Graphics Wilsonville Campus between 2pm and 4pm and you can click here to register.

Hope to see you there!

Share this post:  
Tags: , , ,
Leave a comment

 

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

Standards, don't just grow, remove redundant process

Published: May 27 2011, 09:25 AM | no comments
by Robert Stroud

As I write this, there are more than 300 people at the International Standards Organization (ISO) Plenary Meeting of SC/7 split in Paris.  We are split into many rooms; we speak many languages all with the same outcome in mind--the development of standards that will support the delivery of effective, efficient and quality systems that support the business. In today's world, with Twitter, Facebook, Instant Messaging, SharePoint, wikis, and other new media technologies, I believe we make more progress in 1 week than we get in 6 months of remote standards development. That said, the value gained from the interaction is what I personally value as this allows each of us to harmonize with the other groups and more importantly, learn from the collective wisdom of the group.

When I say the word standards many cringe.  They are cringing because they are worried we are going to add non-value adding controls. Unfortunately from time to time this may be true, but in this innovative and agile world I have been on a campaign to stress to the attendees the importance in "just enough" standards to do the job. In one of the meetings this week I gave the example of flying over to Paris for the meeting.  My boarding pass was subjected to multiple checks because of a redundant old process from years ago due to a person getting on the wrong flight before electronic boarding pass verification, single path to the plane and so on.  As I boarded the plane I was asked for my boarding pass by the flight attendant. As I fumbled through my pockets I asked why and the reply was something like "to ensure you are on the correct flight, sir." I politely asked why if the attendant who had given me my pass was standing literally 100 yards away and there was nowhere else to go from the ticket validation machine to the plane.

This reminds me of many organizations I visit, they have multiple redundant checks in place that serve no purpose and should be removed as we streamline the process.

So let me challenge each of you standards people out there - when you are updating your standards, remove the redundant parts components if they exist and this has been a topic in the circles I have mingled with this week.

So back to the plane boarding. In total frustration at the redundant process of the multiple boarding pass checks, I boarded, took my seat, closed my eyes and drifted off to sleep and missed the safety demonstration. I am sure I broke another rule there as well!

Share this post:  
Tags: , , , ,
Leave a comment

 

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

Standards are critical to the effective, efficient and meaningful use of technology

Published: May 26 2011, 11:42 AM | no comments
by Robert Stroud

As mentioned on Monday, this week I am attending the Plenary Meeting of SC/7, where CA Technologies is the major sponsor. CA Technologies sponsored this event as we believe standards are important to the delivery of our own IT as well as that of our customers. CA Technologies investment in standards supports our customers in their acceptance and adoption of cloud technologies by delivering them secure, interoperable and transparent path. These comments were featured in the opening session which featured a keynote from my French colleague, Yves La Roux, who has been involved in standards for many years.

Yves has allowed me to share his keynote with you below. Well done Yves and thanks CA Technologies for sponsoring the event.

Yves Le Roux Keynote
ISO/IEC/JTC1/SC7 Plenary Meeting
Paris May 23rd 2011

On behalf of CA Technologies, I want to welcome you in Paris for this ISO/IEC/JTC1/SC7 Plenary meeting.

Personally, to be on this stage reminds me the time where I was a Vice-Chairman of the ISO/ TC 97. I was not in charge of the ISO/TC97/SC7 which was one of your ancestors but Wada-San was. I don't know if some of you were SC 7 members at that time. When it was? From 1984 to 1987. The first meeting of JTC1/SC7 took place in Paris in 1987 and we have seen how much work this subcommittee has accomplished during these 24 years.The main challenge with Information Technology is the speed of evolution with sometimes the apparition of disruptive technologies which may turn upside down our practices.

Ten years ago, remote access was still in its infancy. Most consumers and businesses relied on 56k modems, and faster lines were cost-prohibitive. Now that cheaper alternatives, such as DSL and cable, are readily available to all budgets, remote desktops run at the same speeds or even faster than locally-run systems.

Cloud computing is seen by many as a new wave of information technology for individuals, companies and governments. The National Institute of Standards and Technology (NIST) defines cloud computing as "a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction."

