The cloud offers a new way to consume and deliver IT resources, so it is logical to ask what the impact of the cloud will be on the way IT is managed and how it relates to the core business. In this chapter we will argue that a “new IT constitution” is required for the enterprise to gain real benefits from cloud computing. These benefits cannot be fully realized simply by implementing a technical solution, such as a cloud management platform, or purely by consuming services from an external provider through a public cloud. Changes to IT governance, management capabilities and processes are needed—hence, a new IT constitution. Some recent cloud implementation projects have devoted up to 50 percent of the total effort to these issues. Enterprises who have ignored the need for IT management and process changes, and focused simply on the technical implementation of cloud, may fail to realize net benefits.
Examples of cloud computing cases where it would have been better if changes in IT management and processes had been included upfront:
Cloud service consumption
A line-of-business unit in an organization procures public cloud services without going through the organization’s internal IT department. Costs are incurred with the public provider. Unless there is a corresponding reduction in costs within the internal IT department, the cloud procurement has resulted in increasing the total cost to the organization.
Cloud service delivery
An internal IT department implements a cloud management platform on top of their virtualized infrastructure, with the resource pool consisting of previously allocated projects and services. When the business wants to add on a new service, they still need to procure resources for the cloud pool in the traditional method: by signing a purchase order, waiting for the vendor to deliver the physical equipment, and hoping the IT department will rack it and stack it quickly, so that it can be used in the cloud. In this scenario, not all the benefits of cloud services are being realized, since the processes to manage the capacity and the resource pool separately from the delivery process have not been considered.
In this chapter we consider the main drivers for a new IT constitution. We identify some critical new IT capabilities that the cloud will demand, and suggest some tools to analyze current IT management capabilities and processes to determine what needs to change.
The concept of “self service” is at the core of cloud computing. Just like the PC did in the 1980s, the cloud, and especially the public cloud, enables department-level business managers to procure their own IT systems. They can declare independence from corporate IT with its long planning cycles, slow response times and rationed resources. Across many enterprises, Line-of-Business (LoB) departments are already procuring cloud services independent from IT. The rise of Salesforce.com is a major example of this trend. In 2010 Gartner estimated that Salesforce.com had gained market share to hold 12,5 percent of the CRM market, placing it third in the list of CRM vendors after SAP and Oracle (Shread 2010).
While many business executives may welcome this opportunity to break free from the shackles of IT, there are real risks to the business. To continue the analogy with the PC revolution, the explosion in “do it yourself” IT with managers running the business on spreadsheets led to a massive explosion in unmanaged data and a whole generation of new problems relating to security, data integrity and auditing that still plague many organizations.
Cloud services pose similar risks, as well as some new ones, since the data is now outside the enterprise firewall. For example, the marketing department of a large consumer services company decided to use a third-party marketing database for managing campaigns. Fairly soon the data in the third-party database fell out of sync with the company’s master customer data, resulting in incorrect mailings and reduced customer satisfaction.
But essentially the dynamic is the same: on the one hand, self-service IT promises flexibility and responsiveness, while on the other hand, centralized IT promises control and efficiency.
Self service, of course, implies that the business users take responsibility for aspects of IT that were previously handled by the IT department. Many business users are probably not aware of the background administration tasks that they may have unwittingly taken on by opting for a cloud service. Backups and security patching are two obvious examples. As cloud evolves, it is likely that these will be offered as “value added” services by the public cloud-service providers, but IT leaders need to make sure their users understand the risks and responsibilities of self-service computing.
Figure 5.1: The traditional IT dilemma
One of the great benefits of the Internet age is that enterprises enjoy much greater access to market innovation. Successful and agile enterprises will want to exploit innovative new technologies and solutions wherever they are found, and embed them into their business processes. Cloud is a great enabler, as it allows businesses to adopt new tools and processes much more rapidly and flexibly than before. Gone is the dependency on IT departments to identify, plan and implement innovative new business tools, since they can now be picked up in the global market. This calls into question traditional ways of doing IT strategy that assume internal IT will be the main engine of business process innovation.
