Just about my very first experience in IT –
brought onto a project as a customer ‘expert’ – was listening to the IT guys
debating how to make use of the data we already had on the old system. In my naivety
at the time I had thought computers used ‘computer language’. Quickly I
realised they were more like people than I had suspected – that there were lots
of computer languages, and each computer spoke only one of them, and could make
no sense of the others.
Now, in the interceding years (some 27 of
them L) great progress has been made – we expect computers to talk to each
other. This almost universal technological communication ability sometimes
blinds IT people to the fact that human communication has not evolved
Until we perfect direct thought
transference, all the communication we do, whether written or spoken, texted,
tweeted or painted on the walls, relies on a two stage process. First you put
your ideas into words (usually words and sometimes also gestures or pictures –
or a combination of all three). Then someone else has to take those words etc
and turn them into thoughts inside their head. There is always an ‘encrypt/decrypt’
section to human communication.
Now that can get messy, confusing and
create all sorts of mistakes in delivering the message. You probably wouldn’t
design it that way. In fact in a pure IT context we would be looking at ways to
deliver direct communication in a standard format from one system to the other.
But people don’t work that way; it is what we have and we need to work with it.
Communication isn’t just about being accurate;
I think it is better measured by whether it is useful. In IT, people still manage
to get the communication spectacularly wrong by not thinking about the whether
the customer (or client or user) is equipped to decrypt the message. As one
example, here is an error message I got on my screen the other day, apparently
intended to inform me why the software couldn’t do what I had asked it to do: “Unable to contact the target back-end forwarding host (proxy target)”. I presume that made perfect sense to the person who set the
software up to deliver that. They were maybe a great programmer, but evidently
not a human communications specialist.
It’s easy enough just to dismiss this as
one more version of ‘Computer says no’, but why is it no surprise? Maybe it’s because
we still seem to think it OK to throw our jargon at others who don’t share it.
Or maybe we forget they don't know what we do. Actually, to be fair this is not
only an IT thing – ask anyone who has been caught on a French train having
failed to quite understand the printed message exhorting them “composter votre
billet”. (And if you don't already know but intend to travel on a French train,
trust me, you need to find out what it means, but it isn’t a French word that
they usually teach you in basic language classes. A classic case of
encrypt/decrypt failure in a service management situation that has nothing to
do with IT.)
The technologists amongst us love the
challenge of integration, communication across platforms etc. but there is
recognition that this is expensive and should be unnecessary – an area where
standards and commonality help everyone. Why do we forget our most common
encrypt/decrypt situation – getting a message from one mind to another.
I hope that the irresistible tide of
universal cloud adoption and pervasive social media communication will solve
all these troubles – and allow us to concentrate on the people issues more. But
so far the social media snowball doesn’t seemed to have reduced jargon – quite
the opposite. Those of at a certain age are now totally incapable of
understanding what are children are saying, even when they give us access to
their on-line worlds.
Actually, this is fresh in my mind now
because it forms a little game we will play during my talk at Monday 5th
March at Pulse – our big SM event in Vegas next month. I plan to have people
encrypting and decrypting during that session. I am interested to see how they
get on, and hopefully to make them realise there are some simple tools we can
use to make things better. Nothing magic, and the same techniques we
demonstrate in the simulator. Mostly they rely on establishing common ground –
establishing communication channels and learning what will work, by finding
shared understandings, and by relying on more than words alone when it makes a
The best part about all that is that from
the outside it might look like gossip and drinking at the bar – but we realise
it is building business critical communicating platforms and channels. The message
that things can be both fun and relevant at the same time is also part of the
So, if you are at Pulse maybe you will be
able to come along at 6pm on Monday. If not I hope to get the chance to
encrypt/decrypt with you at another event this year. And thank you for your
efforts in decrypting this message, I hope it wasn’t too difficult – and I hope
it has some resemblance inside your head to the one that was in mine.
Guess who's going to be making a guest special appearance at the Solution Expo at Pulse?
No, not Maroon 5. (though they will be performing at Pulse on the Tuesday night in the Grand Garden Arena)
The answer is Watson!
The Watson Experience is a demonstration that illustrates how managing big data and applying analytics can help businesses gain meaningful insights. Watson shows how we can confidently make decisions through ranking answers, and handle structured and unstructured data by running hundreds of different kinds of analytical queries across all different kinds of information.
And then on Day 3, Manoj Saxena, General Manager of IBM Watson Solutions, will provide a glimpse into the innovations of the future with a talk on how IBM and leading clients are "Putting IBM Watson to Work." This keynote will offer insight into how the advanced analytics used in Watson are being put to work in businesses around the world to solve some of the industries biggest challenges, leveraging Cloud Computing. Manoj will highlight IBM’s strategy to commercialize the Watson technology with embedded industry content and how it complements an optimized, integrated cloud-based IT environment.
So be sure to pay an up close and personal visit with IBM's most famous game show contestant, and learn how it can help businesses prosper!
That’s a paraphrase of many quotes – but
whichever famous quote peddler you choose, it is surely a mantra of sorts for
successful service management. To me it
neatly addresses two key points:
It is no good meeting all the metrics that you set for yourself
if that only makes your performance look good to you – it’s the customers’
opinion that matters because they are the ones providing the money to make
it happen – and they may well stop doing that if they aren’t impressed
What people perceive is based upon their situation and
knowledge as well as your facts.
I had some first-hand instruction on this
recently that helped my understanding. Both were a little funny at the time but
maybe with some serious messages.
Firstly two different perceptions of what
must have looked very similar situations to a detached observer – driving last
year down a fast dual-carriageway road.
Both times I was on my way to my father.
First time an ordinary sunny day. I am driving at ‘about’ the
speed limit of 70 miles per hour – and a car comes hurtling up behind me
and sits a few metres behind me with the driver clearly impatient that I
am holding him up. I ventured an opinion as to his personality –
considering him less than sensible, some pushy-salesman type, and
certainly not deserving of my moving quickly out of his way
Two months later I am driving down the same road – only this
time I have been summoned to my father’s hospital bedside by medical staff
with the line ‘I think you should get here as soon as you can’. Now I am
doing a lot more than 70mph, and find myself slowing down to 75 and
hanging on other cars’ back bumpers amazed at why people can’t simply get
out of the way – surely they can see I have to go quicker than that.
So – good guy or bad guy? Depends on what
you know, and that depends on what you are and what has happened somewhere
The other one, I feel the need to share all
hinges around those daily gifts we get form our dogs. Each day I take our dog
for a walk in the field behind the house. The field is just the other side of
the fence and hedge around the back garden, but to get there you have to go out
the front, down the road through the alley and back – about 300 metres or so.
Now dogs, being dogs, use the daily walk for relieving themselves and people,
being only people, are left to pick it up in plastic bags and carry it. But
since our walk takes us back down the other side of that garden fence, rather
than carry the little bags round the field, I toss them over the fence and into
our garden, to pick up and dispose of when I get back. So, I am doing this when
I realise I am being watched, by another man out walking his dog. Thinking
about it afterwards he just sees someone flinging doggy doo over a fence into someone’s
garden. He did not speak, but did manage a look that clearly had me well below
pond-scum in any kind of social acceptability league table.
OK, so some examples of skewed judgement
based on incomplete knowledge, we all have lots of them – and please feel free
to send in any good ones that have happened to you.
Very few of these matter in everyday life –
we shrug and move on and usually never see the misunderstanding or
misunderstood person again. But when it matters we need to establish
communication to get some idea of the events that drive perceptions of those
who we will interact with long term. This is why we know things about those we
live with and care about – their favourite colours, the foods they like and
dislike, which football teams they support and lots more. That is worth doing
because these people matter to us, and because this makes both their life and
ours more pleasant.
So apply this to work, how much more
pleasant – and easier – will your life be if your customers are happy with you,
if they understand what you are doing and you understand what they care about.
That simple idea is at the core of a lot of my work these days – in the
simulation games and the presentation at events. It certainly underpins the
talks I am slated to do at IBM’s Pulse and itSMF Norway in March.
If I go back to the first set of two
bullets I wrote at the start of this piece, they are trying to say that you
need to know how your customers – and maybe other stakeholders – are feeling today. This will drive how you address
things. So customer perceptions influence prioritisation – standard best
practice stuff. What I was trying to point out in my driving example was that
those perceptions and attitudes are anything but fixed. Just because you know
what mattered yesterday, doesn’t mean you know what will matter today or
tomorrow. There are clues and signs you can look for – find out what things
affect your customers attitude and monitor those yourself. Again that is
something we can do fine at home – we are aware of some of the influences that
change attitudes and perceptions on our loved ones – be that exams the next
day, football on the TV tonight, or a fight with a friend.
Maybe what we need is more formalised
gossip at work – because it is often the conversations that don't seem to be
about work that tell us most about how our customers will react – and more
importantly how they want us to react. One thing the 21st century
has brought us – big time – is new ways to gossip, or should that be freely and
rapidly exchange more information than we ever dreamed was possible. So, maybe
this is just one more business benefit of social media, one that delivers its
success by not being so obvious?
Actually, I don't care how you gather more
understanding of your customers concerns and perception influencers use every
means you can. You could do worse than simply going to visit them, talking and
listening. Set yourself a target perhaps – name one thing that would change
your customer’s priorities, and then ask them if you are right.
This year at Pulse, we will be running another Cloud Service Management Simulator Workshop. If you are interested in attending, please send an email to email@example.com
What is it? -The
IBM Cloud Service Management Simulator Workshop is a hands-on,
interactive simulation game which focuses on the challenges and business
value of implementing service management best practices in the context
of a realistic scenario. -During the workshop, you'll use
gaming and role-playing dynamics to mirror the real-world interaction
between IT and the business, from both a strategic and operational
-Over the course of the session, you will
experience a transformation from chaos to order, and learn how the
right balance of speed, accuracy, and prioritization in problem solving
can translate into a superior business outcome.
What's in it for you? -Accelerated
and breakthrough understanding of ITSM and ITIL best practices, which
you can take back to your company to assess how these can contribute to
your organization. -Better understanding of how the effectiveness of IT processes impacts the business.
-A fun interactive experience!
When is it? -Sunday, March 4th, from 2:00pm to 5:00pm, -MGM Grand Hotel, Las Vegas - Room 306 (Level 3 of the hotel conference center)
-We deliberately chose this day and time, as it does NOT conflict with any other sessions.
We live – more and more – in a world where everything that matters can be done on line, where we see and hear better on screen than for real.
You can now take an active part in the world – and potentially run a successful business - without ever leaving your home, possibly without getting out of bed.
And even when we do turn up for real we spend a lot of our time watching things on a screen – be that the presenter or performer in a large hall or the action reply on the giant screens at a football match
You will have seen in the promotions and advertising, that the key presentations from IBM’s show-piece service management event – Pulse – running on 4-7 March in Las Vegas will be streamed live on the web to the warm and cosy comfort of your home.
Despite how easy and good the virtual feed of sessions, chat and information were, 7000 people did get out of their beds in 2011 to travel to Las Vegasand actually be at Pulse, just as thousands turn out weekly to watch football at the stadium when they might have had a better view of the action by staying at home. And even formula one motor racing gets sold out attendance when you can never hope to see much of the race in person compared to what the TV coverage offers.
It seems that there are still good reasons to actually be there – not to put down the value of connecting to the live web streams, but even in the 21stcentury, people learn from people. Pulse is a big and excellent example, but throughout our community we see conferences still being successful and drawing people together to share experiences in surroundings that the virtual world can’t quite match yet. As well as the formal sessions at conferences and events, the networking opportunities of being with others in similar circumstances delivers real benefits – comparing notes with our peers from across the world.
Technology is good – and joining conferences on line is way better than missing it altogether, but people-to-people still has a lot going for it. I’m looking forward to the combination – the atmosphere of really being there and mixing with everyone in the exhibition areas – and over a sociable beer or two at dinner. And of course the added value that streamed interviews and 'watch again on demand' that is available over the web.
This amalgam of real and virtual seems set to be the conference norm for a good few years still – 7000 people at pulse thought so last year, and thousands went to itSMF conferences around the world in 2011 too.
