Just about my very first experience in IT –
brought onto a project as a customer ‘expert’ – was listening to the IT guys
debating how to make use of the data we already had on the old system. In my naivety
at the time I had thought computers used ‘computer language’. Quickly I
realised they were more like people than I had suspected – that there were lots
of computer languages, and each computer spoke only one of them, and could make
no sense of the others.
Now, in the interceding years (some 27 of
them L) great progress has been made – we expect computers to talk to each
other. This almost universal technological communication ability sometimes
blinds IT people to the fact that human communication has not evolved
Until we perfect direct thought
transference, all the communication we do, whether written or spoken, texted,
tweeted or painted on the walls, relies on a two stage process. First you put
your ideas into words (usually words and sometimes also gestures or pictures –
or a combination of all three). Then someone else has to take those words etc
and turn them into thoughts inside their head. There is always an ‘encrypt/decrypt’
section to human communication.
Now that can get messy, confusing and
create all sorts of mistakes in delivering the message. You probably wouldn’t
design it that way. In fact in a pure IT context we would be looking at ways to
deliver direct communication in a standard format from one system to the other.
But people don’t work that way; it is what we have and we need to work with it.
Communication isn’t just about being accurate;
I think it is better measured by whether it is useful. In IT, people still manage
to get the communication spectacularly wrong by not thinking about the whether
the customer (or client or user) is equipped to decrypt the message. As one
example, here is an error message I got on my screen the other day, apparently
intended to inform me why the software couldn’t do what I had asked it to do: “Unable to contact the target back-end forwarding host (proxy target)”. I presume that made perfect sense to the person who set the
software up to deliver that. They were maybe a great programmer, but evidently
not a human communications specialist.
It’s easy enough just to dismiss this as
one more version of ‘Computer says no’, but why is it no surprise? Maybe it’s because
we still seem to think it OK to throw our jargon at others who don’t share it.
Or maybe we forget they don't know what we do. Actually, to be fair this is not
only an IT thing – ask anyone who has been caught on a French train having
failed to quite understand the printed message exhorting them “composter votre
billet”. (And if you don't already know but intend to travel on a French train,
trust me, you need to find out what it means, but it isn’t a French word that
they usually teach you in basic language classes. A classic case of
encrypt/decrypt failure in a service management situation that has nothing to
do with IT.)
The technologists amongst us love the
challenge of integration, communication across platforms etc. but there is
recognition that this is expensive and should be unnecessary – an area where
standards and commonality help everyone. Why do we forget our most common
encrypt/decrypt situation – getting a message from one mind to another.
I hope that the irresistible tide of
universal cloud adoption and pervasive social media communication will solve
all these troubles – and allow us to concentrate on the people issues more. But
so far the social media snowball doesn’t seemed to have reduced jargon – quite
the opposite. Those of at a certain age are now totally incapable of
understanding what are children are saying, even when they give us access to
their on-line worlds.
Actually, this is fresh in my mind now
because it forms a little game we will play during my talk at Monday 5th
March at Pulse – our big SM event in Vegas next month. I plan to have people
encrypting and decrypting during that session. I am interested to see how they
get on, and hopefully to make them realise there are some simple tools we can
use to make things better. Nothing magic, and the same techniques we
demonstrate in the simulator. Mostly they rely on establishing common ground –
establishing communication channels and learning what will work, by finding
shared understandings, and by relying on more than words alone when it makes a
The best part about all that is that from
the outside it might look like gossip and drinking at the bar – but we realise
it is building business critical communicating platforms and channels. The message
that things can be both fun and relevant at the same time is also part of the
So, if you are at Pulse maybe you will be
able to come along at 6pm on Monday. If not I hope to get the chance to
encrypt/decrypt with you at another event this year. And thank you for your
efforts in decrypting this message, I hope it wasn’t too difficult – and I hope
it has some resemblance inside your head to the one that was in mine.
Guess who's going to be making a guest special appearance at the Solution Expo at Pulse?
No, not Maroon 5. (though they will be performing at Pulse on the Tuesday night in the Grand Garden Arena)
The answer is Watson!
The Watson Experience is a demonstration that illustrates how managing big data and applying analytics can help businesses gain meaningful insights. Watson shows how we can confidently make decisions through ranking answers, and handle structured and unstructured data by running hundreds of different kinds of analytical queries across all different kinds of information.
And then on Day 3, Manoj Saxena, General Manager of IBM Watson Solutions, will provide a glimpse into the innovations of the future with a talk on how IBM and leading clients are "Putting IBM Watson to Work." This keynote will offer insight into how the advanced analytics used in Watson are being put to work in businesses around the world to solve some of the industries biggest challenges, leveraging Cloud Computing. Manoj will highlight IBM’s strategy to commercialize the Watson technology with embedded industry content and how it complements an optimized, integrated cloud-based IT environment.
