SlideShare ist ein Scribd-Unternehmen logo

Migrating to Cloud Requires Service Management

itSMF UK
itSMF UK

This presentation explored the importance of service management in the cloud and explore what is needed to build an operating model for the governance, assurance, and day to day operation of cloud services.

Regierungs- und gemeinnützige Organisationen
1 von 45
Downloaden Sie, um offline zu lesen
We’re Migrating to Cloud – Who Needs Service Management?
Agenda • You need to do this; • This is why; • Here’s the inspirational story to back it up; • If you don’t do it you’ll die; • Here’s a case study that focuses on what was achieved but gives no insight into how; and • This is what will happen in the future – you MUST do this! No, we are not going to do that!
The basics: why cloud? Reasons can include: Greatly reduced implementation times Cost savings Faster innovation cycle Resilience Optimised resource utilisation Better responsiveness
Cloud – Someone else’s computer? The generally accepted definition of cloud computing from the US National Institute of Standards & Technology (NIST): A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
The Five Essential Characteristics • On-demand self service • Broad network access • Resource pooling • Rapid elasticity • Measured service
Cloud Service Models • Software as a Service (SaaS) – Using the provider’s applications running on cloud infrastructure. Perhaps the most well known service model due to the success of some providers (e.g., Salesforce, Workday). • Platform as a Service (PaaS) – In addition to core infrastructure components, provides the software platform on which higher component such as applications can be built. • Infrastructure as a Service (IaaS) – storage, computing capabilities, networks and other fundamental resources.
Cloud Deployment Models • Public Cloud ⎻ Available to public or large industry group ⎻ Owner by the Cloud Service Provider (CSP) • Private Cloud ⎻ Operated solely for one enterprise ⎻ Managed by enterprise or a provider ⎻ May be on- or off- premise
Cloud Deployment Models (cont.) • Community Cloud ⎻ Shared by several companies ⎻ Supports a shared mission or interest ⎻ Managed by an enterprise or a provider ⎻ May be on- or off- premise • Hybrid Cloud ⎻ Combination or two or more deployment models that are unique entities ⎻ Bound by standard or proprietary technology enabling data/application portability (e.g., cloud bursting for load balancing)
An analogy with PizzaaaS
So how do you do cloud – like this? No! How much of our technologies are misunderstood?
And certainly not like this! How many governance and management failures can you spot?
So why do we need Service Management? Let’s ask some simple questions …
Who will the business call if there’s an issue with the cloud service? Not my problem. Call the cloud service provider. How would that work? Wouldn’t business users expects call the Service Desk and let IT handle it from there?
What if there’s planned maintenance in the cloud which impacts one of more of our internal systems? That’s out of our hands. We don’t manage the cloud and don’t have access to their change system. Surely your internal change management process should still be able to account for this through a change risk & impact assessment?
What if your critical business processes are impacted by a cloud related problem? No problem. I’ll hold the cloud service provider accountable! Best of luck with that! The business will still see IT as accountable.
What if the cloud suffers a breach of sensitive personal data you store there? No problem. I’ll hold the cloud provider accountable per the contract! Moving a service to cloud does not absolve an organisation from its duties of care and accountability to legal & regulatory requirements.
Finally, what about Service Management? We’ve moved to cloud – we don’t need Service Management! Are you sure about that? From the previous questions it seems you have some homework to do!
Summary so far • Do your homework • We still need a Service Management processes • Cloud doesn’t govern itself – we are still accountable for governance & assurance • In short, we need an operating model.
POLISM: Elements of an Operating Model1 Processes • How work is done to provide outcomes that deliver value • Each service process should deliver an intrinsic value that can be measured through KPIs • What service processes do you have that will need reviewed and amended for cloud? • What additional service processes do you needs for cloud (e.g., Supplier Management) • ITIL, ISO/IEC 20000 and COBIT® are good reference sources Organization • How are the services processes and their value chains mapped into organizational structures across the organization and the CSP? • What are the required roles and skills for each and do they need to change for cloud? • What are the essential processes that cross multiple parts of the organization and/or CSP (e.g., change management) Locations • Where are the service processes executed? • Where are physical assets? • Where is the data? • What intellectual property considerations are there? • What are the governing legal & regulatory needs of each location? Information • How is each processes supported through information systems? • Service Management toolsets? • Trusted sources of data? • Electronic integration of sources (e.g., APIs)? Suppliers • What suppliers (in additional to the CSP) are needed to support the service processes? • What is the nature of collaboration with each supplier? • What are the policies governing selection and oversight of suppliers? Management System • What are the oversight processes for planning, assigning actions, setting targets, making decisions and measuring performance to plan? • How is the management system itself managed? • How is continual improvement managed? 1 – Based on the “Operating Model Canvas” – see further reading.
For each POLISM element of the operating model, follow a CSI approach • The vision links to o Organizational goals & objectives o Governing policies • Gap analysis of where we are to where we need to be (next) • Plan/Do/Check/Act, adjusting the vision where necessary
It’s all about the processes • The core part of the operating model are the service processes • This is where the where outcomes are delivered and value provided • Where to start? Configuration Management and the CMDB is a fitting starting point!
The whole world is a CMDB • For thousands of years we’ve come to rely on machines of increasing complexity • Machines are built from many components working together to do something of value and generate the desired outcomes • IT systems are like any machine – components must be connected in the right way for it to work to deliver what we expect (utility) and how (warranty)
Dodgeball A Case in Point: CMDB mapping of the “Dodgeball” SaaS application Configuration Item created – job done! Or it is?
Dodgeball Fireball A Case in Point: CMDB mapping of the “Dodgeball” SaaS application (cont.) But Dodgeball is part of a business critical service offering
Dodgeball Fireball Dodge-In Dodge-Out A Case in Point: CMDB mapping of the “Dodgeball” SaaS application (cont.) But Dodgeball is part of a business critical service offering And it relies on an essential data feed from this system And in turn provides an essential data feed to this system
Dodgeball Slowball Fastball Fireball Dodge-In Dodge-Out A Case in Point: CMDB mapping of the “Dodgeball” SaaS application (cont.) But Dodgeball is part of a business critical service offering And it relies on an essential data feed from this system And in turn provides an essential data feed to this system And has a critical dependency on this system … … and this system. The Lesson: even SaaS needs service mapped in the CMDB
Assignment of control across components Components native to the CSP’s CMDB can be brought into your own CMDB (e.g., via API/e-Bonding) with suitable governance and controls around their consumption and maintenance
COBIT®5 View (ISACA) vs. Cloud Controls Matrix (Cloud Security Alliance)
Simple Process Model Quality Parameters & KPI’s Process Owner Resources Process Activities Process Control Process Enablers Output and Output Specifications Process Goal Roles Input and Input Specifications
Simple Process Model Quality Parameters & KPI’s Process Owner Resources Process Activities Process Control Process Enablers Output and Output Specifications Process Goal Roles Input and Input Specifications