And Pulse is in Las Vegasof course – where could be more appropriate for the combination of real physical existence with technologically driven enhancement - a bit like Red Dwarf's famous 'better than life' game. J
Do you think virtuality will one day totally replace human gatherings? I guess eventually it might, but for now I intend to enjoy both at once and count myself lucky to be alive at the right time to do that.
You can find out all about Pulse – physical and virtual offerings at www.ibm.com/pulse.
See you there – for real, on line, facebook, twitter and more!
If you have spent five minutes with me, you have probably heard me rave about the "WTF" podcast from Marc Maron.
It is the first topic of discussion when I talk to a friend of mine (second being Doctor Who).
The reason WTF works is that you have a veteren comedian (Maron) who knows the questions to ask. Who understands the journey. Who can have the types of discussions that lead to places you and I wouldn't think to go.
Maron is on the short-list of great interviewers. His podcast is one of the few times where the word "fascinating" really applies.
There are a number of reasons to attend (and if you read the Pulse Blog or follow #ibmpulse, they're too numerous to list here).
We announced that Woz is one of our keynote speakers.
Well, the format for this keynote is going to be a little different. He is going to be interviewed by none other than IBM's very own; Grady Booch (@grady_booch).
Grady is an innovator in the same vein as Woz. He was one of three individuals who invented UML.
As someone who worked for a company that relied heavily on UML (which I'm sure is the same for many readers), it's like "Memphis" Raines meeting Henry Ford. He's pretty much the reason a number of us are where we are in this industry.
UML. The Apple computer.
Grady and Woz were not only on the ground floor of technology revolutions, but they both built most of the foundations.
Between the two of them, they personify the type of innovation that we promote at Pulse 2012.
I can not stress this enough: innovation is the differentiator. It's what puts our clients in the leadership position in their industry. It's the thing that organizations playing "catch up" are trying to chase down.
Pulse is about not only helping you find the solutions to drive your innovation, but it's also about mindset. It's about thinking like an innovator.
Thinking like Woz and Grady. Getting you there.
And a keynote like this, with a real in-depth discussion between two of the best in the business. It's gonna be fascinating and you need to be there.
As I wrote last week, I am looking forward to delivering more simulations over the next weeks and months, I always enjoy the buzz of working with people rather than sitting in a lonely room hitting keys and listening to the dog snore.
I went through my technologically savvy period some years ago (back in the horse-drawn computer age). For years now I’ve felt that the biggest scope for improvement in service management is through the people part of the famous trilogy of people, process and technology.
It’s important though to be sure that we don't forget it is a trilogy – in a recent presentation I used a picture of a milking stool to make the point: three legs, if you have problems in any one of them you will fall on the floor, spill the milk and fail to do your job.
So the emphasis on people is not because we don't need the technology – it’s because there have always been plenty of people selling the technology hard in our business. And it sometimes seems to me that there are people even keener and more excited to buy it – each one as much a fashion victim as the lady horrified she’ll be spotted in last year’s shoes. But – for sure – we do need good technology. Of course, I work for a software and technology company so I would say that, but that doesn’t make it wrong.
And process is still vital – that is the first level of learning that comes from our simulation games – not knowing what needs to be done usually means you don’t do what needs doing. I remember getting excited by process when I first understood how to see and then improve them. I remember also how much better ITIL V2 was than V1 when we went ‘process focused’ – and how modern and nifty we thought we were.
But again – there is no shortage of process champions, so forgive me if I keep harping on about the people. There are more of us than there used to be pushing the importance of people. Paul Wilksinson, of course, has been – and still is – a trailblazer, although he is still obliged to play the prophet because the vast majority of our industry still needs to be converted to the simple reality; that no matter how cool your IT gadgets and software and no matter how carefully researched your process, if you don't keep the third leg – people – strong and secure then things simply won’t work.
Successful politics is called ‘The art of the possible” and I am aware we – those who believe that people factors are the biggest stumbling block to successful service management – need to play that game too. No point (yet) trying to make everyone totally people focused – our efforts through the simulators and suchlike are to at least get IT managers to realise that the quality of the services they deliver does depend on people aspects. It’s simple stuff really, like people talking to each other, finding out what things matter to them.
Strangely enough, this is the kind of thing we do well and automatically outside work, but somehow it becomes so much harder when it gets all business related – maybe we like to take sides at work, or think the office is too important a place to act human in. What is about being in the office (or Datacentre or shop floor or whatever your work looks like) that strips us of some basic level of humanity? We seem able to talk to our colleagues at work about non-work things – last nights TV or football, fashions, music etc – but not about their work wants and needs.
Of course there are exceptions – we need to capture and promote these to help us get the message across. My favourite is a reversal of the norm I just described. It is from a UKgovernment department where a cricket match between IT and Finance was being played out one evening. Due to Finance’s excellent bowling there was a hiatus since the batsmen were being dismissed faster than the next one could get the equipment on. During this pause the non-striking batsmen (from IT) was chatting about work and they solved a issue that had turned into a long running fight between managers. The managers had stood on principles and formality instead of talking about what was actually wanted. The issue was solved by these real workers getting a mutual understanding through the revolutionary approach of talking and listening to each other.
That’s what we shall be trying to do with the delegates to our simulation sessions – and in other ‘take the people seriously’ initiatives. Do you have some good stories about how much difference it makes when your people are able to understand each other’s perspectives? Be great to hear them. Be even better to catch up at one of the forthcoming simulations, or to see you at Pulse in March and we can talk – and listen - over a beer. J
 Apparently coined by Bismark, but I first heard it used by Harold Wilson in the 1960s
Well, we are well into 2012 now and we have just about got though the ‘my predictions for 2012’ phase and in to ordinary routines again. Whatever the predictions, like with most years I predict that 2012 will look a lot like an older version of 2011.
There is still talk of recession, companies that struggled for funding in 2011 are no richer, Cloud is still talked about by a lot more people than understand it.
On a personal level 2012 has already delivered some of the improvements planned in 2011 – and I hope the same will happen workwise. Next major thing on my work horizon is IBM’s big service management show – Pulse. Back again at the MGM Grand in Las Vegas we are promised it will be bigger and better than ever. I understand that bigger is important in as Vegas but I am usually even keener on better. Actually though, to be fair I am delighted that ‘my bit’ at Pulse looks like being bigger this year – with not one but two chances to deliver the cloud-readiness simulator on the weekend before the show itself starts. In fact there will be a strong focus on simulator this year with our team being on the exhibition floor to explain what, why and how they can help you.
Of course – like I implied above – this isn’t exactly new, but it is proven. Of course there will be lots of new stuff available – geeks welcomed and catered for. The technologists will – of course – be well catered for with lots of ‘future possibles’ and indeed a vision of some possible futures too. But service management’s primary focus is not on what might happen next year; it has always been about delivering value this year. In fact one of my favourite aspects of service management is how it rests on widely applicable principles, even though how they are applied might alter. For example, while change management processes in a cloud environment might need different considerations to make them most effective –the basics remain. I was working in service management long before I ever touched a computer. I remain constantly delighted to discover that lessons learned 30 years ago in supply and transport are still relevant to the 21stcentury IT based services we manage today.
So, if you are going to be at Pulse come along and tell me whether you agree that old-fashioned service concepts are still valuable – or come and explain why dinosaurs like me should be swept away by the meteor strike that is cloud. Either way – at Pulse or elsewhere – I look forward to good, informed and enjoyable debates. Good to think of the new year building on the successes of the old – at home and at work.
 If you follow me on twitter - @ivormacf - you will know where and when I will be in terms of events. Useful, whether you want to know how to find or to avoid me – same thing works both ways.
Over the recent Christmas break, I found
myself at lunch with an Enterprise Architect and the
conversation turned – as it does - to the future of the IT industry.
we agreed on the
topic of what IT jobs and attitudes should be over the next 10 years – others at the table disagreed with us – but that’s a topic for another blog
Now I live in a Service Management space, and so clearly I
know that everything – at least everything about creating and delivering IT
services – is wholly contained within a complete picture of service management: because
everything flows from the need for the service – in terms of value conceived,
engineered and then delivered to the customer.
So, imagine my surprise when the enterprise
architect (let’s call him Kevin J) came out
with the phrase – introduced as though it were universally accepted knowledge –
that everything is contained within the concept of enterprise architecture and all other things fit inside that. Well, you would think that one of us has
to be wrong – but maybe not?
Seriously though, I do realise that each
of us has a coloured view of the world. But even when you know you might be, if not actually biased, at least running along familiar tracks rather than striving for
objectivity, it can still be a surprise when you run into what seems a different
Of course – in this instance it isn’t
really a different perspective at all. Human Beings to tend to fit external
matters into handy pigeon holes – and those pigeon holes are inside our own
pigeon house – service for me, EA for Kevin.
Maybe we just need to get all these
different perspectives in one room and get them to agree on which view is
right? I suspect, however, that this has been tried – and failed. Because it
isn’t conflicting theories we are dealing with here. Instead it is that
familiar old chaos machine – people and perceptions. They are all right (and
all wrong too of course, but this early in a new year let’s try and be
Trying to look at the situation
simplistically, it seems to me that we have had lots of good idea over the last
20 years or so that have been helpful – but we live in a complex interrelated world and each
successful approach brings you to an edge or interface where you are dependent
for further success on the neighbours. Human nature makes us jump to the
conclusion that if the neighbours used my approach then they would do better.
Maybe it’s true but maybe it’s not – maybe we have as much to learn from the
neighbours as they have from us?
Let’s analogise that to real neighbourhoods. Is there anyone who doesn’t think things would be better if their neighbours
behaved more like them and adopted their processes,and practices – especially
things like where it is OK to park and when it is OK to be loud? But actually
they have slightly different needs (maybe because of things we don’t have like kids and dogs or a job that requires shift working)
and so they do need to do things differently. But still there is much to learn from
each other; simple stuff like where did you get your fence fixed etc and more
strategic stuff like comparing mortgage plans or discussing the best school
Within our IT/services/architecture kind of
world we have
the same chance to benefit from discussions with our neighbours. And just like
with our domestic neighbours, the best way to get along and help each other is
by accepting others’ perspectives as equally valid. It is good to see
initiatives like devops starting
to encourage this. My major familiarity over the past 20 years has been service
management but I can see both lots to learn from our neighbours like EA and
development and also lots we can help with too.
Have you spoke to your neighbours recently?
And if so was it with a predisposition to teach or to learn?
I recently had some first hand experience –
from the receiving end – how much of an effect genuinely good customer service
can have. The experience started in dismay but was recovered well beyond
Anyway, to start at the beginning ….
I had to go and ‘swear an affidavit’ –
which for those of you not into the jargon of jurisprudence means to formally
promise what you are saying on a form is true. In England you can either pay a
solicitor for this service, or you can get it for free at the county court. So,
of course, I went off to the County Court.
Now, it started, I admit, with me failing in my responsibility to be a proactive customer. I did not think
through what I knew. County Courts in England are where the most
serious crimes are tried, so it is where the most dangerous criminals would be.
A moment’s thought, therefore, would make it obvious that there will be fairly
impressive security. But of course I was just thinking about delivering a form
so the metal scanner and request to empty my pockets took me by surprise. And
my producing my Swiss Army penknife from my pocket sent the security man into
action. The knife was confiscated – suggestions that I wasn’t even in the
building yet and could just go back, leave offending items in the car and start
again, were not allowed to be considered. I was told that I could not get my
knife back when I left but instead I needed to write in to the court manager
asking for it to be returned by post.
So, I had a perfect example of a ‘Moment of
Truth’; putting me instantly, and very extremely, ‘anti’ the staff and the
processes. It seemed obviously the staff are required to leave common-sense at
home and not bring it to work with them.
And thus, in a bad mood I reached the court
officer with whom I was to sign and swear that my forms told the truth. She
spots my mood, finds out why and explains that the rules are for protection and
cannot be altered – causing no improvement in my mood. She then looks at my
forms and points out that I have not brought all the right documents – and then
throws in for good measure that my solicitor has supplied my with the wrong set
So … it is now clear to me that I have
driven into town, paid for my car parking, lost my knife for the duration and
all for nothing because my paperwork is wrong. But fear not – after this it
gets better. I had been expecting a businesslike word or two of sympathy and if
I allowed myself a glimmer of optimism then maybe even an explanation of what I
needed to go back and fetch, so that it would work when I came back.