So be sure to pay an up close and personal visit with IBM's most famous game show contestant, and learn how it can help businesses prosper!
That’s a paraphrase of many quotes – but
whichever famous quote peddler you choose, it is surely a mantra of sorts for
successful service management. To me it
neatly addresses two key points:
It is no good meeting all the metrics that you set for yourself
if that only makes your performance look good to you – it’s the customers’
opinion that matters because they are the ones providing the money to make
it happen – and they may well stop doing that if they aren’t impressed
What people perceive is based upon their situation and
knowledge as well as your facts.
I had some first-hand instruction on this
recently that helped my understanding. Both were a little funny at the time but
maybe with some serious messages.
Firstly two different perceptions of what
must have looked very similar situations to a detached observer – driving last
year down a fast dual-carriageway road.
Both times I was on my way to my father.
First time an ordinary sunny day. I am driving at ‘about’ the
speed limit of 70 miles per hour – and a car comes hurtling up behind me
and sits a few metres behind me with the driver clearly impatient that I
am holding him up. I ventured an opinion as to his personality –
considering him less than sensible, some pushy-salesman type, and
certainly not deserving of my moving quickly out of his way
Two months later I am driving down the same road – only this
time I have been summoned to my father’s hospital bedside by medical staff
with the line ‘I think you should get here as soon as you can’. Now I am
doing a lot more than 70mph, and find myself slowing down to 75 and
hanging on other cars’ back bumpers amazed at why people can’t simply get
out of the way – surely they can see I have to go quicker than that.
So – good guy or bad guy? Depends on what
you know, and that depends on what you are and what has happened somewhere
The other one, I feel the need to share all
hinges around those daily gifts we get form our dogs. Each day I take our dog
for a walk in the field behind the house. The field is just the other side of
the fence and hedge around the back garden, but to get there you have to go out
the front, down the road through the alley and back – about 300 metres or so.
Now dogs, being dogs, use the daily walk for relieving themselves and people,
being only people, are left to pick it up in plastic bags and carry it. But
since our walk takes us back down the other side of that garden fence, rather
than carry the little bags round the field, I toss them over the fence and into
our garden, to pick up and dispose of when I get back. So, I am doing this when
I realise I am being watched, by another man out walking his dog. Thinking
about it afterwards he just sees someone flinging doggy doo over a fence into someone’s
garden. He did not speak, but did manage a look that clearly had me well below
pond-scum in any kind of social acceptability league table.
OK, so some examples of skewed judgement
based on incomplete knowledge, we all have lots of them – and please feel free
to send in any good ones that have happened to you.
Very few of these matter in everyday life –
we shrug and move on and usually never see the misunderstanding or
misunderstood person again. But when it matters we need to establish
communication to get some idea of the events that drive perceptions of those
who we will interact with long term. This is why we know things about those we
live with and care about – their favourite colours, the foods they like and
dislike, which football teams they support and lots more. That is worth doing
because these people matter to us, and because this makes both their life and
ours more pleasant.
So apply this to work, how much more
pleasant – and easier – will your life be if your customers are happy with you,
if they understand what you are doing and you understand what they care about.
That simple idea is at the core of a lot of my work these days – in the
simulation games and the presentation at events. It certainly underpins the
talks I am slated to do at IBM’s Pulse and itSMF Norway in March.
If I go back to the first set of two
bullets I wrote at the start of this piece, they are trying to say that you
need to know how your customers – and maybe other stakeholders – are feeling today. This will drive how you address
things. So customer perceptions influence prioritisation – standard best
practice stuff. What I was trying to point out in my driving example was that
those perceptions and attitudes are anything but fixed. Just because you know
what mattered yesterday, doesn’t mean you know what will matter today or
tomorrow. There are clues and signs you can look for – find out what things
affect your customers attitude and monitor those yourself. Again that is
something we can do fine at home – we are aware of some of the influences that
change attitudes and perceptions on our loved ones – be that exams the next
day, football on the TV tonight, or a fight with a friend.
Maybe what we need is more formalised
gossip at work – because it is often the conversations that don't seem to be
about work that tell us most about how our customers will react – and more
importantly how they want us to react. One thing the 21st century
has brought us – big time – is new ways to gossip, or should that be freely and
rapidly exchange more information than we ever dreamed was possible. So, maybe
this is just one more business benefit of social media, one that delivers its
success by not being so obvious?
Actually, I don't care how you gather more
understanding of your customers concerns and perception influencers use every
means you can. You could do worse than simply going to visit them, talking and
listening. Set yourself a target perhaps – name one thing that would change
your customer’s priorities, and then ask them if you are right.
