by Sumit Kumar Jha
Cloud Computing is the buzzword in IT industry today. Whether it be a service provider or a customer organization, everyone is looking forward to embrace cloud computing and benefit from it. But a common concern is about its potential 'impact' on their ITIL processes and thus on the implemented ITSM tools.
This paper answers these concern areas. It covers some of the key ITIL processes from the Cloud computing perspective. Also, the view point presented is in terms of the customer and service provider. It covers the details that a customer organization should be aware of before opting for a cloud service provider. At the same time it presents the key process areas that a service provider should either address and/or streamline to get ready for the marketplace and take their offerings to their potential customers.
The market space is abuzz with the word "Cloud". Every service provider is trying to create a space for themselves in the cloud services market which is pegged to be over 12.6 Billion USD by 2014 (as forecasted by IDC). Also, globally organizations across the domain are trying to explore how they can benefit from switching to cloud computing.
In this race one question that is bothering many service providers or the customers is that how their ITIL® processes would be impacted? Some are afraid that they might have to redefine the entire set of ITIL processes for their organization.
At this point it is important to understand that there would be no impact if the ITIL processes for your organization are defined as per the best & good practices of the ITIL framework, besides being well integrated with each other. With cloud computing, the only difference that is going to be in IT Service Management (ITSM) world would be that the ITIL processes could no longer be ignored.
I would like to mention that whatever concerns that exist are valid only in case of Public cloud or Private Cloud hosted with the third party. Since services in on-premise private cloud are hosted internally, there would not be any significant difference in the way of working.
In my experience, today in many organizations ITIL processes exist in silos. Key processes like Service Asset and Configuration Management (SACM), Financial Management, etc. are ignored. SACM will become utmost important along with the IT security and demand management processes. Since charging based on consumption is one of the key features of Cloud Computing, Financial Management can no longer be ignored too.
In many process definitions, an option to bypass the process exists, i.e. the process adherence and its compliance with best practices are significantly low. Organizations having similar situation will be impacted, as with cloud computing ITIL processes can no longer be neglected.
I would like to highlight that there are three perspectives that will follow when an organization takes or provides cloud services. These perspectives would be:
- Customer perspective: Prime concern that customers would have when they want to opt for cloud services
- Internal perspective of the cloud service provider: Key processes that the service provider has to streamline to ensure quality delivery of services
- External perspective of the cloud service provider: Key areas that should be addresses before taking the cloud services to the customers
One of the key concerns for any organization that wants to move their services to cloud is "how secure my data and services would be?" This makes Information Security Management as one of the key concern areas. It has to be ensured that the IT security is integrated with the business security. Thus, an organization seeking cloud services has to ensure that their overall corporate and IT security governance framework is not compromised upon while moving their IT services to a cloud environment. Initially moving the services, which has a high security risk, to cloud should be avoided. These services should only be moved when all the concerned security risks are adequately addressed.
Similarly, IT Service Continuity Management process and policy offered by the service provider has to be evaluated and analyzed to understand its relevance to organizational service continuity and business continuity policy. If need be then the offered service continuity process, policy and plan should be negotiated upon to address the organizations needs and concerns.
For Incident Management, the way the incidents would be handled has to be clearly defined. In a cloud environment the incidents could occur because of:
Error in application/service: Incidents that occur because of error in the services or applications hosted by the organization. These incidents have to be resolved by the customers themselves. But a proper monitoring and recording of such events/errors should be done. The event management tool will have to be integrated with the customers ITSM tool.
Error in the cloud infrastructure: The responsibility to resolve such incidents is that of service provider. Customer should ensure that the defined SLA is inline with their organizational requirements, besides clearly articulating the interaction/resolution mechanism and responsibilities of customer and service provider teams. Also, this is again a case where IT Service Continuity Management is crucial.
Every IT service or component has to go through a change at some point of time during its life cycle. Change to the hosted services or applications can be controlled by the customer organization following their organizational change management policy. But the concern starts when customer is using the public cloud, and even more so when the cloud infrastructure itself needs a change. These changes, specifically the ones related to cloud infrastructure, are controlled by the service provider and would be based on their change policy. For example an upgrade to a web server may result in incompatibility of the same with the customer's application. Thus, for a customer it is very important to analyse the impact of such changes on their services, the associated risks and mitigation options. This makes Change Management a key process.
As in cloud environment customer could only be concerned about their hosted services or applications and not the cloud infrastructure, any release and deployment would be done remotely. In case of private cloud the release policy would not be drastically different to the one in traditional ITSM environment. But in case of Public cloud the Release & Deployment Management process, policy and plan could be significantly influenced by the service provider.
The customer would have to ensure that their interests are taken care of. They also have to ensure that the criteria for emergency releases are agreed upon with the service provider.
Service Provider - External Perspective
With Cloud computing, Service Level Management (SLM) will become even more important. Customers are concerned with the service levels that would be or is being delivered to them. They are not concerned with how the service provider delivers (or would deliver) the same. In cloud environment, a well defined Service Level Agreement (SLA) will gain prime importance. Service provider will have to have a very effective Operational Level Agreements (OLAs) and Underpinning Contracts (UCs) so as to be able to commit to and meet the customer's requirements. Hence there has to be a very effective coordination between SLM and Supplier Management. besides an up to date Service Catalogue.