Instead the lady reacted very differently.
She pointed out that the forms I have forgotten are copies of documents they
already have lodged with them, and that they have blank forms of the right
kind. She fetches the missing forms, lends me a pen and helps me understand
what is needed on the right form, checks it through, makes corrections and then
duly witnesses it and formally logs it in the system as sworn and correct. As she
put it “Well the purpose is to get your stuff recorded, if I can make that
happen then why wouldn’t I help?”
Of course she was perfectly right, her job
is to help get these things done, and so thinking for herself and helping
people get there is an obviously correct attitude. Isn’t that exactly how
everyone in service delivery sees it?
Well, of course we all know that it isn’t –
not yet! The sad aspect of this kind of story
is how surprised we all are by them – that they are worthy or repeating
because this quality of service is still unusual.’
The key aspect of this story – with its two
different approaches to dealing with the customers - is how much good service
experience depends on customer facing staff that are knowledgeable of the
customer’s context and goals. But more than that even, the management trusted
and empowered (at least some of) their staff to use common sense and do what
was right – maybe even if it didn’t follow exact procedures.
Are the customer-facing staff in your
organisation trusted and empowered? If not, is it because they can’t be
trusted, or because they have been given the knowledge? Or is it just that
no-one has ever thought it would be a good idea to trust and empower them? What
happens in your organisation – do you get good service or do you a strict
process delivered, whether or not it is appropriate?
Last week the IBM attended the UKI itSM Forum and what a
great event it was! Some really thought provoking and motivating sessions, as
well as some truly interesting conversations with our clients and
Below are a few of the highlights from the sessions attended
- would be great to hear anyone else’s thoughts on what their key take-home
messages were from the event.
Session 1 – Introduction by Barry Coreless – Chairman of the
Barry talked about how he sees the future of ITSM – the
growing automated and ever more complex tool sets, and an ever increasing
bewildering array of devices. The main
take home message for me was that he believed that organisations that linked
best practices and industry disciplines are the ones that will truly succeed.
Session 2 – Keynote from Baroness Tanni Grey Thompson DBE
A fantastic motivational speech from Tanni – including memorial
statements like “if you are going to spend time thinking... then think BIG!” She spoke about why it is important to think
about how you can be the best you can be and how individual success if not
always about the individuals themselves, but about the team they have around
them. Tough times call for tough
choices, she continued, and it is how you deal with these, improve and move on
that is what will make you successful.
Session 3 – our own Ivor Macfarlane – Can IT people be
Ivor was introduced as a man whose middle name was “ITIL”
and clearly his reputation preceded him, as we had a full house with over 60 of
the 300 delegates in the room. Ivor spoke
about how Service Managers generally have a low profile, and are orientated to
achieving another person’s hopes and desires.
He carried on the debate by saying that the best attribute a Service
Manager can have is to be invisible! Continuing
that if management don’t empower you as a Service Manager then your stuffed! A final take key message was then given, “Go
to the board – change the change process!”
Session 4 – An interactive panel session hosted by Don Page
Some really interesting stats came up in this session to the
questions asked to the delegate audience my favourite 3 below:
1. 1. Cloud Computing is here to stay – what effect
will it have on ITSM?
Major – 43%, A
bit – 36%, A little – 17%, No Opinion – 4%
2. 2. Your business now understands and is taking
seriously the importance of ITSM as an essential business enabler?
Very Seriously – 12%, Lip Service
– 42%, We don’t talk to them and they don’t take us seriously -20%, Don’t Know–
9%, Don’t Care – 17%
3. 3. Should organisations encourage Social Media to
facilitate communication between IT and end users?
Actively encourage and support –
45%, Natural Course – 37%, No -13%, Don’t Know – 2%, No Opinion – 4%
Session 5 – Stephan Mann – Forrester Research - “Anyone
questioning your value?”
One of my favourite sessions from the event, very
interesting to hear an analysts point of view. He started by stating that
Service Managers can’t deal with the value because we don’t understand the
cost, there is little transparency IT costs and the value it brings. He continued saying that costs are
continually being cut, whilst the demand for IT continues to grow. He told
delegates to take an honest look at their ITSM capabilities and short comings,
in context of what business needs, then link IT services to business
outcomes. Final message for me was “Cost
is important but value is more important... if we could demonstrate the value
they would be encouraging us to spend more”.
Session 6 – Martin Neville – Flattening the Curve
In the last session of the day, Martin discussed what companies
should be looking for from their tool providers, and that the best tool providers
are proactive not reactive. He set out ground rules for both sides – be honest
from the start, early efforts pay interest in the long term, perception is reality – stats do not lie, the
time to innovate is at the start – not when things are looking desperate, short term contractual wrangling will damage
the relationship long term and most importantly KEEP talking!
Session 1- Nigel Mear –Solid Air Consulting - Answers on a postcode
Nigel spoke about how vision is our most valuable asset and leadership
is an act, rather than a position. We
need to show up and engage! It needs to be a progressive improvement, baby
steps are ok, and it needs to be realistic, achievable and practical – don’t
aim for perfection, do something practical.
His take home message for me really was for success, we have to
acknowledge the reality of uncertainty.
Session 2 – Christian F Nissen – CRN People, Denmark –
Acquisition and Implementation of ITSM Tools
Another really interesting session, starting with the
question should organisations use a SM suite of tools from one vendor, or best
of breed tools from various vendors and attempt to integrate them. The answer is not as simple as it seems! He
emphasised the importance of running a Proof of Concept before ever fully
implementing a new tool. Organisations
need to ask themselves, is this vendor that is sleeping or evolving and
Session 3 – Dennis Shields - The 2010 Machine
My final session of the day, Dennis opened the session by
explaining people like direction, but believe their managers are out of touch. Bad
management however means the unit will not function properly. People need to be
given clear and fair directives, otherwise efficiency plummets and costs
escalates, we need to take a long term perspective if the company and its
infrastructure is going to be successful.
In summary, fantastic event, and can’t wait till next year!
Today's post comes from Vidhi Desai, Market Manager, IBM Security Solutions.
Today’s business environment calls for information sharing at an unprecedented scale. Sensitive information is shared between organizations, end consumers and even business partners. The biggest challenge that organizations face in doing so, is how to ensure that sensitive information is securely shared with different parties and that the right people are accessing the data. With the adoption of cloud and Software as a service deployment models, ensuring secure access is even more critical and challenging.
Consider a scenario where a government agency needs to share information with different agencies, local governments, citizens or even with other business entities (eg. Revenue agency that needs to share information with citizens and other entities like a tax preparation service). If one of the entities is operating in a public cloud environment, its becomes critical for government to ensure that right person is accessing the right data without sacrificing privacy, security or scalability (party requesting information really is the government revenue agency or tax preparer they claim to be).
Over the past couple years, we have seen how the US government has taken steps to ensure secure sharing of data between agencies with regulations such as FISMA, which was introduced in 2002, bringing attention to the critical nature of cyber security and its impact on national security.
Identity is at the core of any information sharing transaction. Hence whenever an individual attempts to access secure online sites or web portals, their identity has to be verified to ensure they are authorized to view that data. Additionally from the end user or citizen’s perspective, they should be able to set up their identity once and then log in to multiple systems without having to log in multiple times.
Federated identity management is the solution which enables multiple applications to share user credentials based on trust. This is especially critical in supporting cloud deployments for secure information sharing across private, public and hybrid clouds. With federated SSO, users can log on to the sites of multiple businesses and organizations by using the same user id and password, hence gaining a seamless and secure entry to multiple applications.
Tivoli Federated identity manager from IBM is an access management solution that provides web and federated single sign on to end users across multiple applications resulting in improved user experience. Tivoli Federated Identity Manager enables central management of access, enhanced user productivity and facilitates trust by delivering single sign on across separately managed infrastructure domains, both within an organization and across organizations.
Today's post comes from Perry Swenson, Market Manager, IBM Security Solutions.
IT departments at financial services firms are under tremendous pressure to ensure servers, desktops, mobile devices and other endpoints are secure and compliant. At the same time, they’re continually looking for ways to save time and resources in areas like software licensing, patch management, asset inventory and security configuration. IBM Tivoli Endpoint Manager, built on BigFix technology, is helping these firms better understand and manage the status of their endpoints, regardless of where they’re located.
In the below video of Nate Howe, VP of Risk Management at Western Federal Credit Union talks about how Tivoli Endpoint Manager provides real-time patching for operating systems and third party applications and utilities. With over $1.4 billion in assets and 32 branches in 10 states serving more than 120,000 members nationwide, Western Federal Credit Union is one of the leading credit unions in the United States. Nate explains that they now have a single view into all aspects of the systems and security for their 400 employees, 100 servers and 2 data centers, including a better inventory of installed software. And, they can do more with fewer people, which enables them to focus less on infrastructure and more on business applications and enabling business automation.
Another customer that’s realizing benefits from Tivoli Endpoint Manager is SunTrust Banks, Inc. Based in Atlanta, SunTrust enjoys leading market positions in some of the highest growth markets in the United States and also serves clients in selected markets nationally. SunTrust has a highly distributed environment with nearly 1,800 branch locations and no local IT resources at most of those locations. Using Tivoli Endpoint Manager, SunTrust now maintains a 98.5 percent patch and update compliance rate. They’ve also decreased update and patch cycle times from 2-3 weeks to 2-3 days while increasing productivity through automation. Read the SunTrust case study here.
By enabling improved endpoint visibility and new levels of automation, Tivoli Endpoint Manager is a powerful solution to help financial services firms enhance their security and compliance.
questions ready for the next Ask the Expert (ATE) event will be held on
November 8th, 2011 from 8:00 am to 8:00 pm Eastern Time USA. Register for this event The "Ask the Experts Online Jam"
(ATE) is a valuable opportunity for Global Tivoli User Community (TUC)
Members to connect with real-world experts on a range of Tivoli
products. These experts, many from IBM development, are recruited to
answer questions on an array of product topics for a concentrated period
of 12 hours This upcoming ATE event will include experts on Tivoli and Maximo topics including: Asset Management (Maximo)
Tivoli Asset Management for IT • Tivoli Usage and Accounting Management • IBM Maximo Asset Management (IBM
Maximo Asset Management for Oil & Gas /IBM Maximo Asset Management
for Utilities /IBM Maximo Asset Management for Life Sciences /IBM Maximo
Asset Management for Nuclear /IBM Maximo Asset Management for
Transportation /IBM Maximo Asset Management for Service Providers) • Maximo Scheduler • Maximo Spatial • Maximo Linear
Network and Service Assurance
Tivoli Netcool/OMNIbus • Tivoli Network Manager and NetVIew
Security, Risk and Compliance Management
IBM Network IPS • Tivoli Endpoint Manager • Tivoli IAA bundle • z Secure
Service Availability and Performance Management
Tivoli Netcool Impact • IBM CloudBurst • IBM Service Agility Accelerator for Cloud • Tivoli Live • IBM Tivoli Monitoring (ITM)
Service Delivery and Process Automation
Change and Configuration Management Database (CCMDB) • Tivoli Service Request Manager (TSRM) • Tivoli Provisioning Manager
Tivoli Storage Manager (TSM) • Tivoli Storage Productivity Center •
Tivoli Storage Manager for Virtual Environments • TSM for Unified
This session will run from 8:00 am to 8:00 pm Eastern Time USA To accommodate AP and EMEA members, questions may be submitted 9 hours prior to the event. To find the time in your city check out the World Clock meeting planner website. WHY SHOULD YOU PARTICIPATE?
It's free to attend.
Your technical questions will be answered directly from the IBM experts themselves, no middleman!
You may ask as many questions as you'd like.
You can learn more about your products and gain a competitive edge for yourself and your company.
Keep up with the next generation technology, and get the scoop on new product release dates and the improvements being made.
ABOUT THE TIVOLI USER COMMUNITY The Tivoli User Community
(TUC) is the largest network of Tivoli professionals in the world.
With more than 30,000+ members in 138 countries and 160+ local and
special interest groups, the TUC links a global network of users,
developers, business partners, and IBM sales/technical staff. Members
share a common interest in increasing the knowledge of Tivoli and
Maximo software and solutions to solve business problems. Register to become a member today. We look forward to your participation.
