1. IT Management
What a misnomer that is! Strictly speaking, there are two incarnations to this definition. One implies the management of a collection of systems, infrastructure, and information that resides on them. Another implies the management of information technologies as a business function. Neither of which are being managed very well, or, for that matter, at all, in some cases. But it’s hardly management if only on the basis that it’s pretty darn difficult to manage what you don’t know you have.
Even worse the goalposts are on the move: even if you knew what you had today… oops, yesterday – you see how fast things change - how do you know what you’ll have tomorrow… what to keep or what to get rid of? Has ITIL helped at all, or has it simply complicated things even more? Whatever else is true, there is a bunch of CIOs and IT Managers who could do with some serious help from some people who know a thing or two about IT infrastructure management!
2. Storage Management
Even if you are managing your storage efficiently, you are still only managing the storage that you’re storing – what about all the other stuff? With the proliferation of external storage devices (I have a very convenient portable 350GB hard drive that needs no external power supply that I can dump everything, pictures, documents, music) although unstructured data is growing at alarming rates of up to 100% year on year, not all of it is ending up on file servers. So where is it being stored? Laptops and those evil external hard drives – so, if the IT infrastructure is not storing and protecting most organisations’ intellectual property? But that’s a disaster! Yup!
But unfortunately, not only are most IT organisations starting to lose control of unstructured and semi structure data to the bowel that is the external device, but the stuff they do collect is managed with alarming incompetence. With server utilisation rates as low as 10% and storage utilisation rates as high as 35% in most organisations there’s not much management going on there – they could do with a visit from some nice heterogeneous storage guys!
3. IT Security Management
IT Security Management is a broad field of management related to Information Security. It entails the identification of an organisation's information assets and the development, documentation and implementation of security technologies, policies, standards, procedures and guidelines.
“Well we can do that, can’t we? Err, yes, sort of, we’ve lots of security stuff securing lots of something, which protects our IT thingy and information, IP stuff and the like. We can stop the bad chaps from unauthorised access, protect the confidentiality, integrity and availability of information (got that bit out of a book), but we don’t exactly manage it so much as put it there and hope hopefully that the mass of confidential information about our employees, customers, partners, suppliers, products, research, and financial status is safe.
But, no, we have no operations centre to manage it, no way to report on it, no overarching visibility of our organisation’s security posture and no connection between physical and logical security.”
Sounds like you could do with a visit from some people who know how to manage your IT security to ensure you protect your business, surely? 4. Systems/Network/Patch Management
Network management is that process where IT ensures the network (and the services that the network provides) is up and running as smoothly as possible, spotting problems before users are affected. This also means that IT needs to be able to keep track of resources attached to the network and how they are assigned in order to keep the network under control.
At the same time repairs and upgrades are performed (before inevitable failure), patches are routed, corrective processes are carried out , such as ensuring correct device configuration parameters, just to make the network run effectively. Still, we know that lots of stuff has been banging around the network – just no idea where it was sent to – no idea what patch is supposed to go where, suppose our Patch Management systems will take care of that?
Patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code/configuration changes) to an administered computer system. Patch management tasks include: maintaining current knowledge of available patches, deciding what patches are appropriate for particular systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures, such as specific configurations required (Configuration Management).
But do IT organisations proactively manage patches and software updates by automating the collection, analysis, and delivery of patches across their enterprise? Do they provide the analysis, collection, and distribution of OS and application updates in a timely manner? What is the average patch requirement to installation?
Do they have a central repository for various operating systems, hardware and software vendors’ patches and an installation inventory and specific software update distribution process – I think not! I think IT could really do with talking with somebody who truly understands Server Management solutions!
5. Data Management
Information can be literally priceless. So, what we do is keep 500 copies of everything the world has ever created – just in case … NO! Admittedly, unlike physical assets and infrastructure, digital data cannot simply be replaced when it is lost or destroyed, but if you don’t manage your data then it’ll end up managing you, rather than the other way round.
To manage data, certain business rules, actually polices and constraints must be observed. Business value is derived by having a consistent software layer used as an enterprise standard. IT Managers need advanced data management tools to accurately categorise the content according to established policies and manage it.
Standardising the underlying data management foundation means that IT can establish policies so that data can flow across tiers, can be viewed and managed with tools and processes that are not only standard, but agnostic against the plethora of hardware that saturates the infrastructure. Data is often the most costly data centre component, yet often has the fewest tools and resources to track usage and utilisation. IT organisations should use SRM technologies to effectively manage their data. I simply don’t understand how any organisation can manage their storage or data without these tools. How can an enterprise manage its storage effectively if IT doesn’t know what data is being stored on them?
It sounds to me like IT organisations need to be able to achieve a responsive and adaptive data management practice, in order to improve decision-making, reduce costs and align goals and objectives with the business by talking with some of those nice chaps from Symantec.
6. Application Management
How many applications do you run? … Why don’t you know? It seems that IT organisations are adding applications to the services they offer the business by the bucket load. 400 two years ago have grown into 800 today. So, who uses them? … Why don’t you know?