Example – Change Management Process Control Process Enablers Outputs: o Deployed RFCs o CAB Minutes / Actions o Change Management Reports Inputs: o Change Schedule – Internal o Change Schedule – CSP o CMDB o RFCs Owner: Change Manager Goal: o Minimise adverse impact of change upon service quality o Assess potential benefits of change against risks and costs to the organisation o Ensure correct methods and procedures used KPIs: o Number of RFCs implemented on schedule o Number of RFCs bypassing CAB/EC o Number of incidents caused by change Process Activities: o Record o Review & Assess o Risk & Impact Assessment o Approval to Proceed o Build & Test o Approval to Implement o Implement o Post Implementation Review & Close Roles: o Change Manager o CAB o CSP Resources: o Service Desk o Support Groups o ITSM Tools o Documentation o Training o CSP Note: bulleted lists are not exhaustive
Client versus CSP Responsibilities • How does each service process need to change to accommodate cloud (e.g., change in responsibilities) • How does the hand-off occur? • A RACI (Responsible, Accountable, Consulted, Informed) mapping of roles is essential
RACI Example – Configuration Management • Simplified RACI – covers “R” only • Quicker and simpler to develop in the first instance • “A” usually cascades up the organization • The “C” and “I” activities often occurs through forums (e.g., CAB) and electronic notifications from service processes from ITSM toolsets No Level ProcessStep Service Integration & M anagem ent Configuratio n M anager Desig n Authority Enterprise Architect Configuratio n Data Ow ner Requirem entsO w ner R A A,R C I 1 1 Configuration Management Process 1.1 2 Configuration Planning 1.1.1 3 Define Configuration Management Strategy A R C C I I 1 1 0 2 1 1.1.2 3 Define Configuration Management Policy & Standards A R C C I I 1 1 0 2 1 1.1.3 3 Define Configuration Management CSFs/KPIs A R C C I I 1 1 0 2 1 1.1.4 3 Define, collaborate and test requirements that consume CMDB A C I C R 1 1 0 2 1 1.1.8 3 Define IT Business Process for consumption of CMDB A C I C C C 0 1 0 4 0 1.2 2 Configuration Identification 1.2.1 3 Define CMDB Design Principles A R I C C C 1 1 0 3 1 1.2.2 3 Define Data Model - conceptual, logical, physical A R I C 1 1 0 1 1 1.2.3 3 Define CMDB Configuration Management Process Artefacts A R I C C C 1 1 0 3 1 1.2.4 3 Provide non-discoverable CI data A C R I 1 1 0 1 1 1.2.5 3 Facilitate auto-discovery of discoverable CI data A C R I 1 1 0 1 1 1.2.6 3 Confirm completeness of CI data estate A C R I 1 1 0 1 1 1.3 2 Configuration Control 1.3.1 3 Maintain Configuration Data A C A I 0 2 0 1 0 1.3.2 3 Facilitate auto-discovery of discoverable CI data A C R I 1 1 0 1 1 1.4 2 Configuration Status Accounting 1.4.1 3 Provide / Facilitate generation of Configuration reports A R I I 1 1 0 0 1 1.4.2 3 Provide / Facilitate generation of Configuration related metrics/KPIs A,R 0 0 1 0 0 1.4.3 3 Coordinate & oversee CMDB continual improvements A R C C C I 1 1 0 3 1 1.5 2 Configuration Verification & Audit 1.5.1 3 Plan and conduct audit A R C C C I 1.5.2 3 Report on CMDB audit outcomes A C R 1 1 0 1 1 No Level ProcessStep Configuration M anagem ent Configuration Practitio ner(Adm in ) Configuratio n Data Ow ner Service ProcessUser ITSM Platform Adm inistrator 1 1 Configuration Management Process 1.1 2 Configuration Planning 1.1.1 3 Define configuration scope, policy, strategy and governance & controls R 1.2 2 Configuration Identification 1.2.1 3 Define, establish and maintain Configuration Data Model - conceptual, logical and physical R 1.2.2 3 Define, establish and maintain configuration management process workflows R 1.2.3 3 Establish and maintain trusted data sources into the Configuration Management System R 1.3 2 Configuration Control 1.3.1 3 Ensure configuration data updates are incorporated (where needed) as part of Change Management R 1.3.2 3 Provide and maintain configuration data (and approve process user requests to update configuration data R 1.3.3 3 Provide administrative and technical support to process users and configuration data owners R 1.4 2 Configuration Status Accounting 1.4.1 3 Define and report on agreed metrics and Key Perfomance Indicators & Key Risk Indicators R 1.5 2 Configuration Verification & Audit 1.5.1 3 Coordinate & oversee periodica verification & audit of configuration data R 1.5.2 3 Perform periodic verification of configuration data and perform remediation activities R Simple RACI – “R” only Full RACI – all actors
And what about governance, risk and security? How risk level maps against cloud service and deployment models
The IT Risk Management Lifecycle • Risk Scenarios drive risk identification • The Cloud Security Alliance (see Further Reading) is an excellent source of information and template for cloud risk assessments • Assessment should align with enterprise risk governance so risk portfolio and measures are in true business terms • Risk response options include accept, avoid, transfer/share, or mitigate • Since inception of SOX, controls have become highly prevalent in the treatment of IT risk and legal & regulatory compliance: • Many are preventative, detective, corrective • Can also be managerial, physical or technical in their implementation • And additionally directive, deterrent, recovery and compensating controls
Interdependencies between Control Types Interdependent controls are designed against risk Scenarios, which for cloud are different to in-house
The Five Pillars of Cloud Security • Service Management! • Organization • Technology • Security and Data Protection • Governance, Compliance, Legal and Audit
The Five Pillars of Cloud Security Service Management • The POLISM model we’ve discussed • The contracts are king – ongoing effort to actively manage them and service levels is essential • CSP should be assessed on ability to integrate service management with the customer to manage availability of services with seamless execution of critical service processes • Also requires the CSP effective capacity management to handle the concurrent load of multiple customers in shared environments.
The Five Pillars of Cloud Security Organization • This must start with your organization’s strategy for adoption of cloud based service • Must include human resource planning • What is the retained organisation and how are relationships managed with the CSP • Good Organizational Change Management is needed to adapt business processes and organizational structures to make cloud adoption a success.
The Five Pillars of Cloud Security Technology • This is a key driver to cloud computing – access to technology and rapid innovation • Interoperability and compatibility of new technologies with legacy/heritage need considered. • IT Architectures needs re-considered • A different systems development lifecycle is required • A different support model is required.
The Five Pillars of Cloud Security Security and Data Protection • Internal data typically leaves the trusted network perimeter bringing data protection challenges • Security of data at rest • Security of data in motion • Cyber threats can be both internal and external with collaboration needed between customer and CSP • Cloud environments can be more secure • Don’t expect the CSP to follow your security policy • Business Continuity should be an integral part of security as part of the CIA (Confidentiality, Integrity and Availability) trio.
The Five Pillars of Cloud Security Governance, Compliance, Legal and Audit • Legal requirements must consider the industry and legal jurisdiction(s) you are operating in • Governance processes need to be able shared responsibilities between the CSP and your organisation. • Contracts need to include terms for cascading of outsourcing partners • Need to ensure a right to audit clause
Summary • Do your homework • Use POLISM to develop an operating model • Understand the service processes you have and the ones you need • Map the RACI for your processes, being clear of the hand-offs with the CSP • Use the Five Pillars for security and assurance of cloud services.
Further Reading Operating Model Canvas (Van Haren Publishing) https://operatingmodelcanvas.com Cloud Security Alliance – Cloud Controls Matrix https://cloudsecurityalliance.org COBIT®5 – Controls & Assurance in the Cloud http://www.isaca.org/Knowledge- Center/Research/ResearchDeliverables/Pages/Controls-and-Assurance-in-the-Cloud- Using-COBIT-5.aspx
ITSMF UK Premier Gate, Easthampstead Road, Bracknell, RG12 1JS, United Kingdom Tel: +44 (0) 118 918 6500 | Web: www.itsmf.co.uk