It is only a week until the 2011 itSMF UK event in London (http://conference.itsmf.co.uk/agenda.html?event=1) where we are hoping to see and speak to many of our well known contacts and to take the opportunity to meet those of you attending that we have not yet had the opportunity to, be it on the IBM stand (F5) or in our session at 10.45 on Monday delivered by Ivor Macfarlane on "Can IT People be Service Managers?".
The event is always a great networking opportunity for those wanting to share their views with their peers and engage in lively debate over the current industry pain points, as well as hear from the industry experts on how they see the market shaping up in 2012 during some of the 40 sessions that are held over the two days.
This year’s session speakers include (but not limited to) experts from Tesco Bank, Deutsche Bank, Heineken, the Met Office, Barclays Bank,BT Global Services and Pepsico, not to mention keynote from Dame Tanni Grey-Thompson (Paralympics athlete with eleven gold medals and six wheelchair marathons) and Mark Hall (Deputy CIO at HM Revenue & Customs).
We encourage you to visit us on the IBM on our stand – F5, where we will be running a series of live integrated product demos, sharing our newest whitepapers and thought leadership papers. All delegates will be welcome to come and discuss with our technical experts where they think Service Management is heading and perhaps learn about new product offerings and the tools IBM has that can help organisations address the challenges they are facing.
Some ideas that we think will be the "hot topics" on our stand:
How ITUP (a free download for you!) can underpin your efforts in building ITIL processes - and how we are already ensuring it stays in line with ITIL now that the 2011 is here
How we have adapted our key SM software to cloud/SaaS. Come and see Tivoli Live!!
People are your major asset - we can help with getting your staff to 'get it' – with tools like simulator – both classroom and on-line versions
And - of course - the Smarter Planet concept - you've seen the adverts on TV, in magazines and elsewhere – now come and talk about what it really means to real people!
Throughout the two days you will also be able to Play IBM’s Watson supercomputer at Jeopardy!... can you beat it?IBM’s Watson is a real time, natural language processing
We will also be attending the annual Awards Dinner on the Monday evening, so would be more than happy to discuss things over a much needed glass (or more) of wine while listening to Lenny Henry's jokes!
Of course we hope to see you as many of you as possible at Ivor’s session on Monday; in case you have not seen the summary on the itSMF UK website, here is what he will be addressing this year:
“The need for ‘people, process and technology’ working together for successful service management is well accepted. Technology is ever more sophisticated and ITIL and COBIT ensure process is taken seriously, but the people aspect of SM does not get the attention it deserves. Successful services rely on more than creating IT applications and installing technology. Bridging the gap needs more than just adding a little extra learning – it needs a genuine change in culture, attitude and understanding.
The changes required involve focusing on every aspect of the service, how it is to be used and why – and how – it is important to the organization. Effectively, this means seeing it from the customer’s perspective. This talk will approach these issues and aims to illustrate some of the key concepts – using analogy and hopefully a little humour to explore the human elements: • what’s involved • what prevents it happening • the key aspects we should build the new culture around”
Of course will be tweeting throughout the day - @servicemgmt - so make sure you follow us and join in the debate there too!
We will continue blogging after the event, so come back and read our take on the highlights from these two fun-filled days.
Today's post comes from Veronica Shelley, Market Manager, IBM Security.
With IBM's October 12th SmartCloud launch, perhaps you're considering cloud computing for your organization. After all, the benefits of cloud computing are well known. Cloud computing is flexible, scalable, and cost-effective, and it's a proven delivery platform for providing business or consumer IT services over the Internet. Cloud computing can help you cut costs and IT complexity, provide new services to customers, and streamline business processes. Cloud computing is gaining in popularity and may be the wave of the future. Yet, many organizations hesitate to get started due to security concerns and confusion over how to get started.
Perceived risk versus actual risk
Cloud computing may seem new, but the fact is companies have been outsourcing services and technology for years. Providers already deliver hosted technology offerings that are located off-site with client access via the Internet. This is a common scenario for services such as remote storage or hosted email and other software as a service (SaaS) solutions. And just because companies may give up some control to the provider when they move to a cloud-based environment (just as they give up some control in any outsourced arrangement), it doesn't mean they have to compromise on security. By asking the right questions and adequate preparation, companies can build a "trust and verify" relationship with the cloud provider they are working with.
Questions to ask to ensure cloud security
It's important to remember that the same factors apply to ensuring security whether it is cloud-based or within a traditional IT infrastructure. The key difference in the cloud model is that it includes external elements, and those elements will be managed by the cloud service provider. This means companies need to understand the environment beyond their own data center and consider how it impacts the organization from a security standpoint. To help ensure security and peace of mind, as well as a good working relationship with the cloud provider, the client company should always identify and prioritize cloud-specific security risks beforehand. Often, companies will find they have the same amount of control, if not more, with a cloud service.
There are specific tactics an organization can use to enhance cloud security. For identity and access management issues, companies need to control passwords, support privileged users and enable role-based access to these cloud services. With data protection, a key concern is knowing whether or not a company's hosted data is secure, especially if data from rival companies is also being stored on the provider's cloud service. Companies should also ensure the cloud provider is deploying antivirus software on all supported systems that could be exposed to attacks, and ensuring that selected programs can identify and protect against malicious software or processes. From an auditing and monitoring perspective, companies need to determine how the cloud provider is testing and monitoring the infrastructure to meet legal and regulatory requirements.
Reaping the benefits of cloud
Organizations interested in reaping the benefits of cloud can best begin by understanding the security ramifications of a cloud deployment to their business, keeping in mind they can start small by deploying cloud in low-risk workload areas like email services. This easing-in process gives organizations valuable time to become familiar with cloud on a scale that's simpler to grasp and doesn't put them at increased security risk. And as familiarity of cloud and trust in the provider grows over time, companies can expand their use of cloud computing into other areas of business. By following this gradual path, companies can start enjoying the benefits of cloud in a way that's safe and secure.
IOD 2011 is just around the corner, and it should be no surprise that I was psyched to learn that Washington correspondent and anchor for BBC News Katty Kay is hosting the conference.
Full disclosure: I drive a Mini Cooper, I watch Doctor Who and I follow Neil Gaiman on Twitter.
So, yeah. I was also excited to see that she's going to be on stage with great IBM speakers like Jeff Jonas, Robert LeBlanc, Mike Rhodin and Steve Mills.
As if that wasn't enough (and there are a bunch of other IBM speakers not listed), guest speakers Mike Lewis and Billy Beane will also be there. Mike Lewis wrote the book Moneyball: The Art of Winning an Unfair Game and Billy Beane is the VP and General Manager of the Oakland Athletics (the subject of the book).
I know, right? It's a pretty great group of speakers.
Having attended IOD in the past, it's a great show that I know that customers and business partners are going to get a lot of value out of.
Tivoli will be at IOD, and we're looking to meet customers such as yourself who are attending the conference. Here's a list of where you can find us:
IBM Tivoli Ped (Booth 101-04): IBM Tivoli/Predictive Analytics for IT and Service Management
IBM System z Software (aka, System z Zone): OMEGAMON for z/OS Management Suite (Booth 105-05) and System z as Enterprise Security Hub (Booth 105-06)
Smarter Computing Zone (Booth 101 and Booth 515)
IBM Expo Theater (Booth 001): October 24, 05:30 - 06:00 - Consolidated Data and Application Security Management (Session: ISA-4198A)
October 25, 11:15-12:15: Securing Your Mainframe Virtual and Cloud Services With Enhanced IBM zSecure Suite (Session 4153A - Mandalay Bay North Convention Center - Mariners B)
October 25, 2:30-5:45: Predictive Business Service Management Leveraging Performance & Capacity (Session 4142A - Mandalay Bay South Convention Center - South Seas D)
October 25, 4:30-5:45: Security & zSecure at Mariners B – Mandalay Bay North Convention Center (Session #4097A)
We have a website with more details and of course you can follow the conversation on Twitter #iod11 and watch the general sessions on the Livestream.
...and speaking of Las Vegas and IBM Conferences. The Pulse 2012 call for speakers deadline is fast approaching (November 7). See Jen's Pulse blog for the details on how you can submit a session proposal.
Today, IBM has a number of exciting announcements around SmartCloud. It's such a big announcement that we might have to turn it into a national holiday (which wouldn't be cool for the one dude waiting by the mailboxes for his copy of Zookeeper on BluRay).
Why Cloud? Why Now?
When we listen to customers across industries, we hear them tell us about the bold moves they must make to stay ahead of their competition. They tell us about how they need to quickly and efficiently provide new and innovative services to their customers.
Speed to market. Efficiency. Reducing costs.
These are their watch words and they look at cloud computing as a technology that offers these advantages.
That said, there's also a requirement to ensure the same levels of governance they currently have set in place. They also want to ensure that they are reducing (not increasing) their level of risk. And, of course, it has to be done securely.
Can all of this be done with cloud computing?
I would not joke about delaying that dude's copy of Zookeeper if it wasn't.
In all seriousness, yes it can and IBM has been helping customers do this for a while now. We've been successful with a large number of customers already and these new announcements build upon our previous success and really enforce our message: "Rethink IT. Reinvent Business."
IBM offers clients the freedom of choice to find solutions that meet their business requirements ranging from a portfolio of cloud solutions targeted directly at the enterprise to a choice of delivery models (public, private and hybrid) as well as expertise and service management capabilities.
There are a number of announcements in this launch across every brand in IBM (all of which are on the website).
For this blog post, I'm going to focus on IBM SmartCloud Foundation.
IBM SmartCloud Foundation
There's a full press release on this, but basically the SmartCloud Foundation family of private cloud solutions help companies quickly design and deploy private cloud environments with a new level of control over cloud service delivery and management.
As organizations take the next step beyond virtualized data center and begin to expand their cloud environments, they are concerned with managing what has become known as "image sprawl."
The SmartCloud Foundation portfolio contains these offerings:
A new cloud ‘starter kit’ - IBM SmartCloud Entry is prepackaged, private-cloud software that provides simplified cloud administration, standardization of virtual machines and improved operations productivity with an easy-to-use, self-service interface (highly optimized for IBM Power and System x hardware).
A new powerful provisioning engine and image management system – At the heart of cloud computing is the ability to dynamically create or "provision" virtual machines. Called IBM SmartCloud Provisioning, the software can create hundreds of virtual machines in less than a minutes and scale to more than 4,000 virtual machines in less than an hour.
New cloud-based monitoring software – IBM has applied its industry-leading monitoring expertise to create cloud-specific software called IBM SmartCloud Monitoring. It provides greater visibility into the performance of virtual and physical environments: storage, network and server resources.
Just a few kilometres from where I live
there is a great spot for walking – with or without a dog. It is quiet and
traffic free, with spectacular view across the countryside. The grand
perspective across surrounding countryside was likely more appreciated in
earlier days; it is the site of a 2500 year old hill fort with the
earthworks still very obvious and impressive despite being worn down by the
One of the things I love most about the
site is how very little we really know for sure about it, the people who built
it and how people actually lived there. There is a goodly amount that can be
inferred from what is left, but when walking around it you do feel that we can
only know a little, presume a bit more, guess a good chunk and – importantly –
accept that there is much we do not know and will never know.
It seems to me that this acceptance of what
we do not know, and more importantly what we cannot know, is a hard thing to do,
and one we as a society are getting rapidly worse and worse at. Maybe we expect
too much? Certainly if we were to take too seriously some of the criminal
investigation TV programmes we see we would believe we can know everything –
where a small nick in a 10 year old bone can lead to complete diagnosis, arrest
and conviction in a single 45 minute episode.
Of course, real life is rarely like TV, but
there does seem an increasing belief that we can know everything, which I
doubt is justified by any kind of objective assessment of our own lives. It is
almost as if we believe that we can find out anything we want – or that we can
ask an expert who will simply tell us what we need to know. In fact there are –
even now –many things we do not know, and will never know. That is true in most
aspects of life – from what our children get up to through to configuration
management – the trick perhaps is to accept that and make the best use of what
we can know. That includes realising that what we do think we know may not be
100% accurate – but that is it still useful all the same.
Way back last century, I studied Physics at
University. Well, I was supposed to
be studying Physics, I certainly recall making TV programmes and being in the
bar – somehow my memory can’t have stored all the time I spent studying.