Knowledge of who is using what is becoming increasingly difficult to ascertain, what the dependencies within the server environment – let alone the storage dependencies - is usually thrown, unceremoniously at the most junior member of the IT department, who then spends their entire life trying to map services and applications to users, departments and the storage environment.
With shared-data applications and storage, the responsibility to ensure availability to current and future applications requires a common technique or approach to assist the documentation process. As critical components of every business application, both security and storage need the same careful thoughtful consideration as networks and systems – creating the concept of an integrated utility architecture. Which are critical to the business? … Why don’t you know?
The IT architecture is more than simply the topology of how to connect clients to applications and databases, to servers, to storage and how to protect it against malicious threat; it must include the people, processes, hardware and software that support data in the organisation. I reckon IT could do with some Configuration Management software to help them understand what applications are being used where and by whom as well as mapping dependencies in the Data Centre.
7. Licence Management
Does anyone actually know what they have licences for? What they are running? … And what the difference is between the two? All companies should be aware of the importance of maintaining correct licensing for software.
It is also important to make sure that IT departments are not spending more than they have to in order to maintain the correct licences. Or even more importantly, that they are actually paying for the licences they are using. This process is becoming ever more complex as IT vendors constantly introduce new licence programmes. So… there’s stuff you don’t know about… and there’s stuff no-one is using… and there’s stuff people are using and shouldn’t be…
How are organisations managing their licences? How are they reviewing, analysing and recording all of their software licences and contracts? How are they identifying inconsistencies in their licensing and rectifying any errors in their contracts? Oh… and by the way…even if they are …it’ll all be different tomorrow… Hmm, same problem as above … understand what applications you’ve got first then you have a fighting chance of making sure you’ve got the right level of licences in your IT infrastructure.
8. Business Process Management
Business Process Management (BPM) is the term relating to the intersection between management and information technology, encompassing methods, techniques and tools to design, enact, control, and analyse operational business processes involving humans, organisations, applications, documents and other sources of business critical information.
Yet, how can IT manage the processes required by the business when they have no view of those requirements and even if they did, wouldn’t understand them? What is the cost… end-to-end of the business process? How can you manage what you have no visibility of? If business process management provides governance of a business's process environment to improve agility and operational performance and yet IT has no understanding of what the goals of BPM is, then how are they expected to manage it?
To make it really interesting IT vendors are all involved in jumping on the BPM bandwagon and all have their own particular proprietary view of BPM. I would have thought that the automation and standardisation of processes in the data centre would take an organisation a long way down the route of process management. If you can’t get your own IT house in order then it’ll be a little tricky to manage someone else’s!
9. Asset Management
How much stuff is listed, but has been junked / thrown out, switched off… humming along with no users… Piles of it I should think – not very green most likely. Not something that is very easy to do. How much stuff do you own that’s actually listed somewhere as an asset? At best IT asset management joins financial, contractual and inventory functions to support life cycle management and strategic decision making for the IT environment.
Assets should include all elements of software and hardware that are found in the business environment and is the primary point of accountability for the life-cycle management of information technology assets throughout the organization. I bet most organisations haven’t a clue what they’ve got in their IT environment.
How many organisations develop, maintain policies, standards, processes, systems and measurements that enable the organisation to manage the IT Asset Portfolio with respect to risk, cost, control, IT Governance, compliance and business performance objectives as established by the business? Not many I would guess.
Asset management even has its own “institute”: The Institute of Asset Management (IAM) is an independent organisation for IT professionals dedicated to furthering their knowledge and understanding of Asset Management focusing on best practice and developing decision support tools and techniques. Hmm, wouldn’t it be an idea to get a company in that provides an accurate and thorough inventory of IT assets with heterogeneous platform support including Windows, UNIX, Linux, NetWare, Macintosh systems, and handheld and network devices? Just a thought!
10. Digital Rights Management
To understand digital rights you need to remember that books, plays, pictures, films and so on (including this paper) are subject to copyright or intellectual property rights. Digital rights management technologies attempt to control use of digital media by preventing access, copying or conversion by end users to other formats. Long before the arrival of digital or even electronic media, copyright holders, content producers, or other financially or artistically interested parties had business and legal objections to copying technologies.
The danger is that you have no rights – because people will use your content regardless of how you feel about it. The only mechanism that computer systems have for enforcing controls when the computer operating system is not in control (which is almost all the time with the Internet) is encryption.
If you don’t encrypt (make secret) the thing you are trying to protect then your (lack of) protection mechanism will soon be detected and either all the works you were trying to protect will suddenly become freely available on the web (as happens more often than you might think) or they will be shared amongst private groups of users freely.
It is also a pretty good idea to index and classify your data. If you are taking a complete copy of every document created in the unstructured world then you have more than a fighting chance of proving which bits of IP are yours.
Digital Rights Management offers industry information providers, which include the financial industries, analysts, consultants, programmers (applications, games) database owners and so on, as well as the record and film industries, with significant potential, not to mention any organisation who has intellectual property they need to protect. Do any of us know what is leaving the company?