Empfohlen

Mathew Burrows - Maximising value and building trust in your digital supply c...
Mathew Burrows - Maximising value and building trust in your digital supply c...Mathew Burrows - Maximising value and building trust in your digital supply c...
Mathew Burrows - Maximising value and building trust in your digital supply c...itSMF UK
 
Andrew Shepherd - Rethink the service desk role to change its image forever
Andrew Shepherd - Rethink the service desk role to change its image foreverAndrew Shepherd - Rethink the service desk role to change its image forever
Andrew Shepherd - Rethink the service desk role to change its image foreveritSMF UK
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceitSMF UK
 
Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...
Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...
Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...itSMF UK
 
Steve Tuppen - Digital Service Management
Steve Tuppen - Digital Service ManagementSteve Tuppen - Digital Service Management
Steve Tuppen - Digital Service ManagementitSMF UK
 
Daniel Breston - DevOps metrics that matter
Daniel Breston - DevOps metrics that matterDaniel Breston - DevOps metrics that matter
Daniel Breston - DevOps metrics that matteritSMF UK
 
Neil Forshaw - Service managing cloud services perception vs reality v0
Neil Forshaw - Service managing cloud services perception vs reality v0Neil Forshaw - Service managing cloud services perception vs reality v0
Neil Forshaw - Service managing cloud services perception vs reality v0itSMF UK
 
Steve Chambers - Cloud for GrownUps ITSM17
Steve Chambers - Cloud for GrownUps ITSM17Steve Chambers - Cloud for GrownUps ITSM17
Steve Chambers - Cloud for GrownUps ITSM17itSMF UK
 

Empfohlen

Mathew Burrows - Maximising value and building trust in your digital supply c...
Mathew Burrows - Maximising value and building trust in your digital supply c...Mathew Burrows - Maximising value and building trust in your digital supply c...
Mathew Burrows - Maximising value and building trust in your digital supply c...itSMF UK
 
Andrew Shepherd - Rethink the service desk role to change its image forever
Andrew Shepherd - Rethink the service desk role to change its image foreverAndrew Shepherd - Rethink the service desk role to change its image forever
Andrew Shepherd - Rethink the service desk role to change its image foreveritSMF UK
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceitSMF UK
 
Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...
Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...
Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...itSMF UK
 
Steve Tuppen - Digital Service Management
Steve Tuppen - Digital Service ManagementSteve Tuppen - Digital Service Management
Steve Tuppen - Digital Service ManagementitSMF UK
 
Daniel Breston - DevOps metrics that matter
Daniel Breston - DevOps metrics that matterDaniel Breston - DevOps metrics that matter
Daniel Breston - DevOps metrics that matteritSMF UK
 
Neil Forshaw - Service managing cloud services perception vs reality v0
Neil Forshaw - Service managing cloud services perception vs reality v0Neil Forshaw - Service managing cloud services perception vs reality v0
Neil Forshaw - Service managing cloud services perception vs reality v0itSMF UK
 
Steve Chambers - Cloud for GrownUps ITSM17
Steve Chambers - Cloud for GrownUps ITSM17Steve Chambers - Cloud for GrownUps ITSM17
Steve Chambers - Cloud for GrownUps ITSM17itSMF UK
 
Craig Johnson - Transforming service management into multi-modal and DevOps.
Craig Johnson - Transforming service management into multi-modal and DevOps.Craig Johnson - Transforming service management into multi-modal and DevOps.
Craig Johnson - Transforming service management into multi-modal and DevOps.itSMF UK
 
Matt Hoey - DevOps and the three ways of transition
Matt Hoey - DevOps and the three ways of transitionMatt Hoey - DevOps and the three ways of transition
Matt Hoey - DevOps and the three ways of transitionitSMF UK
 
Antony Oxley - Has the digital age left service level management in the dust?
Antony Oxley - Has the digital age left service level management in the dust?Antony Oxley - Has the digital age left service level management in the dust?
Antony Oxley - Has the digital age left service level management in the dust?itSMF UK
 
Peter Norris and Ian Porter - solving your customers problems, at the pub final
Peter Norris and Ian Porter - solving your customers problems, at the pub finalPeter Norris and Ian Porter - solving your customers problems, at the pub final
Peter Norris and Ian Porter - solving your customers problems, at the pub finalitSMF UK
 
Jon Baxter - Getting a Seat at The Decision-Making Table
Jon Baxter - Getting a Seat at The Decision-Making TableJon Baxter - Getting a Seat at The Decision-Making Table
Jon Baxter - Getting a Seat at The Decision-Making TableitSMF UK
 
Ivor Macfarlane - Will we ever learn? People, perception and involvement matter
Ivor Macfarlane - Will we ever learn? People, perception and involvement matterIvor Macfarlane - Will we ever learn? People, perception and involvement matter
Ivor Macfarlane - Will we ever learn? People, perception and involvement matteritSMF UK
 
Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...
Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...
Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...itSMF UK
 
Next-Generation IT Service Management: Changing the Future of IT
Next-Generation IT Service Management: Changing the Future of ITNext-Generation IT Service Management: Changing the Future of IT
Next-Generation IT Service Management: Changing the Future of ITEnterprise Management Associates
 
ITIL implementation and Service Management Best Practices – useful informatio...
ITIL implementation and Service Management Best Practices – useful informatio...ITIL implementation and Service Management Best Practices – useful informatio...
ITIL implementation and Service Management Best Practices – useful informatio...SriramITISConsultant
 
ITIL and CMMI for service
ITIL and CMMI for serviceITIL and CMMI for service
ITIL and CMMI for serviceBoonNam Goh
 
Nicola Reeves and John McDermott: Value Creation in a Hybrid World
Nicola Reeves and John McDermott: Value Creation in a Hybrid WorldNicola Reeves and John McDermott: Value Creation in a Hybrid World
Nicola Reeves and John McDermott: Value Creation in a Hybrid WorlditSMF UK
 
Adding Value with Change Management
Adding Value with Change ManagementAdding Value with Change Management
Adding Value with Change ManagementITSM Academy, Inc.
 
Create Value with ITIL 4
Create Value with ITIL 4Create Value with ITIL 4
Create Value with ITIL 4Ivanti
 
Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1Habeeb Mahaboob
 
ITS Managed Services Introduction
ITS Managed Services IntroductionITS Managed Services Introduction
ITS Managed Services IntroductionJorge Sebastiao
 
Webinar - The Science Behind Effective Service Catalogues
Webinar - The Science Behind Effective Service CataloguesWebinar - The Science Behind Effective Service Catalogues
Webinar - The Science Behind Effective Service CataloguesManageEngine
 
PECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20K
PECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20KPECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20K
PECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20KPECB
 
ITIL4 – 26.11.2020
ITIL4 – 26.11.2020ITIL4 – 26.11.2020
ITIL4 – 26.11.2020itSMF Belgium
 
Service Desk meets SIAM
Service Desk meets SIAMService Desk meets SIAM
Service Desk meets SIAMService-Flow Corp.
 
Service Now.Com Cio Presentation
Service Now.Com Cio PresentationService Now.Com Cio Presentation
Service Now.Com Cio Presentationcjurges
 
Creating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organizationCreating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organizationTom Laszewski
 
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Craig Johnson - Transforming service management into multi-modal and DevOps.
Craig Johnson - Transforming service management into multi-modal and DevOps.Craig Johnson - Transforming service management into multi-modal and DevOps.
Craig Johnson - Transforming service management into multi-modal and DevOps.itSMF UK
 
Matt Hoey - DevOps and the three ways of transition
Matt Hoey - DevOps and the three ways of transitionMatt Hoey - DevOps and the three ways of transition
Matt Hoey - DevOps and the three ways of transitionitSMF UK
 
Antony Oxley - Has the digital age left service level management in the dust?
Antony Oxley - Has the digital age left service level management in the dust?Antony Oxley - Has the digital age left service level management in the dust?
Antony Oxley - Has the digital age left service level management in the dust?itSMF UK
 
Peter Norris and Ian Porter - solving your customers problems, at the pub final
Peter Norris and Ian Porter - solving your customers problems, at the pub finalPeter Norris and Ian Porter - solving your customers problems, at the pub final
Peter Norris and Ian Porter - solving your customers problems, at the pub finalitSMF UK
 
Jon Baxter - Getting a Seat at The Decision-Making Table
Jon Baxter - Getting a Seat at The Decision-Making TableJon Baxter - Getting a Seat at The Decision-Making Table
Jon Baxter - Getting a Seat at The Decision-Making TableitSMF UK
 
Ivor Macfarlane - Will we ever learn? People, perception and involvement matter
Ivor Macfarlane - Will we ever learn? People, perception and involvement matterIvor Macfarlane - Will we ever learn? People, perception and involvement matter
Ivor Macfarlane - Will we ever learn? People, perception and involvement matteritSMF UK
 
Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...
Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...
Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...itSMF UK
 
Next-Generation IT Service Management: Changing the Future of IT
Next-Generation IT Service Management: Changing the Future of ITNext-Generation IT Service Management: Changing the Future of IT
Next-Generation IT Service Management: Changing the Future of ITEnterprise Management Associates
 
ITIL implementation and Service Management Best Practices – useful informatio...
ITIL implementation and Service Management Best Practices – useful informatio...ITIL implementation and Service Management Best Practices – useful informatio...
ITIL implementation and Service Management Best Practices – useful informatio...SriramITISConsultant
 
ITIL and CMMI for service
ITIL and CMMI for serviceITIL and CMMI for service
ITIL and CMMI for serviceBoonNam Goh
 
Nicola Reeves and John McDermott: Value Creation in a Hybrid World
Nicola Reeves and John McDermott: Value Creation in a Hybrid WorldNicola Reeves and John McDermott: Value Creation in a Hybrid World
Nicola Reeves and John McDermott: Value Creation in a Hybrid WorlditSMF UK
 
Adding Value with Change Management
Adding Value with Change ManagementAdding Value with Change Management
Adding Value with Change ManagementITSM Academy, Inc.
 
Create Value with ITIL 4
Create Value with ITIL 4Create Value with ITIL 4
Create Value with ITIL 4Ivanti
 
Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1Habeeb Mahaboob
 
ITS Managed Services Introduction
ITS Managed Services IntroductionITS Managed Services Introduction
ITS Managed Services IntroductionJorge Sebastiao
 
Webinar - The Science Behind Effective Service Catalogues
Webinar - The Science Behind Effective Service CataloguesWebinar - The Science Behind Effective Service Catalogues
Webinar - The Science Behind Effective Service CataloguesManageEngine
 
PECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20K
PECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20KPECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20K
PECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20KPECB
 
ITIL4 – 26.11.2020
ITIL4 – 26.11.2020ITIL4 – 26.11.2020
ITIL4 – 26.11.2020itSMF Belgium
 
Service Now.Com Cio Presentation
Service Now.Com Cio PresentationService Now.Com Cio Presentation
Service Now.Com Cio Presentationcjurges
 

Was ist angesagt? (20)

Craig Johnson - Transforming service management into multi-modal and DevOps.
Craig Johnson - Transforming service management into multi-modal and DevOps.Craig Johnson - Transforming service management into multi-modal and DevOps.
Craig Johnson - Transforming service management into multi-modal and DevOps.
 
Matt Hoey - DevOps and the three ways of transition
Matt Hoey - DevOps and the three ways of transitionMatt Hoey - DevOps and the three ways of transition
Matt Hoey - DevOps and the three ways of transition
 
Antony Oxley - Has the digital age left service level management in the dust?
Antony Oxley - Has the digital age left service level management in the dust?Antony Oxley - Has the digital age left service level management in the dust?
Antony Oxley - Has the digital age left service level management in the dust?
 
Peter Norris and Ian Porter - solving your customers problems, at the pub final
Peter Norris and Ian Porter - solving your customers problems, at the pub finalPeter Norris and Ian Porter - solving your customers problems, at the pub final
Peter Norris and Ian Porter - solving your customers problems, at the pub final
 
Jon Baxter - Getting a Seat at The Decision-Making Table
Jon Baxter - Getting a Seat at The Decision-Making TableJon Baxter - Getting a Seat at The Decision-Making Table
Jon Baxter - Getting a Seat at The Decision-Making Table
 
Ivor Macfarlane - Will we ever learn? People, perception and involvement matter
Ivor Macfarlane - Will we ever learn? People, perception and involvement matterIvor Macfarlane - Will we ever learn? People, perception and involvement matter
Ivor Macfarlane - Will we ever learn? People, perception and involvement matter
 
Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...
Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...
Clare Agutter, Michelle Major-Goldsmith, Simon Dorst: SIAM - The good the bad...
 
Next-Generation IT Service Management: Changing the Future of IT
Next-Generation IT Service Management: Changing the Future of ITNext-Generation IT Service Management: Changing the Future of IT
Next-Generation IT Service Management: Changing the Future of IT
 
ITIL implementation and Service Management Best Practices – useful informatio...
ITIL implementation and Service Management Best Practices – useful informatio...ITIL implementation and Service Management Best Practices – useful informatio...
ITIL implementation and Service Management Best Practices – useful informatio...
 
ITIL and CMMI for service
ITIL and CMMI for serviceITIL and CMMI for service
ITIL and CMMI for service
 
Nicola Reeves and John McDermott: Value Creation in a Hybrid World
Nicola Reeves and John McDermott: Value Creation in a Hybrid WorldNicola Reeves and John McDermott: Value Creation in a Hybrid World
Nicola Reeves and John McDermott: Value Creation in a Hybrid World
 
Adding Value with Change Management
Adding Value with Change ManagementAdding Value with Change Management
Adding Value with Change Management
 
Create Value with ITIL 4
Create Value with ITIL 4Create Value with ITIL 4
Create Value with ITIL 4
 
Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1Itsmf india presentation issues in implementing itil ver 1
Itsmf india presentation issues in implementing itil ver 1
 
ITS Managed Services Introduction
ITS Managed Services IntroductionITS Managed Services Introduction
ITS Managed Services Introduction
 
Webinar - The Science Behind Effective Service Catalogues
Webinar - The Science Behind Effective Service CataloguesWebinar - The Science Behind Effective Service Catalogues
Webinar - The Science Behind Effective Service Catalogues
 
PECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20K
PECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20KPECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20K
PECB Webinar: Common ITIL implementation mistakes in the scope of ISO 20K
 
ITIL4 – 26.11.2020
ITIL4 – 26.11.2020ITIL4 – 26.11.2020
ITIL4 – 26.11.2020
 
Service Desk meets SIAM
Service Desk meets SIAMService Desk meets SIAM
Service Desk meets SIAM
 
Service Now.Com Cio Presentation
Service Now.Com Cio PresentationService Now.Com Cio Presentation
Service Now.Com Cio Presentation
 

Ähnlich wie Migrating to Cloud Requires Service Management

Creating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organizationCreating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organizationTom Laszewski
 
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...Amazon Web Services
 
Aws dev ops saif ahmed
Aws dev ops saif ahmedAws dev ops saif ahmed
Aws dev ops saif ahmedsaifam
 
Practical soa for business and researchers
Practical soa for business and researchersPractical soa for business and researchers
Practical soa for business and researchersMustafa Gamal
 
Daniel Jasník - ITSMF pro cloudové služby - AID2019
Daniel Jasník - ITSMF pro cloudové služby - AID2019Daniel Jasník - ITSMF pro cloudové služby - AID2019
Daniel Jasník - ITSMF pro cloudové služby - AID2019ALVAO
 
Bring Down Costs by Controlling Cloud Capacity
Bring Down Costs by Controlling Cloud Capacity Bring Down Costs by Controlling Cloud Capacity
Bring Down Costs by Controlling Cloud Capacity Precisely
 
Agile Transformation
Agile TransformationAgile Transformation
Agile TransformationBosnia Agile
 
Awesome CMS! Implementing Configuration Management to Maximise Value #LEADit
Awesome CMS! Implementing Configuration Management to Maximise Value #LEADitAwesome CMS! Implementing Configuration Management to Maximise Value #LEADit
Awesome CMS! Implementing Configuration Management to Maximise Value #LEADitAwesome CMS
 
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014IBM Systems UKI
 
Migrating Thousands of Workloads to AWS at Enterprise Scale – Chris Wegmann, ...
Migrating Thousands of Workloads to AWS at Enterprise Scale – Chris Wegmann, ...Migrating Thousands of Workloads to AWS at Enterprise Scale – Chris Wegmann, ...
Migrating Thousands of Workloads to AWS at Enterprise Scale – Chris Wegmann, ...Amazon Web Services
 