But one thing I do recall was that in the
lab work the answer ALWAYS had to be expressed in terms of the uncertainly –
the temperature of the liquid under examination was not 23 degrees – it was
something like 23 º
± 2º. Being realistic about your accuracy was seen as a critical aspect of
And rightly so. It
is of critical importance, because if we just think that everything we know is an
absolute black and white fact – then we will make bad choices. Being aware of
the accuracy does – or certainly should – affect our decisions. If you want a
common example of where we get it wrong then think about some of the customer
satisfaction surveys you may have seen in your time. Even a good customer
survey will show only a good indication of opinion, attitude and desires. It
will never be totally accurate but it can be useful – especially in terms of
availability is about averages, happenstance and luck – so a 99% availability
does not necessarily mean 99% customer service delivery – because you don't
know when that bad 1% will happen – and so don’t know what affect it might
have. Is it going to be peak period or quiet time? But it can help us decide how
to build and manage systems – and lead us into sensible risk/benefit decisions.
In fact getting on and using the data you do have might be a good mantra? All
too often we seem to seek data for its own sake rather than because we see a
need for it.
Those people who built that hill fort 2500
years ago certainly knew a lot less facts and data than we do. But they knew
what they needed to know to do a good job and made great use of what they did
know. Hopefully we can use the knowledge and data that we have without being
distracted by trying to get even more? And then maybe our constructions will
also still look good in 2500 years.
Maybe you can spot some places where you
are spending time, money and worry tying to get ever more precise data that you
don’t really expect to use. Or more likely you can see where – or your
management – take as absolute data that you know is actually just an estimate
within a significant range of values?
Today's post comes from Vikash Abraham, Market Manager, IBM Security.
Virtualization has proven its business worth as a technology, however there is still limited understanding about how to secure it. To many, the question still remains - why do virtual environments need separate security when we have already secured the physical environment i.e. physical servers and the network in a data center. To answer this, it is essential to understand that the virtual environment creates a totally new layer above the physical server, which in turn, acts like a mini data center with all the complexities of multiple virtual machines, hypervisors, virtual networks and virtual appliances. The biggest risk that comes with a virtualized environment is the lack of visibility into it. Thus even if the environment is being attacked it isn’t necessary that the administrators are aware of it. Hackers are also excited with the hope of unveiling a set of new vulnerabilities that this environment could come with.
Having realized this risk of vulnerability and possible loss of millions-worth of data, the PCI Security Standard Council has come up with compliance guidelines for virtual environments. In June 2011, PCI group released ‘PCI DSS Virtualization Guidelines’ that broadly describes aspects that need to be considered while securing a virtual cardholder data environment. The guidelines consider the new entities that pop up with virtualization, such as Hypervisors, Virtual Machines, Virtual Appliances, Virtual Switches or Routers, Virtual Applications & Desktops and provide the virtualization considerations across the 12 PCI DSS requirements.
It is clear that a new approach to security is required, with concepts like ‘secure by design’ making further sense in this multilayered environment. Also, a specialized security solution would be needed to provide visibility, control and proactive protection. The solution needs to protect all entities of the virtual environment and monitor data that is being shared between these entities.
While securing virtual environments, the physical components of the data center should not be ignored. These physical components should continue to be secured as it would have been prior to virtualization. The PCI guideline points out that to ensure total security, the entire infrastructure hierarchy needs to be secured. This means that even if only one Virtual Machine (VM) is carrying cardholder data, both the hypervisor and the physical server need to be secured. Since the VM sits on the hypervisor and the physical server, a compromise to either of them can lead to the VM getting compromised.
Also with the increasing buzz around Cloud computing and Cloud-based service offerings, there would be further security requirements and considerations that need to be implemented to create a secure Cloud based cardholder data environment. However, if Cloud is considered as the next level of virtualization, the additional security required would be on top of the current virtualization considerations.
An enterprise would one day need to move on to the virtualized environment, considering the pressure to carry out continuous optimization and increase utilization. This would also mean that the ever growing cardholder data would need to move into this environment. The current deterrents that hinder this move are the lack of understanding of the environment and its security requirements to achieve a PCI compliant datacenter. However, sooner or later, the compelling business advantage of virtualization would push a CIO to take that leap.
Good news from the Application Portfolio Monitoring (APM) team.
The 2011 Gartner Magic Quadrant for Application Performance Monitoring (APM) has been released, Gartner has identified IBM as a leader.
I think I speak for everyone at IBM when I say, "W00T!" (which is leet, for "awesome!")
Talking to customers, this is no surprise. The APM portfolio is a "fan favorite" among companies worldwide and IBM is delivering solutions built on innovative technologies that provide superior value for our customers and their business.
For folks familiar with our APM portfolio and for new readers (welcome), I recommend getting your hands on a copy of the Garnter Magic Quadrant for APM and see what they have to say.
Next, there a number of useful pages about IBM Tivoli monitoring solutions on ibm.com.
And, of course, contact your IBM sales rep or one of our Business Partners using the Business Partner Locator website to talk about the Magic Quadrant and how the product portfolio can meet your business needs.
In the comments section below, please feel free to talk about the APM portfolio and how you are using the products in the portfolio.
I am going to tell you a story, and the truth is it's probably pretty familiar to you already.
Here goes: in today's competitive market, your services are what make your organization innovative. They are what set you apart from your competition.
They are what have taken your IT from being seen as a "cost center" to playing a role as one of the most crucial parts of your organization's success (or failure).
The services you provide are what make your organization innovative. Failure on the part of IT can mean failure for everyone.
(No pressure. Am I right?)
By definition, a competitive market is one that is in constant states of change. New customer demands. Competitive maneuvers. New service offerings. Industry or government regulations.
Speed is of the essence. But, of course there's the need to ensure that everything stays within the governance you've put in place, your security policies and of course you're trying to be as risk adverse as possible.
Doing all of this while navigating the complexity of your IT.
(Like I said. No pressure.)
This is the story you already are pretty familiar with. So now, let's talk about what we do about this.
Today, Tivoli along with Rational and WebSphere are a part of a larger IBM Software Group launch around Business Agility.
There are a number of announcements around Business Agility - about providing you with "business agility levers" that assist with combinations of technology capabilities that accelerate the path to agility with reduced cost and greater efficiency.
This is the start of a series of blogs where we'll be discussing a number of the business agility levers. Today, I'm going to talk about one; Predictive Business Service Management. My next blog will focus on Collaborative Development & Operations.
Predictive Business Service Management
With Business Service Management solutions from IBM, organizations are able to put services in the proper business context so that both IT and the business teams can accurately see the complex relationships their services and supporting technology infrastructure have with each other.
On Tuesday, IBM announced a new version of the Tivoli Business Service Manager solution. Key to this new version (Announcement 211-444) are role-based dashboards with easy self-service, drag & drop capabilities to customize a user’s visibility into key service health indicators, KPIs, and business or IT detail required for their role or tackling a current issue.
That level of "Visibility" can be taken to a new level when organizations leverage Predictive Analytics.
Business service disruptions and outages cost organizations millions of dollars per year. Even with existing investments in infrastructure monitoring and performance management solutions, organizations are often unaware of an impending service issue…until it is too late.
Predictive Business Service Management identifies performance issues in an organization's IT and network infrastructure prior to these costly service disruptions or outages. With this type of early warning system, detection is done early enough that mitigating steps can be taken to stop the issue from ever negatively impacting critical application or business services. Put simply: it finds problems before the organization knows to look for them.
Also on Tuesday, IBM previewed a new solution for predictive business service management that will address predictive business service management (Announcement 211-468).
For more information around everything that is happening around the Business Agility launch contact your IBM sales rep or one of our Business Partners using the Business Partner Locator website.
Also, we're doing something a bit new with this announcement. The IBM Software Group Blog, Impact Blog, Rational Blog and this blog are all telling the story together. You'll be able to click across the different blogs and get more information about all aspects of this launch.
Today's post comes from Anne Lescher, Product Marketing Manager, IBM Security.
Many enterprises run their mission critical application workloads on their mainframe systems. They would like to centralize their application security controls, security policy enforcement, data protection, auditing reporting and compliance management for a consolidated view of security. They are looking for smarter security intelligence that will help them leverage the mainframe as their enterprise security hub.
IBM Security zSecure suite V1.13 consists of multiple individual components designed to help you administer your mainframe security server, monitor for threats, enforce policy compliance, audit usage and configurations, and assist in compliance management and audit reporting.
• IBM Security zSecure Admin, Visual, and CICS Toolkit provide administrative, provisioning, and management components that can significantly reduce administration time, effort, and costs, and help improve productivity and response time, as well as help reduce training time for new administrators.
• IBM Security zSecure Audit, Alert, and Command Verifier provide security policy enforcement, audit, monitoring and compliance management components. These offerings help ease the burden of compliance audits, can improve security and incident handling, and can increase overall operational effectiveness.
New Security zSecure suite V1.13 capabilities offer enhancements for DB2, CICS, and IMS application security auditing that:
• Automates security analysis of CICS and IMS transactions and programs
• Provides automated determination of which System Authorization Facility (SAF) classes are being used by each active IBM DB2, IBM CICS, or IBM IMS subsystem
• Enhances Access Monitor and allows you to improve data consolidation
• Allows annotating userid displays with data from external human resource files such as department and employee number
• Adds globalization enhancements to support international language support and auditing
• Allows addition of your own sensitivity classification, audit concern, and priority to data set names and general resources
• Supports currency with z/OS V1R13, ACF2 R14 and R15, CICS V4R2, and Top Secret R12, R14, and R15
• Extends integration with Communications Server and provides various interface improvements
Today's post comes from Anne Lescher, Product Marketing Manager, IBM Security Solutions.
As the mainframe continues to extend support for
consolidated workloads on System z, enterprises should strongly consider
utilizing the mainframe as their enterprise data and security hub. Mainframes are uniquely able to protect
information with a rich collection of encryption capabilities that includes
self-encrypting tape and disk storage for data at rest, in addition to robust
access controls, file level encryption, database encryption, and communication
encryption protocols. Now with the mainframe’s ability to support virtual
workloads, organizations can create cloud environments with protected data
available for shared innovative collaborative ventures.
Encryption is the ultimate solution for protecting sensitive
data. But many practitioners are reluctant to utilize encryption due to
concerns of performance overhead, disruption to their operations and changes
required in their applications, and encryption key management complexity. But
the biggest fear of all is losing all access to encrypted data if the
encryption key is ever lost or forgotten.
In most cases, organizations have less and less choice over
when and how to encrypt information as more and more industries and governments
enact legislation and standards that mandate the use of encryption.
industry via HIPAA HITECH in the US protects sensitive patient
transactions mandate encrypted payment card information with PCI-DSS
financial information must be protected as regulated by SOX, GLBA, etc.
notification regulations include 45 US
states, national laws protecting
their citizens data such as in Italy, the recent rules
changes for the EU Directive on Privacy and Electronic Communications,
So a superior encryption key lifecycle management solution
is essential in order to implement the best end-to-end security which protects
enterprise mission critical data and sensitive personal information.This solution should include standards based
key management and help:
Centralize and automate encryption key management process
Work with hardware based encryption built into a
variety of IT components like self encrypting tape and disk drive
Reduce the number of encryption keys to be
managed through techniques like key wrapping of unique keys per device
Simplify encryption key management with an
intuitive user interface for configuration and management
Maintain performance by using hardware
acceleration and not slowing down data access paths
Facilitate compliance management of regulatory
standards with proof of encryption for safe harbor from disclosure requirements
Leverage open standards like the OASIS standard
Key Management Interoperability Protocol (KMIP) to give the choice of best of
breed components and facilitate vendor interoperability
Operate transparently without requiring code
IBM Security Key Lifecycle Manager for z/OS allows enterprises to fully exploit the security strengths of their mainframes to act as both an enterprise data hub and an enterprise security hub for the consolidated workloads that run on the newest System z platforms.
For more information, you can visit us online here.
Please join the Tivoli User Community (TUC) for these free upcoming events:
Webcast: Tivoli Training and Certification Live - Demonstrations of the
Multimedia Library for Tivoli Software and a Self-Paced Virtual Class
(SPVC) Date: Wednesday August 31st at 11AM or 5PM Eastern Daylight Time (Pick the session that fits your schedule) Special Prize!**All who attend will receive a 50% discount on an SPVC Learn more and register.