This year at Pulse, we will be running another Cloud Service Management Simulator Workshop. If you are interested in attending, please send an email to firstname.lastname@example.org
What is it? -The
IBM Cloud Service Management Simulator Workshop is a hands-on,
interactive simulation game which focuses on the challenges and business
value of implementing service management best practices in the context
of a realistic scenario. -During the workshop, you'll use
gaming and role-playing dynamics to mirror the real-world interaction
between IT and the business, from both a strategic and operational
-Over the course of the session, you will
experience a transformation from chaos to order, and learn how the
right balance of speed, accuracy, and prioritization in problem solving
can translate into a superior business outcome.
What's in it for you? -Accelerated
and breakthrough understanding of ITSM and ITIL best practices, which
you can take back to your company to assess how these can contribute to
your organization. -Better understanding of how the effectiveness of IT processes impacts the business.
-A fun interactive experience!
When is it? -Sunday, March 4th, from 2:00pm to 5:00pm, -MGM Grand Hotel, Las Vegas - Room 306 (Level 3 of the hotel conference center)
-We deliberately chose this day and time, as it does NOT conflict with any other sessions.
We live – more and more – in a world where everything that matters can be done on line, where we see and hear better on screen than for real.
You can now take an active part in the world – and potentially run a successful business - without ever leaving your home, possibly without getting out of bed.
And even when we do turn up for real we spend a lot of our time watching things on a screen – be that the presenter or performer in a large hall or the action reply on the giant screens at a football match
You will have seen in the promotions and advertising, that the key presentations from IBM’s show-piece service management event – Pulse – running on 4-7 March in Las Vegas will be streamed live on the web to the warm and cosy comfort of your home.
Despite how easy and good the virtual feed of sessions, chat and information were, 7000 people did get out of their beds in 2011 to travel to Las Vegasand actually be at Pulse, just as thousands turn out weekly to watch football at the stadium when they might have had a better view of the action by staying at home. And even formula one motor racing gets sold out attendance when you can never hope to see much of the race in person compared to what the TV coverage offers.
It seems that there are still good reasons to actually be there – not to put down the value of connecting to the live web streams, but even in the 21stcentury, people learn from people. Pulse is a big and excellent example, but throughout our community we see conferences still being successful and drawing people together to share experiences in surroundings that the virtual world can’t quite match yet. As well as the formal sessions at conferences and events, the networking opportunities of being with others in similar circumstances delivers real benefits – comparing notes with our peers from across the world.
Technology is good – and joining conferences on line is way better than missing it altogether, but people-to-people still has a lot going for it. I’m looking forward to the combination – the atmosphere of really being there and mixing with everyone in the exhibition areas – and over a sociable beer or two at dinner. And of course the added value that streamed interviews and 'watch again on demand' that is available over the web.
This amalgam of real and virtual seems set to be the conference norm for a good few years still – 7000 people at pulse thought so last year, and thousands went to itSMF conferences around the world in 2011 too.
And Pulse is in Las Vegasof course – where could be more appropriate for the combination of real physical existence with technologically driven enhancement - a bit like Red Dwarf's famous 'better than life' game. J
Do you think virtuality will one day totally replace human gatherings? I guess eventually it might, but for now I intend to enjoy both at once and count myself lucky to be alive at the right time to do that.
You can find out all about Pulse – physical and virtual offerings at www.ibm.com/pulse.
See you there – for real, on line, facebook, twitter and more!
If you have spent five minutes with me, you have probably heard me rave about the "WTF" podcast from Marc Maron.
It is the first topic of discussion when I talk to a friend of mine (second being Doctor Who).
The reason WTF works is that you have a veteren comedian (Maron) who knows the questions to ask. Who understands the journey. Who can have the types of discussions that lead to places you and I wouldn't think to go.
Maron is on the short-list of great interviewers. His podcast is one of the few times where the word "fascinating" really applies.
There are a number of reasons to attend (and if you read the Pulse Blog or follow #ibmpulse, they're too numerous to list here).
We announced that Woz is one of our keynote speakers.
Well, the format for this keynote is going to be a little different. He is going to be interviewed by none other than IBM's very own; Grady Booch (@grady_booch).
Grady is an innovator in the same vein as Woz. He was one of three individuals who invented UML.
As someone who worked for a company that relied heavily on UML (which I'm sure is the same for many readers), it's like "Memphis" Raines meeting Henry Ford. He's pretty much the reason a number of us are where we are in this industry.
UML. The Apple computer.
Grady and Woz were not only on the ground floor of technology revolutions, but they both built most of the foundations.
Between the two of them, they personify the type of innovation that we promote at Pulse 2012.
I can not stress this enough: innovation is the differentiator. It's what puts our clients in the leadership position in their industry. It's the thing that organizations playing "catch up" are trying to chase down.
Pulse is about not only helping you find the solutions to drive your innovation, but it's also about mindset. It's about thinking like an innovator.
Thinking like Woz and Grady. Getting you there.