Migration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for allMigration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for allJim Pang
 
estrat AWS Cloud Breakfast
estrat AWS Cloud Breakfastestrat AWS Cloud Breakfast
estrat AWS Cloud BreakfastPaul Cooper
 
Business Analytics as a Service
Business Analytics as a ServiceBusiness Analytics as a Service
Business Analytics as a ServiceArrow ECS UK
 
Cloud Adoption Framework Phase one-moving to the cloud
Cloud Adoption Framework Phase one-moving to the cloudCloud Adoption Framework Phase one-moving to the cloud
Cloud Adoption Framework Phase one-moving to the cloudAnthony Clendenen
 
Accenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Accenture 2014 AWS re:Invent Enterprise Migration Breakout SessionAccenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Accenture 2014 AWS re:Invent Enterprise Migration Breakout SessionTom Laszewski
 
The Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - BusinessThe Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - BusinessAmazon Web Services
 
Demystifying Cloud Economics – Think Big: How to Build an Investment Case for...
Demystifying Cloud Economics – Think Big: How to Build an Investment Case for...Demystifying Cloud Economics – Think Big: How to Build an Investment Case for...
Demystifying Cloud Economics – Think Big: How to Build an Investment Case for...Amazon Web Services
 
Transform Enterprise IT Infrastructure with AWS DevOps
Transform Enterprise IT Infrastructure with AWS DevOpsTransform Enterprise IT Infrastructure with AWS DevOps
Transform Enterprise IT Infrastructure with AWS DevOpsAmazon Web Services
 

Ähnlich wie Migrating to Cloud Requires Service Management (20)

Creating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organizationCreating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organization
 
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
 
Aws dev ops saif ahmed
Aws dev ops saif ahmedAws dev ops saif ahmed
Aws dev ops saif ahmed
 
Migration Planning
Migration PlanningMigration Planning
Migration Planning
 
Practical soa for business and researchers
Practical soa for business and researchersPractical soa for business and researchers
Practical soa for business and researchers
 
Daniel Jasník - ITSMF pro cloudové služby - AID2019
Daniel Jasník - ITSMF pro cloudové služby - AID2019Daniel Jasník - ITSMF pro cloudové služby - AID2019
Daniel Jasník - ITSMF pro cloudové služby - AID2019
 
Bring Down Costs by Controlling Cloud Capacity
Bring Down Costs by Controlling Cloud Capacity Bring Down Costs by Controlling Cloud Capacity
Bring Down Costs by Controlling Cloud Capacity
 
Agile Transformation
Agile TransformationAgile Transformation
Agile Transformation
 
Awesome CMS! Implementing Configuration Management to Maximise Value #LEADit
Awesome CMS! Implementing Configuration Management to Maximise Value #LEADitAwesome CMS! Implementing Configuration Management to Maximise Value #LEADit
Awesome CMS! Implementing Configuration Management to Maximise Value #LEADit
 
Building Your Cloud Strategy
Building Your Cloud StrategyBuilding Your Cloud Strategy
Building Your Cloud Strategy
 
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
 
Migrating Thousands of Workloads to AWS at Enterprise Scale – Chris Wegmann, ...
Migrating Thousands of Workloads to AWS at Enterprise Scale – Chris Wegmann, ...Migrating Thousands of Workloads to AWS at Enterprise Scale – Chris Wegmann, ...
Migrating Thousands of Workloads to AWS at Enterprise Scale – Chris Wegmann, ...
 
Migration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for allMigration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for all
 
estrat AWS Cloud Breakfast
estrat AWS Cloud Breakfastestrat AWS Cloud Breakfast
estrat AWS Cloud Breakfast
 
Business Analytics as a Service
Business Analytics as a ServiceBusiness Analytics as a Service
Business Analytics as a Service
 
Cloud Adoption Framework Phase one-moving to the cloud
Cloud Adoption Framework Phase one-moving to the cloudCloud Adoption Framework Phase one-moving to the cloud
Cloud Adoption Framework Phase one-moving to the cloud
 
Accenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Accenture 2014 AWS re:Invent Enterprise Migration Breakout SessionAccenture 2014 AWS re:Invent Enterprise Migration Breakout Session
Accenture 2014 AWS re:Invent Enterprise Migration Breakout Session
 
The Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - BusinessThe Cloud Enabled IT Operating Model - Business
The Cloud Enabled IT Operating Model - Business
 
Demystifying Cloud Economics – Think Big: How to Build an Investment Case for...
Demystifying Cloud Economics – Think Big: How to Build an Investment Case for...Demystifying Cloud Economics – Think Big: How to Build an Investment Case for...
Demystifying Cloud Economics – Think Big: How to Build an Investment Case for...
 
Transform Enterprise IT Infrastructure with AWS DevOps
Transform Enterprise IT Infrastructure with AWS DevOpsTransform Enterprise IT Infrastructure with AWS DevOps
Transform Enterprise IT Infrastructure with AWS DevOps
 

Mehr von itSMF UK

Gary Gamp: The 21st Century Service Manager
Gary Gamp: The 21st Century Service ManagerGary Gamp: The 21st Century Service Manager
Gary Gamp: The 21st Century Service ManageritSMF UK
 
Martin Huddleston: No Service Management, No Security
Martin Huddleston: No Service Management, No SecurityMartin Huddleston: No Service Management, No Security
Martin Huddleston: No Service Management, No SecurityitSMF UK
 
Rebecca Ulyatt: People Power – Crack the Code, One Conversation at a Time
Rebecca Ulyatt: People Power – Crack the Code, One Conversation at a TimeRebecca Ulyatt: People Power – Crack the Code, One Conversation at a Time
Rebecca Ulyatt: People Power – Crack the Code, One Conversation at a TimeitSMF UK
 
Chris Bryan: Continuous Service Improvement in a SIAM Environment
Chris Bryan: Continuous Service Improvement in a SIAM EnvironmentChris Bryan: Continuous Service Improvement in a SIAM Environment
Chris Bryan: Continuous Service Improvement in a SIAM EnvironmentitSMF UK
 
Johann Diaz: The New Management of Service – Joining Up the Enterprise
Johann Diaz: The New Management of Service – Joining Up the EnterpriseJohann Diaz: The New Management of Service – Joining Up the Enterprise
Johann Diaz: The New Management of Service – Joining Up the EnterpriseitSMF UK
 
David D'Agostino and Tony Price: Kicking the KPI Habit
David D'Agostino and Tony Price: Kicking the KPI HabitDavid D'Agostino and Tony Price: Kicking the KPI Habit
David D'Agostino and Tony Price: Kicking the KPI HabititSMF UK
 
Peter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't Transformation
Peter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't TransformationPeter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't Transformation
Peter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't TransformationitSMF UK
 
Simone Jo Moore: Machine Humanity
Simone Jo Moore: Machine HumanitySimone Jo Moore: Machine Humanity
Simone Jo Moore: Machine HumanityitSMF UK
 
Hayley Butler and Spenser Arnold: Agile Service Management
Hayley Butler and Spenser Arnold: Agile Service ManagementHayley Butler and Spenser Arnold: Agile Service Management
Hayley Butler and Spenser Arnold: Agile Service ManagementitSMF UK
 
Network Rail: Intelligent Infrastructure
Network Rail: Intelligent InfrastructureNetwork Rail: Intelligent Infrastructure
Network Rail: Intelligent InfrastructureitSMF UK
 
Clare McAleese: Verism at Vocalink Mastercard... Our Journey so Far
Clare McAleese: Verism at Vocalink Mastercard... Our Journey so FarClare McAleese: Verism at Vocalink Mastercard... Our Journey so Far
Clare McAleese: Verism at Vocalink Mastercard... Our Journey so FaritSMF UK
 