External cloud services provide a lower entry cost and a relatively low-risk way for businesses to experiment with new business concepts and IT solutions.
As discussed in Chapter 4, chargeback and market-price comparison will force IT departments to constantly justify the cost of their services. It is likely that this will be increasingly hard for non-differentiating functions that have been commoditized, such as email. The cloud offers a more liquid market for such commodity services, which in turn will drive down costs. IT departments will need to identify which business functions are core and differentiating, and which ones are non-core and commodity. Then they can plan to exploit commodity cloud services wherever it makes sense, in order to drive down costs.
Many IT departments have been on an SOA journey for several years now. Although some SOA programs have become mostly a software engineering exercise, with a focus on SOA as a programming model, the promise of service orientation to provide reusable, flexible, dynamic, loosely coupled components to enable dynamic business processes remains real, and truly comes of age with cloud and the concept of “anything-as-a-service.”
An essential characteristic of the cloud is that it formalizes a service contract between service consumer and service provider. The abstraction of the cloud service means that the consumer is isolated from decisions about how or where the cloud service is delivered. The service contract specifies service characteristics like availability, performance, security and functionality in terms that can be understood by the business user.
This is in fact a generalization of the concept of service orientation. From being merely about software modules and interfaces, services can now be provided at any level of the stack: storage services up to software-as-a-service.
It’s important here to distinguish between a business service and an IT service. What businesses want to buy “as a service” is typically a business function, which is typically expressed in business terms such as “customer management.” This typically breaks down into a set of lower-level business processes (enroll a customer, manage a sales campaign), which are sufficiently granular to be defined precisely enough to implement “as a service” with SLAs, service contracts, etc. What IT provides in terms of a service catalogue is often a much lower-level set of IT functions (deploy a workstation, enroll a user, deploy a server). Therefore, there must be service catalogues at multiple levels, with around 20-30 offerings in the high-level business service catalogue and several hundred in the detailed IT service catalogue.
We should also note that the concept of a service is key to Information Technology Infrastructure Library (ITIL) V3. We touch on the relationship between ITIL and cloud services later in this chapter.
While the notion of “anything-as-a-service” embodies the principle of service orientation at a theoretical level, there are many additional requirements for cloud services to be truly “service oriented” as a SOA practitioner would understand it. For example, there should be clear service protocols and standards to identify, instantiate, use and terminate a service, or clearly defined use cases and service behaviors. Many cloud services today are not constructed with a standard and structured service interface. Cloud standards, such as those being developed by the Distributed Management Task Force (see DMTF in the References section of this book) and the Open Group Cloud Work Group (see The Open Group in the References section of this book) will become essential.
All of the above trends reinforce the need for IT to act as an integrator of external and internally provided services. Rather than focus on the content of these services, the role of IT is more to focus on the ability to assemble and disassemble them into new business processes. We might use the term “orchestrator” to define this role. This requires several levels of integration. At the infrastructure level, IT needs to provide key service management capabilities to provision, monitor and secure these services regardless of where they are delivered from. IT must provide integrated service delivery.
At the platform level, IT needs to integrate applications and data to ensure consistency of data across multiple applications: both internal and in the cloud. And finally, at the business process level, there is a need to integrate the business events and data managed by these applications in the context of integrated business processes.
These integration disciplines are not new, and IT has been delivering tools and approaches to achieving integration for many years. What cloud brings is a new dimension: the need to integrate services, some of which may be delivered by external service providers over whom IT has no control and which are inherently dynamic. New tools are emerging that address these new aspects of cloud integration, such as RightScale for cloud management (see RightScale in the References section of this book) and IBM’s Cast Iron (Cast Iron 2010) for application and data integration.
The drivers discussed above will affect different IT departments in different ways, and to different levels. We propose that there are three capabilities of IT management that will assume increasing importance as IT transitions into the cloud era.
What are these three capabilities?