And a keynote like this, with a real in-depth discussion between two of the best in the business. It's gonna be fascinating and you need to be there.
As I wrote last week, I am looking forward to delivering more simulations over the next weeks and months, I always enjoy the buzz of working with people rather than sitting in a lonely room hitting keys and listening to the dog snore.
I went through my technologically savvy period some years ago (back in the horse-drawn computer age). For years now I’ve felt that the biggest scope for improvement in service management is through the people part of the famous trilogy of people, process and technology.
It’s important though to be sure that we don't forget it is a trilogy – in a recent presentation I used a picture of a milking stool to make the point: three legs, if you have problems in any one of them you will fall on the floor, spill the milk and fail to do your job.
So the emphasis on people is not because we don't need the technology – it’s because there have always been plenty of people selling the technology hard in our business. And it sometimes seems to me that there are people even keener and more excited to buy it – each one as much a fashion victim as the lady horrified she’ll be spotted in last year’s shoes. But – for sure – we do need good technology. Of course, I work for a software and technology company so I would say that, but that doesn’t make it wrong.
And process is still vital – that is the first level of learning that comes from our simulation games – not knowing what needs to be done usually means you don’t do what needs doing. I remember getting excited by process when I first understood how to see and then improve them. I remember also how much better ITIL V2 was than V1 when we went ‘process focused’ – and how modern and nifty we thought we were.
But again – there is no shortage of process champions, so forgive me if I keep harping on about the people. There are more of us than there used to be pushing the importance of people. Paul Wilksinson, of course, has been – and still is – a trailblazer, although he is still obliged to play the prophet because the vast majority of our industry still needs to be converted to the simple reality; that no matter how cool your IT gadgets and software and no matter how carefully researched your process, if you don't keep the third leg – people – strong and secure then things simply won’t work.
Successful politics is called ‘The art of the possible” and I am aware we – those who believe that people factors are the biggest stumbling block to successful service management – need to play that game too. No point (yet) trying to make everyone totally people focused – our efforts through the simulators and suchlike are to at least get IT managers to realise that the quality of the services they deliver does depend on people aspects. It’s simple stuff really, like people talking to each other, finding out what things matter to them.
Strangely enough, this is the kind of thing we do well and automatically outside work, but somehow it becomes so much harder when it gets all business related – maybe we like to take sides at work, or think the office is too important a place to act human in. What is about being in the office (or Datacentre or shop floor or whatever your work looks like) that strips us of some basic level of humanity? We seem able to talk to our colleagues at work about non-work things – last nights TV or football, fashions, music etc – but not about their work wants and needs.
Of course there are exceptions – we need to capture and promote these to help us get the message across. My favourite is a reversal of the norm I just described. It is from a UKgovernment department where a cricket match between IT and Finance was being played out one evening. Due to Finance’s excellent bowling there was a hiatus since the batsmen were being dismissed faster than the next one could get the equipment on. During this pause the non-striking batsmen (from IT) was chatting about work and they solved a issue that had turned into a long running fight between managers. The managers had stood on principles and formality instead of talking about what was actually wanted. The issue was solved by these real workers getting a mutual understanding through the revolutionary approach of talking and listening to each other.
That’s what we shall be trying to do with the delegates to our simulation sessions – and in other ‘take the people seriously’ initiatives. Do you have some good stories about how much difference it makes when your people are able to understand each other’s perspectives? Be great to hear them. Be even better to catch up at one of the forthcoming simulations, or to see you at Pulse in March and we can talk – and listen - over a beer. J
 Apparently coined by Bismark, but I first heard it used by Harold Wilson in the 1960s
Well, we are well into 2012 now and we have just about got though the ‘my predictions for 2012’ phase and in to ordinary routines again. Whatever the predictions, like with most years I predict that 2012 will look a lot like an older version of 2011.
There is still talk of recession, companies that struggled for funding in 2011 are no richer, Cloud is still talked about by a lot more people than understand it.
On a personal level 2012 has already delivered some of the improvements planned in 2011 – and I hope the same will happen workwise. Next major thing on my work horizon is IBM’s big service management show – Pulse. Back again at the MGM Grand in Las Vegas we are promised it will be bigger and better than ever. I understand that bigger is important in as Vegas but I am usually even keener on better. Actually though, to be fair I am delighted that ‘my bit’ at Pulse looks like being bigger this year – with not one but two chances to deliver the cloud-readiness simulator on the weekend before the show itself starts. In fact there will be a strong focus on simulator this year with our team being on the exhibition floor to explain what, why and how they can help you.