Lynda Cooper: ISO/IEC 20000 - The Launch of the Revised Standard
Lynda Cooper: ISO/IEC 20000 - The Launch of the Revised StandardLynda Cooper: ISO/IEC 20000 - The Launch of the Revised Standard
Lynda Cooper: ISO/IEC 20000 - The Launch of the Revised StandarditSMF UK
 
Owen Appleton: FitSM
Owen Appleton: FitSMOwen Appleton: FitSM
Owen Appleton: FitSMitSMF UK
 
Andrew Vermes: Major Incident Management
Andrew Vermes: Major Incident ManagementAndrew Vermes: Major Incident Management
Andrew Vermes: Major Incident ManagementitSMF UK
 
Dave Wheable: Can We Manage the Future
Dave Wheable: Can We Manage the FutureDave Wheable: Can We Manage the Future
Dave Wheable: Can We Manage the FutureitSMF UK
 
Stuart Howitt: Honey, I Shrunk the Incident
Stuart Howitt: Honey, I Shrunk the IncidentStuart Howitt: Honey, I Shrunk the Incident
Stuart Howitt: Honey, I Shrunk the IncidentitSMF UK
 
Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4
Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4
Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4itSMF UK
 
Sanjeev NC: 5 Game Techniques to Immediately Apply in Your Service Desk
Sanjeev NC: 5 Game Techniques to Immediately Apply in Your Service DeskSanjeev NC: 5 Game Techniques to Immediately Apply in Your Service Desk
Sanjeev NC: 5 Game Techniques to Immediately Apply in Your Service DeskitSMF UK
 
Alice Doyne: Service Design Meets Service
Alice Doyne: Service Design Meets ServiceAlice Doyne: Service Design Meets Service
Alice Doyne: Service Design Meets ServiceitSMF UK
 
Jon Terry: Respect for People Lean's Neglected Pillar
Jon Terry: Respect for People Lean's Neglected PillarJon Terry: Respect for People Lean's Neglected Pillar
Jon Terry: Respect for People Lean's Neglected PillaritSMF UK
 

Mehr von itSMF UK (20)

Gary Gamp: The 21st Century Service Manager
Gary Gamp: The 21st Century Service ManagerGary Gamp: The 21st Century Service Manager
Gary Gamp: The 21st Century Service Manager
 
Martin Huddleston: No Service Management, No Security
Martin Huddleston: No Service Management, No SecurityMartin Huddleston: No Service Management, No Security
Martin Huddleston: No Service Management, No Security
 
Rebecca Ulyatt: People Power – Crack the Code, One Conversation at a Time
Rebecca Ulyatt: People Power – Crack the Code, One Conversation at a TimeRebecca Ulyatt: People Power – Crack the Code, One Conversation at a Time
Rebecca Ulyatt: People Power – Crack the Code, One Conversation at a Time
 
Chris Bryan: Continuous Service Improvement in a SIAM Environment
Chris Bryan: Continuous Service Improvement in a SIAM EnvironmentChris Bryan: Continuous Service Improvement in a SIAM Environment
Chris Bryan: Continuous Service Improvement in a SIAM Environment
 
Johann Diaz: The New Management of Service – Joining Up the Enterprise
Johann Diaz: The New Management of Service – Joining Up the EnterpriseJohann Diaz: The New Management of Service – Joining Up the Enterprise
Johann Diaz: The New Management of Service – Joining Up the Enterprise
 
David D'Agostino and Tony Price: Kicking the KPI Habit
David D'Agostino and Tony Price: Kicking the KPI HabitDavid D'Agostino and Tony Price: Kicking the KPI Habit
David D'Agostino and Tony Price: Kicking the KPI Habit
 
Peter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't Transformation
Peter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't TransformationPeter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't Transformation
Peter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't Transformation
 
Simone Jo Moore: Machine Humanity
Simone Jo Moore: Machine HumanitySimone Jo Moore: Machine Humanity
Simone Jo Moore: Machine Humanity
 
Hayley Butler and Spenser Arnold: Agile Service Management
Hayley Butler and Spenser Arnold: Agile Service ManagementHayley Butler and Spenser Arnold: Agile Service Management
Hayley Butler and Spenser Arnold: Agile Service Management
 
Network Rail: Intelligent Infrastructure
Network Rail: Intelligent InfrastructureNetwork Rail: Intelligent Infrastructure
Network Rail: Intelligent Infrastructure
 
Clare McAleese: Verism at Vocalink Mastercard... Our Journey so Far
Clare McAleese: Verism at Vocalink Mastercard... Our Journey so FarClare McAleese: Verism at Vocalink Mastercard... Our Journey so Far
Clare McAleese: Verism at Vocalink Mastercard... Our Journey so Far
 
Lynda Cooper: ISO/IEC 20000 - The Launch of the Revised Standard
Lynda Cooper: ISO/IEC 20000 - The Launch of the Revised StandardLynda Cooper: ISO/IEC 20000 - The Launch of the Revised Standard
Lynda Cooper: ISO/IEC 20000 - The Launch of the Revised Standard
 
Owen Appleton: FitSM
Owen Appleton: FitSMOwen Appleton: FitSM
Owen Appleton: FitSM
 
Andrew Vermes: Major Incident Management
Andrew Vermes: Major Incident ManagementAndrew Vermes: Major Incident Management
Andrew Vermes: Major Incident Management
 
Dave Wheable: Can We Manage the Future
Dave Wheable: Can We Manage the FutureDave Wheable: Can We Manage the Future
Dave Wheable: Can We Manage the Future
 
Stuart Howitt: Honey, I Shrunk the Incident
Stuart Howitt: Honey, I Shrunk the IncidentStuart Howitt: Honey, I Shrunk the Incident
Stuart Howitt: Honey, I Shrunk the Incident
 
Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4
Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4
Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4
 
Sanjeev NC: 5 Game Techniques to Immediately Apply in Your Service Desk
Sanjeev NC: 5 Game Techniques to Immediately Apply in Your Service DeskSanjeev NC: 5 Game Techniques to Immediately Apply in Your Service Desk
Sanjeev NC: 5 Game Techniques to Immediately Apply in Your Service Desk
 
Alice Doyne: Service Design Meets Service
Alice Doyne: Service Design Meets ServiceAlice Doyne: Service Design Meets Service
Alice Doyne: Service Design Meets Service
 
Jon Terry: Respect for People Lean's Neglected Pillar
Jon Terry: Respect for People Lean's Neglected PillarJon Terry: Respect for People Lean's Neglected Pillar
Jon Terry: Respect for People Lean's Neglected Pillar
 

Kürzlich hochgeladen

Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Christina Parmionova
 
2024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 252024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 25JSchaus & Associates
 
办理约克大学毕业证成绩单|购买加拿大文凭证书
办理约克大学毕业证成绩单|购买加拿大文凭证书办理约克大学毕业证成绩单|购买加拿大文凭证书
办理约克大学毕业证成绩单|购买加拿大文凭证书zdzoqco
 
productionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxproductionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxHenryBriggs2
 
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...Amil baba
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolSERUDS INDIA
 
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual UrgesCall Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urgesnarwatsonia7
 
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxTechSoupConnectLondo
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26JSchaus & Associates
 
Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Christina Parmionova
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...yalehistoricalreview
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhellokittymaearciaga
 
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...saminamagar
 
IFA system in MES and diffucultiess.pptx
IFA system in MES and diffucultiess.pptxIFA system in MES and diffucultiess.pptx
IFA system in MES and diffucultiess.pptxSauravAnand68
 
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILChristina Parmionova
 

Kürzlich hochgeladen (20)

Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.
 