The concept of business technology (BT) introduces the idea that IT must separate the functions of “IT business enablement” from “IT operational excellence” (Cameron 2009). This separation allows IT to become a broker of external services as well as one of the main providers of services to the business. In essence, a new IT “supply chain” is established, as illustrated in Figure 5.2.
Figure 5.2: New IT supply chain
In this model, the broker function manages the service catalogue and works with business to select appropriate IT services from the catalogue. It also has the role of managing the business process aspects of orchestration—ensuring that all the services knit together to support the business needs.
The internal provider function is responsible for the secure, safe, and efficient delivery of internal IT services—whether delivered using traditional “siloed” IT systems or based on private cloud technology. In addition, it works with the broker function on orchestration, focusing on the service delivery, information integrity, management and compliance aspects of managing multiple cloud providers. These providers will operate at all levels—software, platform and infrastructure as a service—and some may be suppliers to the internal IT function.
Later in this chapter we discuss how existing service management frameworks, such as ITIL, can be used to analyze the changes to the IT service management processes that are required to allow this “orchestrator” role to deliver integrated service management across internal and external service providers.
An important aspect of the ‘business excellence’ role of IT is to manage the portfolio of business services that are available within the service catalogue. The model here is that of a “venture capitalist”—IT builds a complementary and dynamic portfolio of services selected for their functional excellence, innovation, service excellence and cost characteristics. Managing this portfolio is a new IT capability that goes beyond traditional supplier management.
The massive success of the Apple iPhone and its “app store” model has led many IT leaders to consider its applicability to enterprise IT services. Apple even launched the “Mac App Store” with apps for their Mac computers (Weiss 2010). The UK government’s G-cloud program is a major exponent of this approach (Espiner 2009). The G-cloud is intended to include an app store where government and local government agencies can purchase software and services from a variety of providers. They will be able to access software demonstrations, work out implementation costs, and order software on an automated basis, both in standard commercial packages and bespoke software applications. The app store will also include components such as a payment object for money transfer, which could be embedded into multiple suites.
The app store model is particularly appealing to large, federated organizations (such as governments) as a means of harmonizing software acquisition and deployment across multiple user departments. It would be implemented from a technical perspective using the service catalogue.
One approach to building an enterprise app store is to give the business freedom to provision their own tools, subject to guidelines, and after gaining some experience, to standardize on one variation. For example, if everybody starts to use a certain project-management tool in the cloud, then the enterprise can negotiate a better deal with that provider. From then on, that becomes the mandatory choice for their PM tools.
Given that these new capabilities are needed, delivering them will have a significant impact on the IT management processes and organization. Enterprises need a map of IT capabilities that can help to identify what needs to change or improve for the adoption of cloud services. Two such maps are Forrester Research’s “IT Capability Map” (Scott 2010) and IBM’s “Component Business Model” (Pohle et al. 2005). Both Forrester and IBM have developed general business mapping tools that have been used to map the capabilities of the IT function itself. In the next section we consider in more detail how to use IBM’s Component Business Model to analyze the impact of the cloud on IT processes and capabilities.
This section describes the IBM Component Business Model for IT as a framework for understanding which processes will be impacted by a cloud solution.
Cloud computing touches many sectors within an organization to a greater or lesser extent. The impact of cloud-service consumption is very different from the impact of cloud-service provision. Each and every organization is unique in how it differentiates itself and adds value to the goods and services that drive its revenue, and in the implementation of business processes that make up command and control within the organization. Within whole industries, many of the business processes have become standardized as best practices, but the implementation of these processes in terms of policy, procedures and standards remains truly unique. In order to assess which processes are impacted by cloud services, and to what extent, we need a framework to map the processes and represent the organization.
IBM uses component business models as a method for representing the entire business in a simple framework that fits on a single page. It is an evolution of traditional views of a business, such as business unit, function, location or process. Using the component business model, it is possible to identify the basic building blocks of the business. Each building block includes the people, processes and technology needed by this component to act as a standalone entity and deliver value to the organization.
The Component Business Map (CBM) shows activities across lines of business, without the constrictions of locations, internal silos or business units. The Component Business Map shows the entire company on a single page, making it extremely easy to visualize the impact of a particular initiative: in this context, cloud computing.