Of course – like I implied above – this isn’t exactly new, but it is proven. Of course there will be lots of new stuff available – geeks welcomed and catered for. The technologists will – of course – be well catered for with lots of ‘future possibles’ and indeed a vision of some possible futures too. But service management’s primary focus is not on what might happen next year; it has always been about delivering value this year. In fact one of my favourite aspects of service management is how it rests on widely applicable principles, even though how they are applied might alter. For example, while change management processes in a cloud environment might need different considerations to make them most effective –the basics remain. I was working in service management long before I ever touched a computer. I remain constantly delighted to discover that lessons learned 30 years ago in supply and transport are still relevant to the 21stcentury IT based services we manage today.
So, if you are going to be at Pulse come along and tell me whether you agree that old-fashioned service concepts are still valuable – or come and explain why dinosaurs like me should be swept away by the meteor strike that is cloud. Either way – at Pulse or elsewhere – I look forward to good, informed and enjoyable debates. Good to think of the new year building on the successes of the old – at home and at work.
 If you follow me on twitter - @ivormacf - you will know where and when I will be in terms of events. Useful, whether you want to know how to find or to avoid me – same thing works both ways.
Over the recent Christmas break, I found
myself at lunch with an Enterprise Architect and the
conversation turned – as it does - to the future of the IT industry.
we agreed on the
topic of what IT jobs and attitudes should be over the next 10 years – others at the table disagreed with us – but that’s a topic for another blog
Now I live in a Service Management space, and so clearly I
know that everything – at least everything about creating and delivering IT
services – is wholly contained within a complete picture of service management: because
everything flows from the need for the service – in terms of value conceived,
engineered and then delivered to the customer.
So, imagine my surprise when the enterprise
architect (let’s call him Kevin J) came out
with the phrase – introduced as though it were universally accepted knowledge –
that everything is contained within the concept of enterprise architecture and all other things fit inside that. Well, you would think that one of us has
to be wrong – but maybe not?
Seriously though, I do realise that each
of us has a coloured view of the world. But even when you know you might be, if not actually biased, at least running along familiar tracks rather than striving for
objectivity, it can still be a surprise when you run into what seems a different
Of course – in this instance it isn’t
really a different perspective at all. Human Beings to tend to fit external
matters into handy pigeon holes – and those pigeon holes are inside our own
pigeon house – service for me, EA for Kevin.
Maybe we just need to get all these
different perspectives in one room and get them to agree on which view is
right? I suspect, however, that this has been tried – and failed. Because it
isn’t conflicting theories we are dealing with here. Instead it is that
familiar old chaos machine – people and perceptions. They are all right (and
all wrong too of course, but this early in a new year let’s try and be
Trying to look at the situation
simplistically, it seems to me that we have had lots of good idea over the last
20 years or so that have been helpful – but we live in a complex interrelated world and each
successful approach brings you to an edge or interface where you are dependent
for further success on the neighbours. Human nature makes us jump to the
conclusion that if the neighbours used my approach then they would do better.
Maybe it’s true but maybe it’s not – maybe we have as much to learn from the
neighbours as they have from us?
Let’s analogise that to real neighbourhoods. Is there anyone who doesn’t think things would be better if their neighbours
behaved more like them and adopted their processes,and practices – especially
things like where it is OK to park and when it is OK to be loud? But actually
they have slightly different needs (maybe because of things we don’t have like kids and dogs or a job that requires shift working)
and so they do need to do things differently. But still there is much to learn from
each other; simple stuff like where did you get your fence fixed etc and more
strategic stuff like comparing mortgage plans or discussing the best school
Within our IT/services/architecture kind of
world we have
the same chance to benefit from discussions with our neighbours. And just like
with our domestic neighbours, the best way to get along and help each other is
by accepting others’ perspectives as equally valid. It is good to see
initiatives like devops starting
to encourage this. My major familiarity over the past 20 years has been service
management but I can see both lots to learn from our neighbours like EA and
development and also lots we can help with too.
Have you spoke to your neighbours recently?
And if so was it with a predisposition to teach or to learn?
I recently had some first hand experience –
from the receiving end – how much of an effect genuinely good customer service
can have. The experience started in dismay but was recovered well beyond
Anyway, to start at the beginning ….
I had to go and ‘swear an affidavit’ –
which for those of you not into the jargon of jurisprudence means to formally
promise what you are saying on a form is true. In England you can either pay a
solicitor for this service, or you can get it for free at the county court. So,
of course, I went off to the County Court.
Now, it started, I admit, with me failing in my responsibility to be a proactive customer. I did not think
through what I knew. County Courts in England are where the most
serious crimes are tried, so it is where the most dangerous criminals would be.
A moment’s thought, therefore, would make it obvious that there will be fairly
impressive security. But of course I was just thinking about delivering a form
so the metal scanner and request to empty my pockets took me by surprise. And
my producing my Swiss Army penknife from my pocket sent the security man into
action. The knife was confiscated – suggestions that I wasn’t even in the
building yet and could just go back, leave offending items in the car and start
again, were not allowed to be considered. I was told that I could not get my
knife back when I left but instead I needed to write in to the court manager
asking for it to be returned by post.