Virtual Training Session: Optimize Your IBM Tivoli Monitoring Skills - Free Online IBM Tivoli Monitoring Agents Training Session Date: Thursday, September 1st at 9:30 AM to 3:30 PM Eastern Daylight Time Special Prize!**all who attend will receive 50% off the Monitoring Associate Certification exam Learn more and register.
TUC Live Demo session: TIDE Application Diagnostics Demo - Break free of tortuously slow
application MTTR with Tivoli monitoring & diagnostic solutions Date: Wednesday, September 7, 2011 at 11AM Eastern Daylight Time Learn more and register.
What is the Global
Tivoli User Community (TUC).The TUCis the
online and offline community home for all Tivoli and Maximo
professionals.Through the use of the
community website, members are able to join local user groups, exchange information,
network and learn from each other’s knowledge and experience of using Tivoli
and Maximo products and services.Membership to the TUC is FREE ,click here to become a
registered member of the online community.
Types of user groups include:
Datacenter Management Tool products
Storage management products
Security products Maximo product
Virtual User Groups - covering each product category and meet via the phone and
We're pleased to announced that the IBM Champion program, hosted by developerWorks, has expanded to recognize and reward clients and partners who evangelize and advocate Tivoli Software, share their expertise, and help grow the community.
The IBM Champion program recognizes exceptional contributors to the technical community -- clients and partners who work alongside IBM to build solutions for a smarter planet. An IBM Champion is an individual who leads and mentors his or her peers and motivates them toward IBM solutions and services. Champions can be found running user groups, managing websites, speaking at conferences, answering questions in online forums, and writing blogs, submitting wiki articles, sharing how-to videos, and writing technical books.
The IBM Champion program recognizes and thanks these innovative thought leaders, amplifying their voice and increasing their sphere of influence in the technical community.
Benefits for an IBM Champion In addition to merchandise customized with the IBM Champion logo, IBM Champions will receive special visibility, recognition and networking opportunities at IBM events and conferences. They will receive special access to product development teams, and invitations and discounts to events and conferences. IBM Champions will receive online recognition via their Tivoli Community profiles (on Service Management Connect and the Tivoli User Community), with a special designation of "IBM Champion" and a listing of notable achievements. IBM Champions retain their title for one year, after which they can apply for renewal. Nomination process and eligibility Self nominations and nominations by proxy will be accepted online through August 19th, 2011. A panel of IBMers will evaluate each nominee's contributions over the past 12 months, considering community impact, expertise, and overall community contributions, both in terms of quality and level of participation across a wide variety of activities. Nominees will be notified by IBM if they are selected. Although IBM employees are not eligible for the program, they are encouraged to nominate deserving partners and clients.
Today’s post is brought to you by Veronica Shelley, Product Marketing
Manager, IBM Security Solutions.
A typical user can have multiple log-in and password
combinations, often with different requirements and update intervals. With so
many log-ins to keep track of, users either forget or resort to unsafe
practices (i.e. writing them down) to help remember their passwords. Yet, there
are times when youruser community
simply can’t remember their log-in information. How many calls to the Help
Desk, how many hours of lost user productivity, can be attributed to workers
who can’t log into a particular application or database because they forgot
their password? Precious time is wasted finding, remembering, and resetting
passwords, so this can become a major productivity issue for organizations of
As the number of enterprise applications and access points
continue to increase IBM Tivoli Access Manager for Enterprise Singe Sign-On
(TAM ESSO) delivers a balance between easy access and strong security. This
industry leading access management solution supports a wide variety of
authentication factors (including smart cards, badges, tokens, and biometrics),
meeting the needs of different user groups and industries. TAM ESSO provides single sign-on capabilities,
meaning users have to remember just one password to automatically log into all
their applications and data sources. No more time consuming and expensive help
desk calls, no more frustrated users, no more lost hours of productivity. Users
benefit from fast access to all of their applications, while organizations benefit
from the increase in productivity, security and compliance with security
Rod Atkins (my General Manager back when I worked in pSeries and now Senior Vice President, IBM Systems and Technology Group) has been using the term "tune to task" in place of "fit for purpose."
In her guest blog post on the Mainframe Zone, Mary Shacklett does an excellent job in explaining why words do matter.
What I took away from this is that, either way, it speaks to the need for Visibility, Control and Automation™ (VCA).
The realities of the business today are based on heterogenous environments that continue to transform and evolve and becoming increasingly complex as you start to build private clouds and then as you start to pull public cloud resources into your organization to then create a "hybrid" cloud environment.
Much like what we discussed in the security video, the fundamentals are still the same. This becomes a conversation multiple platforms. "Tuned to task." Requiring the same levels of VCA as you use to maintain the levels of governance and reduce risk and for your business before you embarked on this journey.
"Have it to you by lunch, boss!" I'm sure is not the answer that you give. Right?
Here's the thing: it's not all doom and gloom. By any means.
Bowman Hall and Barbara Korte are back to talk about some of the challenges our customers are facing managing heterogeneous and hybrid environments in the Cloud, and what IBM can do to assist.
They discuss a broad range of questions you might be thinking about (like managing multiple hypervisors) but more importantly they discuss the approach that only IBM has for providing VCA as the cornerstone for your service management practice.
As a marketing guy, I can tell you that we planned it so that VCA was the central theme for all of our videos (YouTube playlist).
Take time to watch the video (and the others in our playlist) and contact your IBM sales rep or one of our Business Partners using the Business Partner Locator website to talk about VCA and what you're doing with cloud in your organization and get cloud ready!.
A few years ago, I worked on organizing an analyst summit for IBM where we announced the (then new) IBM Security Framework.*
Cut to today and the IBM Security Framework is still at the foundation of Smarter security solutions from IBM.
The IBM Security Framework. Visibility, Control and Automation.™
when we talk to customers about how to address their business pains, the fundamentals remain the same even though the technology continues to advance in new directions.
With Cloud and Virtualization in particular, the technology is certainly changing at a pretty fast clip.
Take a look at the fourth video in our series, "Cloud Enabling Your Data Center: Security and the Cloud" where Joe Anthony, IBM Director, Security, Risk & Compliance Product Management, talks about the IBM Security Framework and how it addresses the Cloud and business pains our customers are trying ot address.
The message and the focus of security and the Cloud is still very much rooted in the IBM Security Framework.
As a reminder, the entire video series can be seen using the YouTube Playlist (Get Cloud Ready).
* To be clear, I had nothing to do with building the IBM Security Framework. I was just the project manager for the event. Like Jarvis in the Avengers. (as a side note: one thing I learned about event planning - coffee, coffee, coffee!)
A few years ago, IBM began talking about Visibility, Control and Automation™ (VCA).
VCA is the cornerstone of Integrated Service Management. It's how we help clients achieve success.
VCA is not only critical for optimizing return on Virtualization and Cloud, it also applied to end-to-end business services.
To steal a phrase: it's about the service.
The third video in our series is "Cloud Enabling Your Data Center: The Importance of Integrated Service Management In The Cloud" and it is presented once again by Bowman Hall and Barbara Korte.
Bowman and Barbara do two things in this video: they give a great overview of Integrated Service Management and its concepts as well as talk to how that aligns with technologies such as Virtualization and Cloud.
Achieving world-class business services for your organization does not mean abandoning the tenants of your service management practice.
Visibility, Control and Automation™. In a cloud computing environment.
One of the advantages of virtualization is the ability to "grow" the data center without having to constnatly add new hardware. That said, those virtualized servers need to be managed efficiently, or the benefits are quickly lost.
Watch this video featuring IBM Senior Product Manager Robin Hernandez and learn how IBM tackles the complex problem of image management and how it impacts the business.
My bosses gave me a very simple task, "Solve the confusion surrounding some of the questions our customers have around cloud computing and service management."
I told them I'd have it done before lunch.
And if you believe that, you have way too much faith in my marketing abilities (hi, mom!).
In all seriousness, you have questions about cloud computing. Lots of questions.
Cloud is everywhere and there's a lot of information that our customers are having to sift and sort through.
Which is why back in May, I assembled a group of sales leads, marketing peers, development executives...literaly a "who's who" of cloud computing at IBM and asked them this:
What are the questions our customers have around cloud?
That started a series of conversations that led us to several core questions, and we got to work.
We enlisted some of our top people working on cloud and we asked them to get in front of a video camera and talk directly to you about these questions.
The result is a video series we call, "Cloud Enabling Your Data Center."
Today, we are releasing the first video: "Achieving Greater Efficiencies With Virtualization And Cloud Computing (Service Management Across The Entire Infrastructure)"
This video features two of our top sales executives; Bowman Hall and Barbara Korte. Barbara is a sales executive for Integrated Service Management and you might remember Bowman Hall from the Cloud demo during the Pulse General Session.
As I said, this is the first of the video series. Future videos will be released in the next few weeks.
We also have a short URL that goes to a landing page we've put togther with additional cloud materials and (most importantly) a full list of Pulse Comes To You and Impact Comes To You events that are happening in your area.
Even if you went to Pulse or Impact in Las Vegas this past year, these local events are great opportunities to deep-dive into a topic like cloud computing as well as meet your peers and local subject matter experts.
More to come and please feel free to comment below about your thoughts on Cloud.
PS also this week, we announced a new version of IBM Tivoli Service Automation Manager (Announcement Letter 211-256). The new release allows IT service providers to onboard multiple customers, deploy IT services very quickly across multiple platforms and hypervisors, maximize resource utilization and drive cloud operations effectiveness and efficiency by adding storage support and expanding on network integration. Learn more about the new features and the product on the product page.
Who do you reach out to when you want to make sure that you're keeping up with the latest trends and education opportunities? At Tivoli User Group meetings, members talk with each other about anything from the latest TSM release to where's the next happy hour...But what if those meetings aren't often enough? What if you haven't yet found that "work buddy" who will challenge you to stay current and not judge you for asking about something that's "so yesterday."
Here's a chance to communicate online with your peers and get some help answering those nagging questions - How do you stay up to date on the latest skill needs? What new product innovations are worth looking into?
User Community has a new 3Q theme focused on “Skills Optimization and
Innovative Products”. What products do you consider to be most innovative
today? How are you keeping your skills up to date on these new technologies and
in this rapidly evolving marketplace?Join
the discussion!We have an open forum
for your ideas, with insights from IBM, business partners and other thought
leaders. Join us - read, request information, and share your thoughts.
User Community’s initial Community Focus on Virtualization and Cloud Computing was
a great success in 2Q.Thousands of
members took advantage of this new community program to engage with others and
learn about these hot topics through webcasts, forums and other community
resources.The 2Q Community Focus is
still accessible and has some excellent resources.
to leverage community forums, polls, and peer networking capabilities to help
members engage with each other to share their thoughts and collaborate.Some highlights for the 3Q Community Focus
Live Webcasts with thought leaders– there are several webcasts planned to cover innovative products, including
a July 20th webcast on application performance management using Tivoli ITCAM for
transactions - Register here and a number of sessions skills optimization, including a July 27th webcast on finding the Tivoli Training and Certification you need on ibm.com - Register here.
Get Involved! We’ll be updating the content
throughout the quarter so keep checking back.Our drumbeat will continue through the end of the year with a 4Q
Community Focus on IT Governance and Risk Management.
The Tivoli User Community (TUC)
is the largest network of Tivoli professionals in the world.With more than 30,000 members in 138
countries and 160 local and special interest groups, the TUC links a global network of users,
developers, business partners, and IBM sales/technical staff.Members share a common interest in increasing
the knowledge of Tivoli software and solutions to solve
business problems. Membership is free and open to all Tivoli professionals, users, business partners and employees. Register here
We are increasingly living our lives in online spaces, and as a result, the monetary value of those spaces seems to be rising every day. Billions and billions of dollars are spent every single year on online advertising. One of the challenges is not only making sure that your money is well spent, but also that your spend won't have a negative impact on your brand. If you're wondering how that could happen, think about this: it's estimated that about 10% of all online ads wind up in places they shouldn't be.