Customers would be interested in knowing how the service provider can meet their service requirements. Customers would evaluate the service levels that the service provider has been delivering. So one of the first steps towards decision on selecting a service provider would be the detailed analysis and evaluation of the service levels that they guarantee to provide.
Thus, a service provider would need to have in place a matured Service Level Management process along with an experienced Service Level Manager. This would be very important to gain customer's confidence.
Service Catalogue Management is a key process as the service offerings and its relevant details, which is important for SLM as well as for the customer, is part of a service catalogue. We can say that the business of a cloud service provider would depend on their service catalogue.
Service Portfolio Management would be another key area for cloud computing. There are a number of cloud service providers in the market. Each of them wants to be the first to provide a new service. Thus, entire process right from studying the market feasibility of a service to deciding on its actual deployment has to be very efficient. This is where Service Portfolio management becomes very important.
Cloud Computing is all about real time provisioning. Thus, Supplier Management becomes a critical process for a cloud service provider. This is not only in terms of getting a good deal or price from their supplier but also in terms of having an excellent relationship so that they can fall back on their supplier as and when needed.
Customer needs information related to the details of utilization the service provider has billed them for. They would also prefer to get information that could help them in billing their internal customers. Thus, Service provider need to have a well defined and implemented process for Financial Management which has to be supported by a good and efficient tool.
Service Provider - Internal Perspective
Continuing from the customers need for utilization and billing details, even the service provider has to define the way they are going to charge their customers. Thus, the 'Unit' of charging has to be defined as charging is based on resource utilization, transactions, etc. Cost has to be properly allocated to different customers to ensure effective accounting and charge-back. Also, efficient & effective budgeting process would be required as all investments have to be strongly justified. This makes the Financial Management another critical process. Service provider has to ensure that the defined process has to be capable to provide details on return on investment (RoI) and total cost of ownership (TCO) of cloud services besides budgeting, accounting and chargeback.
Service Asset & Configuration Management (SACM) can be said to be the "heart" of ITSM. Any IT organization is dependent on accurate CMDB and Configuration Management System (CMS) for information. Each IT component of a cloud infrastructure or a service has to be registered in the CMDB along with a well defined relationship. These IT components would be responsible for supporting many customers of the Cloud service provider. So a failure of a single component has the potential to have a severe impact on many customers. This would have a direct impact on the service provider's business.
In a cloud environment there can be a sudden surge in demand. The probability of the surge will be much higher in public cloud. The provider has to be ready to provision such demands. Thus, effective mapping of demand trend and patterns of business activity (PBA) for every customer is required. The analysis of PBA and trend analysis will help in addressing the change in demand pattern. Also, this will help in identifying the ways to influence demand. A close linkage of Demand Management with Capacity Management and Financial Management processes is required.
The sudden surge in demand has to be fulfilled. Thus, the service provider has to ensure the availability of sufficient capacity. They would also have to maintain a balance between the utilized and excess capacity. Excess capacity would mean wastage of investment while the over utilized capacity reflects a potential threat for performance degradation. So capacity management and capacity forecasting becomes a very complex and critical activity. The real time addition of capacity may be required. This makes it necessary to have a tight integration between Capacity Management and Supplier Management processes.
Another important process for cloud computing is Request Fulfilment, the process responsible for fulfilling service requests. Specifically referring to cloud computing, the request for a cloud service should be treated as a service request. Service requests are provisioned based on the defined internal approval cycle (if any) of the customer organization. Such approval could be related to the one in procurement. Generally either head of a department can raise such a request or would approve such requests of the team. These service requests are not required to go through a formal change approval cycle.
In cloud environment, the requests for addition, modification or deletion/removal of the existing capacity or resource has to be done in real time. Such requests are raised by the customer and provisioned without any change approval cycle. Thus, the request fulfilment team has to ensure that such requests are received in a complete manner and all required approvals, if any, from the customer side is provided along with the request.
Organizations that have 'well' adopted the ITIL framework need not be worried about their ITSM while moving their services to cloud environment. They might need some minor tweaking in their processes and related policies & standards to a certain extent but the overall impact would be minimal.
But challenge would definitely be there for the organizations that have 'ill' adopted the ITIL framework. They might have to re-define or re-implement the entire set of ITIL processes that they have.
Thus, a detailed maturity analysis of existing processes along with gaps w.r.t. to the ITIL framework and level of process integration would be needed. This would help in analyzing the quantum of work that might be required to make an organization's ITSM pertinent for cloud computing.
About the Author - Sumit Kumar Jha
ITIL V3 Expert | ITIL v2 Service Manager | Six Sigma Greenbelt | MS - Consultancy Management (Gold Medallist) Extensive expertise in ITIL and IT Consulting, having over ten years of experience reflecting strong leadership qualities coupled with exceptional client relationship & management skills. A powerful strategist with ability to map creative business vision, transform & empower organizations with tools/techniques, and strategies to bridge the digital business gap. Currently works with a leading CMMI Level 5 IT Services company of India as a Senior Consultant, heading the ITIL practice. Experienced in handling ITIL consulting engagements across various domains and geographies. Entrepreneurial experience of 5 years. Authored a book titled "Tackling Roadblocks During IT Implementation". Maintains blog - www.process-consultant.blogspot.com. He can be contacted at firstname.lastname@example.org.
Note: ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.