So, I had a perfect example of a ‘Moment of
Truth’; putting me instantly, and very extremely, ‘anti’ the staff and the
processes. It seemed obviously the staff are required to leave common-sense at
home and not bring it to work with them.
And thus, in a bad mood I reached the court
officer with whom I was to sign and swear that my forms told the truth. She
spots my mood, finds out why and explains that the rules are for protection and
cannot be altered – causing no improvement in my mood. She then looks at my
forms and points out that I have not brought all the right documents – and then
throws in for good measure that my solicitor has supplied my with the wrong set
So … it is now clear to me that I have
driven into town, paid for my car parking, lost my knife for the duration and
all for nothing because my paperwork is wrong. But fear not – after this it
gets better. I had been expecting a businesslike word or two of sympathy and if
I allowed myself a glimmer of optimism then maybe even an explanation of what I
needed to go back and fetch, so that it would work when I came back.
Instead the lady reacted very differently.
She pointed out that the forms I have forgotten are copies of documents they
already have lodged with them, and that they have blank forms of the right
kind. She fetches the missing forms, lends me a pen and helps me understand
what is needed on the right form, checks it through, makes corrections and then
duly witnesses it and formally logs it in the system as sworn and correct. As she
put it “Well the purpose is to get your stuff recorded, if I can make that
happen then why wouldn’t I help?”
Of course she was perfectly right, her job
is to help get these things done, and so thinking for herself and helping
people get there is an obviously correct attitude. Isn’t that exactly how
everyone in service delivery sees it?
Well, of course we all know that it isn’t –
not yet! The sad aspect of this kind of story
is how surprised we all are by them – that they are worthy or repeating
because this quality of service is still unusual.’
The key aspect of this story – with its two
different approaches to dealing with the customers - is how much good service
experience depends on customer facing staff that are knowledgeable of the
customer’s context and goals. But more than that even, the management trusted
and empowered (at least some of) their staff to use common sense and do what
was right – maybe even if it didn’t follow exact procedures.
Are the customer-facing staff in your
organisation trusted and empowered? If not, is it because they can’t be
trusted, or because they have been given the knowledge? Or is it just that
no-one has ever thought it would be a good idea to trust and empower them? What
happens in your organisation – do you get good service or do you a strict
process delivered, whether or not it is appropriate?
Last week the IBM attended the UKI itSM Forum and what a
great event it was! Some really thought provoking and motivating sessions, as
well as some truly interesting conversations with our clients and
Below are a few of the highlights from the sessions attended
- would be great to hear anyone else’s thoughts on what their key take-home
messages were from the event.
Session 1 – Introduction by Barry Coreless – Chairman of the
Barry talked about how he sees the future of ITSM – the
growing automated and ever more complex tool sets, and an ever increasing
bewildering array of devices. The main
take home message for me was that he believed that organisations that linked
best practices and industry disciplines are the ones that will truly succeed.
Session 2 – Keynote from Baroness Tanni Grey Thompson DBE
A fantastic motivational speech from Tanni – including memorial
statements like “if you are going to spend time thinking... then think BIG!” She spoke about why it is important to think
about how you can be the best you can be and how individual success if not
always about the individuals themselves, but about the team they have around
them. Tough times call for tough
choices, she continued, and it is how you deal with these, improve and move on
that is what will make you successful.
Session 3 – our own Ivor Macfarlane – Can IT people be
Ivor was introduced as a man whose middle name was “ITIL”
and clearly his reputation preceded him, as we had a full house with over 60 of
the 300 delegates in the room. Ivor spoke
about how Service Managers generally have a low profile, and are orientated to
achieving another person’s hopes and desires.
He carried on the debate by saying that the best attribute a Service
Manager can have is to be invisible! Continuing
that if management don’t empower you as a Service Manager then your stuffed! A final take key message was then given, “Go
to the board – change the change process!”
Session 4 – An interactive panel session hosted by Don Page
Some really interesting stats came up in this session to the
questions asked to the delegate audience my favourite 3 below:
1. 1. Cloud Computing is here to stay – what effect
will it have on ITSM?
Major – 43%, A
bit – 36%, A little – 17%, No Opinion – 4%
2. 2. Your business now understands and is taking
seriously the importance of ITSM as an essential business enabler?
Very Seriously – 12%, Lip Service
– 42%, We don’t talk to them and they don’t take us seriously -20%, Don’t Know–
9%, Don’t Care – 17%
3. 3. Should organisations encourage Social Media to
facilitate communication between IT and end users?
Actively encourage and support –
45%, Natural Course – 37%, No -13%, Don’t Know – 2%, No Opinion – 4%
Session 5 – Stephan Mann – Forrester Research - “Anyone
questioning your value?”