As shown in Figure 5.3, the top row, “direct,” represents all of those components in the business that set the overall strategy and direction for the organization. The middle row, “control,” represents all of the components in the business that translate those plans into actions, in addition to managing the day-to-day running of those activities. The bottom row, “execute,” contains the business components that actually execute the detailed activities and plans of the organization.
Figure 5.3: Sample CBM from the retail industry (copyright 2010 IBM Corporation)
Each CBM is unique to each company: the columns are created after thorough analysis of a business’s functions and value chain, and the rows are defined by actions. However, the anchor point for each CBM is an industry model selected to represent a close starting point for each organization. Figure 5.3 shows a sample CBM from the retail industry. The columns represent the business process categories/groups. The intersection of the rows and columns contains the processes.
To analyze the impact of cloud computing, we use the CBM for the “business of IT”—which applies to service providers or internal IT organizations. Figure 5.4 shows the raw CBM for the “business of IT”.
Figure 5.4: “Business of IT” CBM (copyright 2010 IBM Corporation)
The new IT capabilities described above (IT as orchestrator of services, IT as venture capitalist and IT as app store provider) can be mapped to this model in the form of a “heat map,” which shows the impact on the IT department of acquiring these capabilities. One potential heat map is shown in Figure 5.5.
Figure 5.5: Mapping new IT capabilities on the “business of IT” CBM (copyright 2010 IBM Corporation)
In this analysis, it can be seen that the IT as venture capitalist capability affects primarily IT business strategy and IT business administration functions—at all levels. An enterprise app store primarily impacts upon architecture: both enterprise architecture and information architecture, but also on the “selling” of IT services. Orchestrator of services capability is more pervasive, and has a strong impact on the tactical and strategic aspects of service development, deployment and support. There is less impact potentially at lower levels, since these operational aspects are typically existing IT processes for “in house” services, or are outsourced to a service provider.
The mapping shown in Figure 5.5 is intended to be illustrative and not definitive. Each organization’s heat map will be different depending on their current organizational maturity, capabilities and strategy. The CBM model provides a framework for analysis, not a definitive solution.
The “business of IT” model can be used to produce heat maps for specific cloud implementation projects. If we consider the impact of creating a private cloud in an internal IT organization, it’s possible to produce a heat map indicating the areas most impacted by the new cloud delivery models.
Figure 5.6 shows the areas impacted when implementing a private cloud. The white areas are not impacted at all. It’s clear that cloud computing, as a new service delivery model, will have a profound impact upon the deployment and support of IT services. Likewise, the IT business model will need to change to implement pay-per-use pricing, and capacity planning will have to adjust to the implications of scale-up as well as scale-down. By drawing a heat map using the CBM, the priorities in optimizing processes become clear, and the scale of effort can begin to be gauged.
Figure 5.6: CBM showing impact of the private cloud on the business of IT (copyright 2010 IBM Corporation)
It is likely that a heat map for a public cloud implementation (see Figure 5.7) will touch on many more areas than a private cloud, as the public cloud services will be more fundamental to the organization’s core business. It’s not unexpected that security and privacy experience increased impact, as do the business resilience strategy and operations.
Figure 5.7: CBM showing the impact of public cloud services on the business of IT (copyright 2010 IBM Corporation)
So by using a process framework (like CBM) and heat map analysis, the process optimization requirements can be assessed and a corrective action plan developed.
The CBM heat map analysis for cloud services shows clearly that service management is the area most impacted by the cloud. So a more in-depth analysis of the impact of the cloud on service management processes will be needed.
A very common and widely adopted approach for IT service management is ITIL®. Organizations that have adopted ITIL (see ITIL in the References section of this book) as the basis for service delivery can use it as a tool to re-examine their service management processes and governance in light of the new operating model that cloud requires—especially the role of IT as an orchestrator of services, as discussed above. ITIL V3 with its service orientation is suitable as the basis for planning the service delivery aspects of cloud.