This created new roles inside our IT environment (Cloud Service Consumer, Cloud Service Provider, Cloud Carrier, Cloud Broker and Cloud Auditor) According to the NIST definition, this Cloud computing is proposed in three well-known and frequently-used service models (Software as a service, platform as a service and Infrastructure as a service) and four deployment models (Public, Private, Community and Hybrid). In an on-premises model, the organization is responsible for all aspects of IT-people, processes, and technology. The organization buys the hardware, licenses the software, secures the datacenters, defines processes and procedures, and hires the people who run everything.

By contrast, particularly in non-private clouds, many of these functions may be handled by the Cloud Service Provider, whose system administrators might be its own employees or even third parties it has hired.

Many elements of cloud services represent wholesale change. For example, to make cloud services capable of expanding flexibly, hardware is often shared among customers, and the -security boundary between them may be virtual (through the use of virtualized compartments) rather than physical (through the use of separate hardware). In addition, on the- fly allocation of extra resources might mean that the geographic location of data depends on scalability, availability, or other factors rather than on security and jurisdictional considerations, especially when a Cloud Service Provider has datacenters in multiple jurisdictions. This can create uncertainty about which laws apply to the handling of the data.

But, today's data governance and compliance issues faced by companies around the world are the same whether information is in a cloud environment or on premise.

We must never forget that a system consists of five key components organized to achieve a specified objective (Infrastructure, Software, People, Procedures and Data). The massive managerial and technical interdependencies between cloud services providers and clients create many difficulties and costs.

Last March, Neelie Kroes, EU commissioner with responsibility for the Digital Agenda, stated:

"International standardization efforts will also have a huge impact on cloud computing. Open specifications are a key in creating competitive and flourishing markets that deliver what customers need."

Similarly, in April, during the last NIST Cloud computing forum, the U.S. Chief Information Officer Vivek Kundra called upon NIST to help accelerate the federal government's adoption of secure cloud computing practices by leading efforts to develop standards and guidelines in collaboration with standards bodies, the private sector, other government agencies and other stakeholders.

But, to-day, there is much less standardization across Cloud Service Providers, which can create problems if an organization wants to use more than one cloud. Providers often specialize in particular business applications, so organizations may well want to link information, processes or interfaces between clouds or between internal and external services, for example to provide single-sign-on.

They may also wish to change providers but find it hard or expensive to transfer and convert data, programs or applications from one provider's format to another.

For CA Technologies, standards that support interoperability, portability, and security, developed with input from stakeholders and in an open and transparent process, can help the movement to the cloud.

But currently, a plethora of organizations are working to standardize cloud computing without coordination

In May 2010, the ITU Telecommunication Standardization Bureau finds some 20 standards bodies, consortia and other interest groups working on cloud computing standards. And we see more coming

For CA Technologies, we need to have a clear vision of the standardization effort and to understand how these standards are complementary and can be used in conjunction for business benefit.

Any non-trivial application or business service is a composite application. Composite applications assemble functional building blocks into the solution using technology like SOA, workflow management and business processes, and portals or mashups. Online commerce, self-service banking, and internal HR systems are all examples of composite applications.

Today, almost all resources in a composite application are "behind the firewall" and "in the datacenter". This approach to deploying applications is analogous to vertically integrated manufacturing and logistics. Retail and manufacturing has evolved from vertically integrated manufacturing to a distributed, multi-company supply chain. The emergence of cloud services will create a similar transformation in business applications. The composite application becomes a supply chain of cloud services and infrastructure.

Enterprise IT will evolve from a primarily on-premise "factory" model to a cloud service supply chain.

It is crystal-clear that the cloud service supply chain cannot thrive without an effective Cloud Computing governance framework standard that promotes and ensures coordination between the various actors and JTC1/SC7 working in close cooperation with others in ISO is well placed to work on this potential standard.

Another important point for CA technologies is the impact of the Cloud computing wave upon some of the SC7 standards that we have currently implemented or used as a basis for our products; particularly, those related to Information Technology Service Management (e.g.ISO 20000), Information Systems Governance Frameworks and Systems (e.g. ISO 38500) and Process Implementation and Assessment (e.g. ISO 15504).

We are quite sure that this subcommittee has noticed this point and will work in order to evolve those SC7 impacted standards to encompass the Cloud Computing phenomena.

Concluding on this remark, on behalf of CA Technologies, I wish everyone a very fruitful meeting.

Share this post:  
Tags: , , , , , , , , , , , , , ,
Leave a comment

 

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

Up, up and away the cloud computing way!