One of my favourite sessions from the event, very
interesting to hear an analysts point of view. He started by stating that
Service Managers can’t deal with the value because we don’t understand the
cost, there is little transparency IT costs and the value it brings. He continued saying that costs are
continually being cut, whilst the demand for IT continues to grow. He told
delegates to take an honest look at their ITSM capabilities and short comings,
in context of what business needs, then link IT services to business
outcomes. Final message for me was “Cost
is important but value is more important... if we could demonstrate the value
they would be encouraging us to spend more”.
Session 6 – Martin Neville – Flattening the Curve
In the last session of the day, Martin discussed what companies
should be looking for from their tool providers, and that the best tool providers
are proactive not reactive. He set out ground rules for both sides – be honest
from the start, early efforts pay interest in the long term, perception is reality – stats do not lie, the
time to innovate is at the start – not when things are looking desperate, short term contractual wrangling will damage
the relationship long term and most importantly KEEP talking!
Session 1- Nigel Mear –Solid Air Consulting - Answers on a postcode
Nigel spoke about how vision is our most valuable asset and leadership
is an act, rather than a position. We
need to show up and engage! It needs to be a progressive improvement, baby
steps are ok, and it needs to be realistic, achievable and practical – don’t
aim for perfection, do something practical.
His take home message for me really was for success, we have to
acknowledge the reality of uncertainty.
Session 2 – Christian F Nissen – CRN People, Denmark –
Acquisition and Implementation of ITSM Tools
Another really interesting session, starting with the
question should organisations use a SM suite of tools from one vendor, or best
of breed tools from various vendors and attempt to integrate them. The answer is not as simple as it seems! He
emphasised the importance of running a Proof of Concept before ever fully
implementing a new tool. Organisations
need to ask themselves, is this vendor that is sleeping or evolving and
Session 3 – Dennis Shields - The 2010 Machine
My final session of the day, Dennis opened the session by
explaining people like direction, but believe their managers are out of touch. Bad
management however means the unit will not function properly. People need to be
given clear and fair directives, otherwise efficiency plummets and costs
escalates, we need to take a long term perspective if the company and its
infrastructure is going to be successful.
In summary, fantastic event, and can’t wait till next year!
Today's post comes from Vidhi Desai, Market Manager, IBM Security Solutions.
Today’s business environment calls for information sharing at an unprecedented scale. Sensitive information is shared between organizations, end consumers and even business partners. The biggest challenge that organizations face in doing so, is how to ensure that sensitive information is securely shared with different parties and that the right people are accessing the data. With the adoption of cloud and Software as a service deployment models, ensuring secure access is even more critical and challenging.
Consider a scenario where a government agency needs to share information with different agencies, local governments, citizens or even with other business entities (eg. Revenue agency that needs to share information with citizens and other entities like a tax preparation service). If one of the entities is operating in a public cloud environment, its becomes critical for government to ensure that right person is accessing the right data without sacrificing privacy, security or scalability (party requesting information really is the government revenue agency or tax preparer they claim to be).
Over the past couple years, we have seen how the US government has taken steps to ensure secure sharing of data between agencies with regulations such as FISMA, which was introduced in 2002, bringing attention to the critical nature of cyber security and its impact on national security.
Identity is at the core of any information sharing transaction. Hence whenever an individual attempts to access secure online sites or web portals, their identity has to be verified to ensure they are authorized to view that data. Additionally from the end user or citizen’s perspective, they should be able to set up their identity once and then log in to multiple systems without having to log in multiple times.
Federated identity management is the solution which enables multiple applications to share user credentials based on trust. This is especially critical in supporting cloud deployments for secure information sharing across private, public and hybrid clouds. With federated SSO, users can log on to the sites of multiple businesses and organizations by using the same user id and password, hence gaining a seamless and secure entry to multiple applications.
Tivoli Federated identity manager from IBM is an access management solution that provides web and federated single sign on to end users across multiple applications resulting in improved user experience. Tivoli Federated Identity Manager enables central management of access, enhanced user productivity and facilitates trust by delivering single sign on across separately managed infrastructure domains, both within an organization and across organizations.
Today's post comes from Perry Swenson, Market Manager, IBM Security Solutions.
IT departments at financial services firms are under tremendous pressure to ensure servers, desktops, mobile devices and other endpoints are secure and compliant. At the same time, they’re continually looking for ways to save time and resources in areas like software licensing, patch management, asset inventory and security configuration. IBM Tivoli Endpoint Manager, built on BigFix technology, is helping these firms better understand and manage the status of their endpoints, regardless of where they’re located.