2024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 252024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 25
 
办理约克大学毕业证成绩单|购买加拿大文凭证书
办理约克大学毕业证成绩单|购买加拿大文凭证书办理约克大学毕业证成绩单|购买加拿大文凭证书
办理约克大学毕业证成绩单|购买加拿大文凭证书
 
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
 
productionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptxproductionpost-productiondiary-240320114322-5004daf6.pptx
productionpost-productiondiary-240320114322-5004daf6.pptx
 
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnool
 
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual UrgesCall Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
Call Girl Benson Town - Phone No 7001305949 For Ultimate Sexual Urges
 
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptx
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26
 
Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...Enhancing Indigenous Peoples' right to self-determination in the context of t...
Enhancing Indigenous Peoples' right to self-determination in the context of t...
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptx
 
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in West Patel Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
 
IFA system in MES and diffucultiess.pptx
IFA system in MES and diffucultiess.pptxIFA system in MES and diffucultiess.pptx
IFA system in MES and diffucultiess.pptx
 
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
 

Migrating to Cloud Requires Service Management

  • 1. We’re Migrating to Cloud – Who Needs Service Management?
  • 2. Agenda • You need to do this; • This is why; • Here’s the inspirational story to back it up; • If you don’t do it you’ll die; • Here’s a case study that focuses on what was achieved but gives no insight into how; and • This is what will happen in the future – you MUST do this! No, we are not going to do that!
  • 3. The basics: why cloud? Reasons can include: Greatly reduced implementation times Cost savings Faster innovation cycle Resilience Optimised resource utilisation Better responsiveness
  • 4. Cloud – Someone else’s computer? The generally accepted definition of cloud computing from the US National Institute of Standards & Technology (NIST): A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
  • 5. The Five Essential Characteristics • On-demand self service • Broad network access • Resource pooling • Rapid elasticity • Measured service
  • 6. Cloud Service Models • Software as a Service (SaaS) – Using the provider’s applications running on cloud infrastructure. Perhaps the most well known service model due to the success of some providers (e.g., Salesforce, Workday). • Platform as a Service (PaaS) – In addition to core infrastructure components, provides the software platform on which higher component such as applications can be built. • Infrastructure as a Service (IaaS) – storage, computing capabilities, networks and other fundamental resources.
  • 7. Cloud Deployment Models • Public Cloud ⎻ Available to public or large industry group ⎻ Owner by the Cloud Service Provider (CSP) • Private Cloud ⎻ Operated solely for one enterprise ⎻ Managed by enterprise or a provider ⎻ May be on- or off- premise
  • 8. Cloud Deployment Models (cont.) • Community Cloud ⎻ Shared by several companies ⎻ Supports a shared mission or interest ⎻ Managed by an enterprise or a provider ⎻ May be on- or off- premise • Hybrid Cloud ⎻ Combination or two or more deployment models that are unique entities ⎻ Bound by standard or proprietary technology enabling data/application portability (e.g., cloud bursting for load balancing)
  • 9. An analogy with PizzaaaS
  • 10. So how do you do cloud – like this? No! How much of our technologies are misunderstood?
  • 11. And certainly not like this! How many governance and management failures can you spot?
  • 12. So why do we need Service Management? Let’s ask some simple questions …
  • 13. Who will the business call if there’s an issue with the cloud service? Not my problem. Call the cloud service provider. How would that work? Wouldn’t business users expects call the Service Desk and let IT handle it from there?
  • 14. What if there’s planned maintenance in the cloud which impacts one of more of our internal systems? That’s out of our hands. We don’t manage the cloud and don’t have access to their change system. Surely your internal change management process should still be able to account for this through a change risk & impact assessment?
  • 15. What if your critical business processes are impacted by a cloud related problem? No problem. I’ll hold the cloud service provider accountable! Best of luck with that! The business will still see IT as accountable.
  • 16. What if the cloud suffers a breach of sensitive personal data you store there? No problem. I’ll hold the cloud provider accountable per the contract! Moving a service to cloud does not absolve an organisation from its duties of care and accountability to legal & regulatory requirements.
  • 17. Finally, what about Service Management? We’ve moved to cloud – we don’t need Service Management! Are you sure about that? From the previous questions it seems you have some homework to do!
  • 18. Summary so far • Do your homework • We still need a Service Management processes • Cloud doesn’t govern itself – we are still accountable for governance & assurance • In short, we need an operating model.
  • 19. POLISM: Elements of an Operating Model1 Processes • How work is done to provide outcomes that deliver value • Each service process should deliver an intrinsic value that can be measured through KPIs • What service processes do you have that will need reviewed and amended for cloud? • What additional service processes do you needs for cloud (e.g., Supplier Management) • ITIL, ISO/IEC 20000 and COBIT® are good reference sources Organization • How are the services processes and their value chains mapped into organizational structures across the organization and the CSP? • What are the required roles and skills for each and do they need to change for cloud? • What are the essential processes that cross multiple parts of the organization and/or CSP (e.g., change management) Locations • Where are the service processes executed? • Where are physical assets? • Where is the data? • What intellectual property considerations are there? • What are the governing legal & regulatory needs of each location? Information • How is each processes supported through information systems? • Service Management toolsets? • Trusted sources of data? • Electronic integration of sources (e.g., APIs)? Suppliers • What suppliers (in additional to the CSP) are needed to support the service processes? • What is the nature of collaboration with each supplier? • What are the policies governing selection and oversight of suppliers? Management System • What are the oversight processes for planning, assigning actions, setting targets, making decisions and measuring performance to plan? • How is the management system itself managed? • How is continual improvement managed? 1 – Based on the “Operating Model Canvas” – see further reading.
  • 20. For each POLISM element of the operating model, follow a CSI approach • The vision links to o Organizational goals & objectives o Governing policies • Gap analysis of where we are to where we need to be (next) • Plan/Do/Check/Act, adjusting the vision where necessary
  • 21. It’s all about the processes • The core part of the operating model are the service processes • This is where the where outcomes are delivered and value provided • Where to start? Configuration Management and the CMDB is a fitting starting point!
  • 22. The whole world is a CMDB • For thousands of years we’ve come to rely on machines of increasing complexity • Machines are built from many components working together to do something of value and generate the desired outcomes • IT systems are like any machine – components must be connected in the right way for it to work to deliver what we expect (utility) and how (warranty)
  • 23. Dodgeball A Case in Point: CMDB mapping of the “Dodgeball” SaaS application Configuration Item created – job done! Or it is?
  • 24. Dodgeball Fireball A Case in Point: CMDB mapping of the “Dodgeball” SaaS application (cont.) But Dodgeball is part of a business critical service offering
  • 25. Dodgeball Fireball Dodge-In Dodge-Out A Case in Point: CMDB mapping of the “Dodgeball” SaaS application (cont.) But Dodgeball is part of a business critical service offering And it relies on an essential data feed from this system And in turn provides an essential data feed to this system
  • 26. Dodgeball Slowball Fastball Fireball Dodge-In Dodge-Out A Case in Point: CMDB mapping of the “Dodgeball” SaaS application (cont.) But Dodgeball is part of a business critical service offering And it relies on an essential data feed from this system And in turn provides an essential data feed to this system And has a critical dependency on this system … … and this system. The Lesson: even SaaS needs service mapped in the CMDB
  • 27. Assignment of control across components Components native to the CSP’s CMDB can be brought into your own CMDB (e.g., via API/e-Bonding) with suitable governance and controls around their consumption and maintenance