I actually had the pleasure of having lunch with Ian Lightstone (CFO ArtsandTV) a few months back while we were originally filming this video. It was my first exposure to the project and I have to say, it's pretty fascinating what they're working on. As someone who spends all their time talking about vulnerabilities and attack types and all the other pieces of the security conversation, advertising wasn't something that came up a lot. SEO attacks are probably the closest I'd ever gotten to thinking about advertising in the context of security. So how does security intersect with advertising?
ArtsandTV is a relatively small company that needed a lot of data. Data is something that IBM has. Specifically, we have one of the largest URL filtering databases in the world (Security Content Analysis SDK). This product is something typically used to enhance existing security offerings, but it is being used a bit differently here. The Project Sunblock team wanted to improve the way advertisers spend their money.
As you can probably imagine, there are a lot of inappropriate websites on the internet, places where you wouldn't want your brand to appear. In addition to the obvious places you want to avoid, there are other places that are more subtle. Imagine you are a bank, and you advertise a lot on some popular news site. One day, that site runs a story about the financial crisis and is extremely critical of the banking system. Despite the fact that you might frequently advertise on this site, you likely do not want your brand associated with that story.
So, ArtsandTV had the algorithms and IBM had the data. The combination of the two became Project Sunblock, an ad spend optimization and brand protection tool. Project Sunblock can help to keep your brand from appearing on inappropriate pages through the use of content and image analysis combined with a real-time decision making engine. This applies to both generally inappropriate sites, as well as the instances of specific articles and stories that you don't want your brand associated with.
One last thing to remember is that 10% figure I cited at the beginning this post. Not only is this solution protecting the image of a brand, it is also a way to get a better return on your investments. That 10% can be better spent elsewhere.
I am just back from a week working in Tokyo. For someone who
writes as much as I do about the need to understand customer culture and how
that affects expectations, it is always a good lesson to visit Japan, where the
culture is about as different (from where I normally work) as you get within
the service management world. (Of course culture does get even more different in,
say, certain Amazonian tribes or a primary school playground, but with little
formal ITIL adoption there as yet, Tokyo
is my extreme of difference.)
Although the shadow of the tsunami and very
real loss to the community endures, the human spirit carries on and people
still laugh and enjoy life. One of the pleasant surprises is how universal
humour can be. It is also easy to forget how quickly people’s behaviour adapts
and copies from those around them. You really only notice the extent to which
you adapt when you get back home. For example it took me a while to stop bowing
to people and also to stop smiling at people in the street, restaurants etc –
or certainly to stop expecting them to smile back.
I also got used to things that I would
expect not to cope with easily. Specifically after the first day or so I was no
longer bothered by how much my room on the 16th floor shook when one
of the steady stream of aftershocks wobbled Tokyo. That reminded me of how worryingly
quickly I had got used to seeing young men with machine gums patrolling the
streets while working in Belfast
in 1992. Seems we absorb new technology just as quickly, and it takes very
little time for what seemed new and so different to become everyday life.
People as old as me can remember life without a mobile phone, but already I
find it hard to recall how it felt to be out of contact whenever out of the house or office, let alone that it didn’t bother me to be unreachable.
But coping without things you have got used
to does happen – and it is clear there are some very direct lessons for service
management in Tokyo
today. Obviously in the light of their unfortunate experience and need for disaster
recovery and business continuity they are well placed to be the source of most
of the case studies for the next few years. It may well be a long time before
even the immediate effects stop being so visible – there is an obligation for a
15% reduction in electricity consumption that looks set to last a long while.
That kind of thing has so many knock-on effects you quickly realise how
dependent we are on technology. Not only because it is a shock to go back to
old ways – and waving a fan may be an ancient Japanese tradition but it much less
effective than air conditioning; but because we depend on so much that cannot
function without the technological infrastructure. The power reduction of 15%
has to applied carefully, because so many things – like data centre power –
must be maintained. So the power for things that drive mere comfort is hit very
hard – very little cooling in offices and, for example, my hotel had turned off
That made me think of just how complex our
everyday infrastructures have become, with so much more than electricity on our
critical list. It perhaps should be acompulsory occasional exercise to think through just how many things we
presume will be available – not just the obvious (utilities, access, people etc).
I am sure we would all be surprised at some of the things we tacitly depend on –
and equally sure there are good stories to be told about some of them – any offers?.
New z114 designed to consolidate workloads from hundreds of x86 servers
Costs 25% less and offers up to 25% performance improvements over IBM z10 BC Servers
High-end mainframe features now available at entry level price of $75,000
Ability to manage workloads on select System x blades now available
Designed to deliver Smarter Computing capabilities
Many of the analysts have focused on the $75,000 entry price point. And that's cool.
There are customers who on Monday didn't think that they could afford a mainframe and are today putting it on their short list. What they will find is a platform that is highly reliable and will help them achieve the levels of innovation needed to drive their business.
Of course, I'm an Integrated Service Management guy and at the end of the day it's all about the service.
Which is why the good news is that we provide a Integrated Service Management capabilities and portfolio solutions for the mainframe.
Fill Bowen wrote up a good blog on the subject and we published a statement of direction* (Announcement Letter: 211-271) to support the announcement.
For more information contact your IBM sales rep or one of our Business Partners using the Business Partner Locator website and feel free to leave comments below about your positive experiences with the mainframe.
* Statement of direction is intended to provide insight into IBM plans and direction. Availability, prices, ordering information, and terms and conditions will be provided when the product is announced.
All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal without notice
While preventing security breaches is paramount, security administrators are frequently bogged down with tedious, time-consuming, complex day-to-day tasks that divert their attention from security issues.These time-consuming tasks can be reduced by improving security administration processes and automating audit documentation, allowing administrators to focus on innovative extensions to their business applications in order to maximize investments.
Join us for this webcast on July 14th to learn about the new capabilities in Security zSecure suite, Security Key Lifecycle Manager, Tivoli Federated Identity Manager, Tivoli Security Information and Event Manager, and other security products that enhance cloud security on the mainframe.
In this session, you’ll learn how Tivoli Security Management for zEnterprise can help:
·Reduce the cost of administrating security on the mainframe by reducing complexity and using fewer staff resources
·Automate security policy enforcement to implement best practices and compliance requirements
·Analyze data to detect and respond rapidly to the large volume of security events and threats both internal and external
·Proactively handle events with automated closed-loop remediation that closes exposures
·Protect sensitive data and simplify the lifecycle management of encryption keys
·Consolidated cloud security management for zEnterprise
This new portal will replace the Service Management Resource Center (SMRC), and its main goal is to continue to provide a wide range of resources for IT and Operation Executives in our four different types of roles: -Communications Service Providers -Operations and Storage Management -Production, Delivery and Facilities Management
You can search for resources by role, including the most up to date analyst reports, case studies, demos, tools and white papers. Another great feature of the site is that it will attempt to make a range of content recommendations for you based on how you navigate the site to get you to the highest value resources for your needs.
Check it out, and let us know what you think!...and stay tuned for localized versions of this portal in Germany, Italy, France, UK, Brazil and Mexico.
After my last blog – asking what devops was
– the idea of collaboration across the whole life of service has been in the
forefront of my mind. From that wider perspective I was musing around one of my
frequent topics – how we fail to get the service right because we don't
understand how it is being used, or what the customer really cares about.
Actually the simple picture of supplier and
customer doesn’t really describe the world most of us have to live in. If we go
with the ITIL concept of a customer (someone who has financial influence or
authority) then we also need to worry about what our users think. In other
frameworks you might hear a more general concern about taking the whole range
of stakeholders into consideration. Doesn’t matter which recipe you follow –
does matter that you see the complexity.
Some of the problems come from being so
close to how things are done (rather than why they are being done), and by
being so close to what you think matters that you don't spot what matters to
those receiving the service. Sometime it is the silliest things that make the
customers and users unhappy and reject a service. Maybe that is an example of the
‘One Bad Apple’ syndrome – something firmly embedded in the human condition
seems to be our ability to allow one bad aspect to overbalance a dozen good
I had my own version this week, when I
found myself refusing to continue with an online application for a new bank
account because the software insisted on spelling my name incorrectly. (For
reasons I cannot fathom, it seems to have decided that any name starting with
‘Mac’ must have a capital afterwards – so it turns ‘Macfarlane’ to ‘MacFarlane’
without giving me the chance to turn it back.) I didn’t stay around to see what
else the service offered, I just closed the web page and got my new account
somewhere else that will let me spell my name properly.
But there is also the positive face of the
same coin – the power of ‘cool’. Imagine you have found the perfect shoes for
your child – scientifically designed to protect their feet while supporting
their bones and they are even waterproof. As a caring parent these are the only
pair of shoes you want your child to be running about in (see IKB later in this
blog). As it happens your dreams have come true because your child loves them.
Is it because they are good for them, and will help their feet develop properly
– no, they agree to wear them because the heels light up with each step. They
will wear them – and save their feet – but only because they are ‘cool’ –
according to rules you will never understand. By the way, don’t think the
illogical ‘cool’ factor only applies to children, it is there in just about
every service you deliver or use – at work or at home. If you look for it then
you will see it. I don’t want to make this posting too long or I could list
dozens – but just imagine trying to sell powerful and effective software
products against others with less relevant features at higher cost – but with a
fancy graphical interface – sound familiar to anyone?
If you think about these two situations –
where apparently less important elements disproportionately affect decisions -
I am sure you will find many examples of the two extremes; like the fast-food restaurant
that you still avoid because of one bad burger or one element of bad service,
hundreds of miles away and several years back.
Those issues tend to come from how the
service is delivered, yet the same problem can easily come from how it is built
(like my name issue). But one of the differences is getting the message back to where it might make a difference,
because at best the complaints go to the operations side of the house, and this
does not get fed back, maybe because it is dismissed as trivial – because it
doesn’t seem important to whoever received the message.
It isn’t just about hiding complaints
though, we also have the ability not to pass the cool factors back. Do we
always find out why people really like something? It seems to me that we don’t often
ask the right people the right questions. And it also seems there are simple
reasons why we do that:
We presume that what is important to us is what is important to
our customers, users or others that matter. Is this a common manifestation
of IKB (the ‘I know better’ syndrome)? Most of suffer this from our parents,
then grow up and do it other people.
We don’t know who to ask – and we don't know what to ask them.
Both of these situations are understandable
– after all, we are human so of course we see things first and best from our own perspective, and without being forced out into another’s environment then why
should we have the ability to understand people we have never met? The second
is also inevitable in the complicated amalgams of customers, users, services
and suppliers we exist within. Never mind the neat little service chain
pictures you get in the books – it doesn’t really look that simple, it looks
complicated, and mostly because it is complicated.
We can do something about these
difficulties – but they require addressing the way we – and our colleagues –
think, and that takes time and effort.
There are other causes and factors – and
maybe there is one we could do something about, and it is something that would
magnify the beneficial effects when you finally get around to addressing the two points I
listed above: when we do find things out we don’t tell the people who could do
something about it. And the very best way to get that wrong is to build silos
within your supplier organisation and stop people sharing ideas and
After that last blog on devops, I was
thinking about that particular kind of communication issue. There is something deep
rooted in the human psyche that needs to dismantle their immediate environment
into teams (or
groups, or departments or silos or tribes – call them what you will). IT
organisations are perfect examples – with high level internal teams always
emerging once they gets past a certain size. And if you separate into teams that feel the need to compete, then helpful messages will not be fed across between them. So what was built wrong and delivers the wrong thing stays there and will be wrong in the next version too. That is
the inertial element of behaviour that initiatives like devops and whole
service lifecycle approaches have to contend with. We shouldn’t think it can be
as easy as just telling people to collaborate and communicate. Like all
challenges we need to recognise what we are fighting – and to fight back.
So – what are good ways to start? Perhaps
as simply as recognising that while we might bond comfortably into (say) a
‘development’ team or an ‘operations’ team (or any one of a dozen more) – that
doesn’t make the other team the opposition – I think that would be a good first
step, if we can finally realise that – by and large – what benefits one team
also benefits the other.
 For once this isn’t just me making ideas up. I wrote a psychology
essay on this topic at University – way back towards the middle of the last
 This was discussed in the ITIL books for Small Organisations –
versions 1, 2 and 3.
The group is made up of a very diverse audience, including IT professionals, analysts, IBM Business Partners and of course, IBMers.
Members of this group share knowledge, news, training, and events around Service Management solutions, including Tivoli, Rational, WebSphere, Information Management, Storage, Security, DevOps, Smarter Planet, Green IT and Cloud Computing!