Published: May 24 2011, 10:00 AM | no comments
by Robert Stroud

Cartoon by By David Fletcher Of CloudTweaks.comI recently had a conversation with a Fortune 100 company executive and he mentioned to me that they are embarking on a cloud journey for agility, scalability and the ability to rapidly innovate. The business has embraced the development of new applications leveraging a platform as a service capability. The intent was to be able to rapidly execute on business demand and transition the change to the computing environment. Initial thinking was that this would simplify all aspects of the computing environment, but it wasn't long before they realized that a different set of challenges faced the organization. I have been told so many times that Cloud Computing no longer requires service management yet, as in the case of this company, it's clear that there are fundamental challenges of ensuring service delivery whether the solution exists on-premise, in the cloud or even as a hybrid. In short, the role of IT is to ensure the delivery of service, delighting customers by exceeding their expectations at an appropriate price.

In the cloud scenario, which service desk should the user contact for support--the in-house service desk or the cloud suppliers service desk? Good practice tells us that there should be a single point of contact, no matter where the actual supplier component is.

Organizations that have implemented effective cloud models have done so in a manner that allows the consumer of the service to consume the service seamlessly. For instance, if you initially deliver HR services internally and decide to move to a cloud provider the users of the service should see no difference prior to and after the service delivery transition. As there is no impact on the service consumer, we, IT, take care of all the details in the background--there are no training requirements, no impact on the user, which is exactly the way it should be.  The same is true if the user calls the service desk for support. The service desk takes the call, logs the details and then works with the provider to ensure seamless support and focusing on service resumption.

This requires a different focus for the service desk.  The service desk must now focus on knowing how the services are constructed, who is involved in the supply chain, what the underpinning contracts are, what the escalation processes are and what the business priorities are.

In order to effectively implement cloud computing with effective service operations, the following considerations should be given as a starting point.

  • Clearly established single point of contact for the consumers of the cloud computing services
  • Relationships and responsibilities between the service desk and cloud support documented, contracted, and understood
  • Tools must be in place and roles defined for the management of incidents
  • Lifecycle ownership identified, established and contracted
  • Processes in place to allocate the responsibility for the escalation and resolution of major service outages including the formation of a joint workforce if required
  • Standard request fulfillments process agreed, documented and automated (including responsibilities and accountabilities).
  • Automated authentication processes implemented with automated addition and removal of users
  • Security penetration testing undertaken on a regular basis
  • Automated management processes in place to recognize, register, and initiate appropriate actions when required
  • Effective Supplier management in place including regular reviews

This list is not exhaustive but gives you a good reference point to start with as you commence your cloud journey. It's up, up and away the cloud computing way!

Cartoon by By David Fletcher Of CloudTweaks.com

Share this post:  
Tags: , , , , , , ,
Leave a comment

 

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

What does Paris France have in common with ISO standards?

Published: May 23 2011, 09:35 AM | no comments
by Robert Stroud

This week is the annual meeting of global industry leaders to work on the SC/7 software standards to be held in Paris, France. Standards are extremely important to CA Technologies and as such, we are sponsoring the event. Yves Le Roux from the CA Technologies France office will be delivering a keynote address to representatives from over 40 countries. Amongst the many standards, the assembled group will be working on the ISO/IEC 20000 Service Management series, ISO/IEC 19770 software series and of course a series of governance standards in the recently created WG40.

We will discuss many things at the meetings but the report that is attracting my interest is the study report tabled by the ISO/IEC JTC/1SC& WG1A (WG40) on the possibility of Additional Standards in the Area of Cloud Computing.

Cloud computing is indeed a topic this is gaining traction globally, reinforced, in my mind, by the changing industry dynamics including almost ubiquitous connectivity that exists today combined with the expectation of computing capability anywhere, anytime. Combine that with rapid rate of change we expect. Of course the issue of data access and protection has been discussed globally as a potential issue but many organizations are making risk based decisions to leverage the cloud.

Standards that I believe may be under consideration should include a standard vocabulary and standards for service management in the cloud. Of course, there will be interest in a governance framework and standard and many other initiatives.

I will keep you apprised of events at the meetings through the blog and follow me on twitter (@robertestroud).

Share this post:  
Tags: , , , , , , , , , ,
Leave a comment

 

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

More Posts Next page »