When services are delivered by the cloud, it impacts both the technical solution and the operational process. The way a solution is realized changes, which needs to be directed by enterprise architects (see also Chapter 6). But also the responsibility for operational processes, their character or nature, and the methods of service delivery and control will change. This means that service management is highly impacted by the cloud. Due to the dynamic nature of cloud computing, service portfolios become more changeable, which at the same time leads to the existence of more underpinning contracts. Services from different providers and of different natures need to be presented to the business as a consistent set. Incident, problem and change management needs to be carried out in different forms, depending on the nature of the cloud services and the underlying service level agreements, to name a few very striking examples of the cloud’s impact on service management. Cloud computing requires a higher maturity in most of the service management areas than we have ever seen before.
ITIL is a library of best practices that provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business. When moving to the cloud, it is advisable to (re)deploy ITIL processes. In many organizations that have already adopted ITIL, processes have become rigid and bureaucratic over time. The journey to the cloud is an excellent opportunity to dust off these processes and improve service management. If ITIL is not already in use, it’s the appropriate time to consider implementing it to face cloud challenges in the service management area.
ITIL is a huge library, so implementing or redeploying/redesigning it as a whole isn’t a feasible strategy. In order to support cloud computing, Table 5.1 highlights the areas and processes to focus on. The last column of the table illustrates the minimum requirements for service management. At least these ITIL processes have to be changed to be able to act as a provider of cloud services.
| ITIL main area | ITIL process | Required change by cloud computing | At a minimum required |
|---|---|---|---|
| Service Strategy | Service Portfolio Management | Make sure to present an integrated service portfolio to end-users, independent of service realization | |
| Financial Management | Introduce new pricing models to provide flexible pricing (such as pay per use) | √ | |
| Service Design | Service Catalogue Management | (re)Deploy a service catalogue with standardized services, (re)defined in business terms, avoiding technical implementation details. This should be done in close cooperation with (enterprise) architects, who define solution patterns and standards | √ |
| Service Level Management | Define SLA’s which are set up per service per customer | √ | |
| Capacity Management | Implement a capacity forecasting model which can take into account the characteristics of cloud related services | √ | |
| IT Service Continuity Management | Ensure service operation continuity; distributed implementation of solutions (at different cloud providers) can put continuity at risk, if not guarded carefully | ||
| Service Transition | Change Management | Redefine change management processes according to the changes in responsibility and consider automating these processes to support the rapid provisioning of cloud related services | √ |
| Service Asset & Configuration Management | Automated discovery for real time information, as only a portion of the service chain can be stored (as static information) in the configuration management system | √ | |
| Service Validation and Testing | Ensure proper operation and integration of (cloud) services in the IT-landscape | ||
| Service Operations | Event & Incident Management | Align service desks with cloud providers event & incident management processes. Consider tooling to manage and meter a highly automated environment | √ |
| Request Fulfillment | Consider a self enablement portal | √ | |
| Problem Management | Agree on problem management processes with cloud providers in order to be able to trace and solve problems (root cause analyses) | ||
| Continual Service Improvement | Service Measurement | Ensure that end-users have a consistent service quality experience, independent of implementation |
Table 5.1: Areas in ITIL to focus on to support cloud computing
Maturity of service management is a key success factor in implementing cloud services. Keeping service management in step with cloud computing initiatives is imperative, so involving service managers (and consequently, operations) is an important issue.
In this chapter we’ve considered the IT capability and process changes that cloud computing will drive. We identified a number of specific drivers for these changes—self service IT, true service orientation, the harnessing of external sources of innovation, and the increased need for integration across multiple service providers. Based on this we identified three new capabilities that IT functions need to acquire to be successful in the era of cloud computing. These are the need to be an “orchestrator of services”, for IT to “act as a venture capitalist” and to become the “enterprise app store”. We also introduced the IBM Component Business Model as an analytical tool that can help IT management map their analysis of what needs to change down to the next level of organization and process, and considered how ITIL can also help in an analysis of the need for new service management processes. We believe that these changes together represent something we call a “new constitution” for IT.