So join our group, and initiate a discussion, or weigh on on an existing discussion!
I can remember the day in 4th grade when I got my first calculator. Other than my "Rock 'em Sock 'em Robots", that Texas Instruments 1030 was THE coolest, most magical consumer product that I had ever owned up to that point. It featured the standard four math functions, buttons for percentage, square root, and pi, and an 8 digit LCD display.
Now fast forward to 2011 and consider the fact that it takes dozens of microprocessors running 100 million lines of code to get your average car out of the driveway, and a complex ecosystem of developers, engineers, suppliers and partners to bring smarter products to market.
From automobiles to meat cases to artificial hearts, today’s smarter products represent a new generation of capabilities that fuse together sensors, actuators, electronics and mechanical systems.
By all accounts, smarter products and services are transforming the world and the way we interact with it, and IBM is at the forefront of all of the above.
One statement: simultaneously reassuring and terrifying.
Firstly it’s reassuring because anything that works towards the realisation that development and operation are not really separated by any kind of wall has to be a good thing. Of course there are different areas of focus at different times in the life of a service but they all should have the same aim – delivering what is needed in best possible way. We already all knew that, it is so obviously sensible that who would vote against it? The equally obvious fact that we then don’t do it is one for the psychologists and later blogs, but does lead me into my other reaction:-
The horror that we should be 50+ years into IT services before this seems important to enough for people to give a trendy name. How on earth have we survived this long without a “collaborative and productive relationship” between the people who build something and the people who operate it? And bear in mind both those groups are doing it for the same customer (in theory anyway).
To be fair to IT people though, perhaps this is an obligatory engineering practice we have picked up. Who remembers the days when getting your car repaired was unrelated to buying it? You bought it in the clean and shiny showroom at the front of the dealer, took it to the oily shed around the back if it broke. One of the things that has seen a step-change in the car industry – and is also changing ours and most others – is the realisation that we are now all delivering services and not products. So we are finally realising that long term usability and value is what defines success, not a shiny new – but fragile – toy. In fact, thinking of toys we all recall the gap between expectation and delivery of our childhood toys – the fancy and expensively engineered product that broke by Christmas evening compared to the cheap and solid – be it doll or push along car – that lasted until we outgrew it.
The car industry saw that happen – and we now have companies leading their adverts with a promise of lifetime car driving with their latest vehicles – with the mould really having been broken by Asian manufacturers offering 5 year unlimited mileage warranties. That was about selling a self-controlled transport service instead of a car – and really that is what most of us want. Amazing strides taking place on that front, of course, being taken by companies like Zipcar who have thought simply enough to see there is no absolute link between that service (self controlled transport) and car ownership. (Some of us want other things from a car of course – but that just leads us into the key first step of any successful service, know what your customer(s) want.)
Why I get so interested in all this is its basically what I’ve been saying for the last 20 years – my big advantage is that I came into IT from a services environment (I worked in a part of our organisation called ‘services group’) – and I never really understood why IT needed such a large and artificial wall between build and do. ITIL was (in large part) set up to try and break down the walls – initially an attempt to set up serious best practices and methodologies within operations to match what was already alive and well in development (hence the original name of the project – GITIMM, to mirror SSADM).
So … what am I saying? Please take devops seriously if that is what is needed to get better services. The complexity we need to address now means we have to stop maintaining any practices that prevent good ongoing service design and delivery. If giving it a name and a structure helps then let’s go there.
One of the things I am most proud about in the books I have contributed to is that we made up a fancy name for something good people already did (in our case early Life Support) – the intention was to give it profile and then people would add it to job roles and actually start to plan for it and then, finally, do it better.
Of course that brings with it the chance of looking like the emperor in his new clothes once you examine the detail and originality too carefully. But that’s good too – clever and original usually = doesn’t work too well at first. Solid old common sense (eventually) seems to me to offer a much firmer foundation to build on.
We need good foundations because the situation is actually a lot more complicated than we pretend – multiple customers, other stakeholders, users, operations as users – enough for a dozen more blogs, a handful of articles and a book. So … I’d better get on writing – and maybe so should you?
 Seems so to me anyway – the Delphic oracle was widely believed, responsibility free and most of those who used it didn’t understand where the knowledge came from.
Are you interested in learning more about Cloud Computing and Virtualization? Be sure to register and attend these two community webcasts happening this week on June 8th and 9th. These promise to be very informative events you don’t want to miss!
WEBCAST on Wednesday, June 8, 2011 at 11:00AM Eastern USA Webcast title: Get your image sprawl monster under control – secrets to image management from an expert Sign up for this webcast here
Description: Companies have embraced virtualization primarily to impro! ve utilization of hardware and save costs. However, virtualization especially on x86, has led to significant growth in management costs. Much of this increased cost stems from growth in images. We will discuss some of the key challenges around managing images and how IBM is taking a holistic approach to solving these pain points and restoring control.
Speaker: Ruth Willenborg, IBM Distinguished Engineer in IBM Software Group, Tivoli
WEBCAST on Thursday, June 9, 2011 at 11:00AM Eastern USA Cloud - Extending your virtualization into the cloud Sign up for this webcast here
Description: The benefits from cloud computing seem clear: cost reduction, better flexibility, scale to meet business demands, etc. However, getting to cloud involves a lot of decisions Learn how some of your colleagues are leveraging Tivoli solutions to automate virtualized environments and move to private clouds.
Speaker: Mohamed Abdula, IBM Director, Service Automation and Cloud Solutions Product Management and Bowman Hall, IBM Director, Cloud Computing Client Engagements, IBM Software Group
Today's post comes from Sandy Hawke, Manager IBM Security Solutions.
I recently presented to the ISACA community on a live webinar. I focused the discussion on how to leverage automation to improve endpoint security and compliance. The archived webinar is available here. Just as a brief background, ISACA is an international professional association that focuses on all aspects of IT Governance and has over 95,000 members worldwide.
The online event drew a pretty substantial audience which is good, and yet a bit surprising in two key ways. First of all, many of the recommendations I made to the audience were not radically new concepts, but basic foundational controls that all security professionals agree are critical for achieving and maintaining solid security and demonstrable compliance. So haven't they heard this story before?
Maybe not. And that's the second observation. Most of the ISACA membership is in the IT audit/Risk Management line of business. While they're not the folks who are implementing security technologies on a daily basis (i.e. "hands at keyboards")- they are keen to understand how security is implemented, how it works, how automation can be used to facilitate audits, etc. And that's the new trend we've been witnessing. While the audit team knows what the policy controls should be, they may not know if/how these controls get enforced, maintained, monitored and reported on- essentially how security is "operationalized." The more that they know what's possible with respect to security operations and automation, the better they'll be at knowing what questions to ask IT operations during audits, what technologies to recommend, etc.
Years ago, the IT Audit/Risk Manager organization and activities were kept quite separate from the IT Operations/IT Infrastructure teams. And at the time there were pretty good reasons to keep these groups as distinct as possible- you've all heard of "keeping the fox out of the hen house" analogy, right? The IT Audit/Risk Mgmt teams could set and enforce policy and conduct assessments that wouldn't be influenced by the operations staff. Well, with the advent of converging technologies, economic trends, and the increased importance of measuring security investments and compliance program- in real time, these groups are coming together. More so than ever before.
And technologies that can foster that type of trust, cooperation, and collaboration are indispensable.
This weekend partners, developers, and IBMers will be descending upon Orlando, Florida for Innovate 2011, the Rational Software conference.
Not surprisingly, Rational's "first cousin" Tivoli will have a prominent presence at the conference, including 30 sessions that highlight the Tivoli/Rational integration, six booths in the Solutions Expo, and several executive speaker slots.
Tivoli delivers innovative solutions to address business priorities, with Integrated Service Management providing the Visibility, Control and Automation™ to overcome growing complexities and keep up with global competition. But more specifically, Integrated Service Management is the catalyst that can smooth out the interactions between development and operations for IT and business professionals across all industries.
So, I was at Pulse this year and was the source of a pretty constant ridicule for carrying around what felt like a fifty pound laptop bag.It was horrible, and inconvenient, and not even effective.I had hard copies of schedules that were out of date about 30 seconds after I clicked print.By the end of the conference I had calluses on my fingers and I couldn’t walk more than about ten steps without having to change hands.It was really a constant reminder that I need to go to the gym more.
Anyway, interestingly enough, most vendors in the endpoint security space have basically adopted this same approach in designing their technology.Incoming attacks get blocked by signatures, and in order to keep you “prepared,” some companies just create and update these huge signature files, shoot them across the network, fold their hands and hope they get properly installed, and then get right back to work because the files they just sent are more or less immediately out of date.I can tell you from experience that lugging around a bulky bag of incomplete, outdated information is no way to do your job.It’s also no way to keep your employees, and by extension, your company, ahead of threats.
What companies need to do is focus on what a defense-in-depth of the endpoint would really look like.It means you need a lot of things.You need to have antivirus and firewall protection.You need a patch process that actually works.You need centralized policy management that is easily enforceable.And, of course, you need all of this in real-time.Until recently, that also meant you needed a lot of aspirin.
With its acquisition of BigFix last July, IBM basically invested in the convergence of security and systems management, two pieces of the operational infrastructure that will continue to become more intertwined.You can’t just write the policy, or obtain the patch, you also need to be confident that these changes and updates are continually being enforced at every single endpoint.Try automatically applying patches to computers that aren’t turned on and you’ll pretty quickly understand why convergence is so important.
Up until this week there were four offerings that were part of the Tivoli Endpoint Manager suite of products, all of which are managed under the same roof.We have solutions for lifecycle management, security and compliance, power management and patch management.This week, we were pleased to announce Tivoli Endpoint Manager for Core Protection, a solution designed to add another layer of depth to your endpoint security posture.Tivoli Endpoint Manager for Core Protection is the result of the relationship between IBM and Trend Micro, and offers the real-time, lightweight threat protection that other endpoint security solutions can’t really compete with.
I spoke earlier about how other vendors were sending these huge signature files across their network, files that were outdated before you even figured out how to install them on your PC.Tivoli Endpoint Manager for Core Protection is different because while it does employ the use of some signature files, it also leverages the cloud to reduce the amount of information that needs to be sent across the network and also provides the real-time protection that static signature files cannot.As the cloud is updated with the latest threat information, so too are all of the endpoints that are in conversation with that cloud.
This has proven to be extremely effective. In a recent third party test, the Trend Micro technology blocked 100% of all incoming malware (the second place competitive product came in at 77%) by taking a multi-layer approach. Nearly all (97.5%) of the malware was detected and blocked in the first layer (URL reputation) and the remaining pieces of malware were blocked in the two subsequent layers of defense. Now, here's where it gets even more impressive. An hour after the original test, they again tested just the malware that got through URL reputation, but this time it did not get through even that first layer of defense. This is protective technology that is updating and hardening its defenses as new threats come in.
I don't think I really need to explain the importance of endpoint security to anyone reading this. We all have different things at stake, whether it's your back accounts, your music collection, confidential information for work or even just a photo album. What I can say is that 77% isn't good enough when it comes to protecting any of those things.
The strength of Tivoli Endpoint Manager is that it combines first-rate security with the systems management capabilities needed to ensure that protection is deployed across the entire infrastructure. When it comes to endpoint management, it's about no longer looking at technology in silos, it's about understanding why and how we can integrate different complementary offerings. Tivoli Endpoint Manager is built on that philosophy.
For more information about Tivoli Endpoint Manager, please visit:
This new version has a number of features that extend NetView's extensive IP management and automation capabilities. With NetView for z/OS, customers are able to efficiently diagnose and correct network issues to minimize application downtime.
One of the key new features to this version is enhnaced Packet Tracing and Analysis. Per the Announcement Letter:
Packet trace: The NetView IP packet trace function has been enhanced to analyze the data in a packet trace to identify potential network and system problems. This enhancement significantly reduces the time needed for problem identification and diagnosis. From within the packet trace session analysis, individual connections can be dropped and the packet trace data can be saved for later retrieval or further analysis.
Other new features include a new consolidated message log (Canzlog) for NetView, z/OS system, and job logs, as well as support for the GDPS Active/Active continuous availability solution.