  • 28. COBIT®5 View (ISACA) vs. Cloud Controls Matrix (Cloud Security Alliance)
  • 29. Simple Process Model Quality Parameters & KPI’s Process Owner Resources Process Activities Process Control Process Enablers Output and Output Specifications Process Goal Roles Input and Input Specifications
  • 30. Simple Process Model Quality Parameters & KPI’s Process Owner Resources Process Activities Process Control Process Enablers Output and Output Specifications Process Goal Roles Input and Input Specifications
  • 31. Example – Change Management Process Control Process Enablers Outputs: o Deployed RFCs o CAB Minutes / Actions o Change Management Reports Inputs: o Change Schedule – Internal o Change Schedule – CSP o CMDB o RFCs Owner: Change Manager Goal: o Minimise adverse impact of change upon service quality o Assess potential benefits of change against risks and costs to the organisation o Ensure correct methods and procedures used KPIs: o Number of RFCs implemented on schedule o Number of RFCs bypassing CAB/EC o Number of incidents caused by change Process Activities: o Record o Review & Assess o Risk & Impact Assessment o Approval to Proceed o Build & Test o Approval to Implement o Implement o Post Implementation Review & Close Roles: o Change Manager o CAB o CSP Resources: o Service Desk o Support Groups o ITSM Tools o Documentation o Training o CSP Note: bulleted lists are not exhaustive
  • 32. Client versus CSP Responsibilities • How does each service process need to change to accommodate cloud (e.g., change in responsibilities) • How does the hand-off occur? • A RACI (Responsible, Accountable, Consulted, Informed) mapping of roles is essential
  • 33. RACI Example – Configuration Management • Simplified RACI – covers “R” only • Quicker and simpler to develop in the first instance • “A” usually cascades up the organization • The “C” and “I” activities often occurs through forums (e.g., CAB) and electronic notifications from service processes from ITSM toolsets No Level ProcessStep Service Integration & M anagem ent Configuratio n M anager Desig n Authority Enterprise Architect Configuratio n Data Ow ner Requirem entsO w ner R A A,R C I 1 1 Configuration Management Process 1.1 2 Configuration Planning 1.1.1 3 Define Configuration Management Strategy A R C C I I 1 1 0 2 1 1.1.2 3 Define Configuration Management Policy & Standards A R C C I I 1 1 0 2 1 1.1.3 3 Define Configuration Management CSFs/KPIs A R C C I I 1 1 0 2 1 1.1.4 3 Define, collaborate and test requirements that consume CMDB A C I C R 1 1 0 2 1 1.1.8 3 Define IT Business Process for consumption of CMDB A C I C C C 0 1 0 4 0 1.2 2 Configuration Identification 1.2.1 3 Define CMDB Design Principles A R I C C C 1 1 0 3 1 1.2.2 3 Define Data Model - conceptual, logical, physical A R I C 1 1 0 1 1 1.2.3 3 Define CMDB Configuration Management Process Artefacts A R I C C C 1 1 0 3 1 1.2.4 3 Provide non-discoverable CI data A C R I 1 1 0 1 1 1.2.5 3 Facilitate auto-discovery of discoverable CI data A C R I 1 1 0 1 1 1.2.6 3 Confirm completeness of CI data estate A C R I 1 1 0 1 1 1.3 2 Configuration Control 1.3.1 3 Maintain Configuration Data A C A I 0 2 0 1 0 1.3.2 3 Facilitate auto-discovery of discoverable CI data A C R I 1 1 0 1 1 1.4 2 Configuration Status Accounting 1.4.1 3 Provide / Facilitate generation of Configuration reports A R I I 1 1 0 0 1 1.4.2 3 Provide / Facilitate generation of Configuration related metrics/KPIs A,R 0 0 1 0 0 1.4.3 3 Coordinate & oversee CMDB continual improvements A R C C C I 1 1 0 3 1 1.5 2 Configuration Verification & Audit 1.5.1 3 Plan and conduct audit A R C C C I 1.5.2 3 Report on CMDB audit outcomes A C R 1 1 0 1 1 No Level ProcessStep Configuration M anagem ent Configuration Practitio ner(Adm in ) Configuratio n Data Ow ner Service ProcessUser ITSM Platform Adm inistrator 1 1 Configuration Management Process 1.1 2 Configuration Planning 1.1.1 3 Define configuration scope, policy, strategy and governance & controls R 1.2 2 Configuration Identification 1.2.1 3 Define, establish and maintain Configuration Data Model - conceptual, logical and physical R 1.2.2 3 Define, establish and maintain configuration management process workflows R 1.2.3 3 Establish and maintain trusted data sources into the Configuration Management System R 1.3 2 Configuration Control 1.3.1 3 Ensure configuration data updates are incorporated (where needed) as part of Change Management R 1.3.2 3 Provide and maintain configuration data (and approve process user requests to update configuration data R 1.3.3 3 Provide administrative and technical support to process users and configuration data owners R 1.4 2 Configuration Status Accounting 1.4.1 3 Define and report on agreed metrics and Key Perfomance Indicators & Key Risk Indicators R 1.5 2 Configuration Verification & Audit 1.5.1 3 Coordinate & oversee periodica verification & audit of configuration data R 1.5.2 3 Perform periodic verification of configuration data and perform remediation activities R Simple RACI – “R” only Full RACI – all actors
  • 34. And what about governance, risk and security? How risk level maps against cloud service and deployment models
  • 35. The IT Risk Management Lifecycle • Risk Scenarios drive risk identification • The Cloud Security Alliance (see Further Reading) is an excellent source of information and template for cloud risk assessments • Assessment should align with enterprise risk governance so risk portfolio and measures are in true business terms • Risk response options include accept, avoid, transfer/share, or mitigate • Since inception of SOX, controls have become highly prevalent in the treatment of IT risk and legal & regulatory compliance: • Many are preventative, detective, corrective • Can also be managerial, physical or technical in their implementation • And additionally directive, deterrent, recovery and compensating controls
  • 36. Interdependencies between Control Types Interdependent controls are designed against risk Scenarios, which for cloud are different to in-house
  • 37. The Five Pillars of Cloud Security • Service Management! • Organization • Technology • Security and Data Protection • Governance, Compliance, Legal and Audit
  • 38. The Five Pillars of Cloud Security Service Management • The POLISM model we’ve discussed • The contracts are king – ongoing effort to actively manage them and service levels is essential • CSP should be assessed on ability to integrate service management with the customer to manage availability of services with seamless execution of critical service processes • Also requires the CSP effective capacity management to handle the concurrent load of multiple customers in shared environments.
  • 39. The Five Pillars of Cloud Security Organization • This must start with your organization’s strategy for adoption of cloud based service • Must include human resource planning • What is the retained organisation and how are relationships managed with the CSP • Good Organizational Change Management is needed to adapt business processes and organizational structures to make cloud adoption a success.
  • 40. The Five Pillars of Cloud Security Technology • This is a key driver to cloud computing – access to technology and rapid innovation • Interoperability and compatibility of new technologies with legacy/heritage need considered. • IT Architectures needs re-considered • A different systems development lifecycle is required • A different support model is required.
  • 41. The Five Pillars of Cloud Security Security and Data Protection • Internal data typically leaves the trusted network perimeter bringing data protection challenges • Security of data at rest • Security of data in motion • Cyber threats can be both internal and external with collaboration needed between customer and CSP • Cloud environments can be more secure • Don’t expect the CSP to follow your security policy • Business Continuity should be an integral part of security as part of the CIA (Confidentiality, Integrity and Availability) trio.
  • 42. The Five Pillars of Cloud Security Governance, Compliance, Legal and Audit • Legal requirements must consider the industry and legal jurisdiction(s) you are operating in • Governance processes need to be able shared responsibilities between the CSP and your organisation. • Contracts need to include terms for cascading of outsourcing partners • Need to ensure a right to audit clause
  • 43. Summary • Do your homework • Use POLISM to develop an operating model • Understand the service processes you have and the ones you need • Map the RACI for your processes, being clear of the hand-offs with the CSP • Use the Five Pillars for security and assurance of cloud services.
  • 44. Further Reading Operating Model Canvas (Van Haren Publishing) https://operatingmodelcanvas.com Cloud Security Alliance – Cloud Controls Matrix https://cloudsecurityalliance.org COBIT®5 – Controls & Assurance in the Cloud http://www.isaca.org/Knowledge- Center/Research/ResearchDeliverables/Pages/Controls-and-Assurance-in-the-Cloud- Using-COBIT-5.aspx
  • 45. ITSMF UK Premier Gate, Easthampstead Road, Bracknell, RG12 1JS, United Kingdom Tel: +44 (0) 118 918 6500 | Web: www.itsmf.co.uk