In the below video of Nate Howe, VP of Risk Management at Western Federal Credit Union talks about how Tivoli Endpoint Manager provides real-time patching for operating systems and third party applications and utilities. With over $1.4 billion in assets and 32 branches in 10 states serving more than 120,000 members nationwide, Western Federal Credit Union is one of the leading credit unions in the United States. Nate explains that they now have a single view into all aspects of the systems and security for their 400 employees, 100 servers and 2 data centers, including a better inventory of installed software. And, they can do more with fewer people, which enables them to focus less on infrastructure and more on business applications and enabling business automation.
Another customer that’s realizing benefits from Tivoli Endpoint Manager is SunTrust Banks, Inc. Based in Atlanta, SunTrust enjoys leading market positions in some of the highest growth markets in the United States and also serves clients in selected markets nationally. SunTrust has a highly distributed environment with nearly 1,800 branch locations and no local IT resources at most of those locations. Using Tivoli Endpoint Manager, SunTrust now maintains a 98.5 percent patch and update compliance rate. They’ve also decreased update and patch cycle times from 2-3 weeks to 2-3 days while increasing productivity through automation. Read the SunTrust case study here.
By enabling improved endpoint visibility and new levels of automation, Tivoli Endpoint Manager is a powerful solution to help financial services firms enhance their security and compliance.
questions ready for the next Ask the Expert (ATE) event will be held on
November 8th, 2011 from 8:00 am to 8:00 pm Eastern Time USA. Register for this event The "Ask the Experts Online Jam"
(ATE) is a valuable opportunity for Global Tivoli User Community (TUC)
Members to connect with real-world experts on a range of Tivoli
products. These experts, many from IBM development, are recruited to
answer questions on an array of product topics for a concentrated period
of 12 hours This upcoming ATE event will include experts on Tivoli and Maximo topics including: Asset Management (Maximo)
Tivoli Asset Management for IT • Tivoli Usage and Accounting Management • IBM Maximo Asset Management (IBM
Maximo Asset Management for Oil & Gas /IBM Maximo Asset Management
for Utilities /IBM Maximo Asset Management for Life Sciences /IBM Maximo
Asset Management for Nuclear /IBM Maximo Asset Management for
Transportation /IBM Maximo Asset Management for Service Providers) • Maximo Scheduler • Maximo Spatial • Maximo Linear
Network and Service Assurance
Tivoli Netcool/OMNIbus • Tivoli Network Manager and NetVIew
Security, Risk and Compliance Management
IBM Network IPS • Tivoli Endpoint Manager • Tivoli IAA bundle • z Secure
Service Availability and Performance Management
Tivoli Netcool Impact • IBM CloudBurst • IBM Service Agility Accelerator for Cloud • Tivoli Live • IBM Tivoli Monitoring (ITM)
Service Delivery and Process Automation
Change and Configuration Management Database (CCMDB) • Tivoli Service Request Manager (TSRM) • Tivoli Provisioning Manager
Tivoli Storage Manager (TSM) • Tivoli Storage Productivity Center •
Tivoli Storage Manager for Virtual Environments • TSM for Unified
This session will run from 8:00 am to 8:00 pm Eastern Time USA To accommodate AP and EMEA members, questions may be submitted 9 hours prior to the event. To find the time in your city check out the World Clock meeting planner website. WHY SHOULD YOU PARTICIPATE?
It's free to attend.
Your technical questions will be answered directly from the IBM experts themselves, no middleman!
You may ask as many questions as you'd like.
You can learn more about your products and gain a competitive edge for yourself and your company.
Keep up with the next generation technology, and get the scoop on new product release dates and the improvements being made.
ABOUT THE TIVOLI USER COMMUNITY The Tivoli User Community
(TUC) is the largest network of Tivoli professionals in the world.
With more than 30,000+ members in 138 countries and 160+ local and
special interest groups, the TUC links a global network of users,
developers, business partners, and IBM sales/technical staff. Members
share a common interest in increasing the knowledge of Tivoli and
Maximo software and solutions to solve business problems. Register to become a member today. We look forward to your participation.
It is only a week until the 2011 itSMF UK event in London (http://conference.itsmf.co.uk/agenda.html?event=1) where we are hoping to see and speak to many of our well known contacts and to take the opportunity to meet those of you attending that we have not yet had the opportunity to, be it on the IBM stand (F5) or in our session at 10.45 on Monday delivered by Ivor Macfarlane on "Can IT People be Service Managers?".
The event is always a great networking opportunity for those wanting to share their views with their peers and engage in lively debate over the current industry pain points, as well as hear from the industry experts on how they see the market shaping up in 2012 during some of the 40 sessions that are held over the two days.
This year’s session speakers include (but not limited to) experts from Tesco Bank, Deutsche Bank, Heineken, the Met Office, Barclays Bank,BT Global Services and Pepsico, not to mention keynote from Dame Tanni Grey-Thompson (Paralympics athlete with eleven gold medals and six wheelchair marathons) and Mark Hall (Deputy CIO at HM Revenue & Customs).
We encourage you to visit us on the IBM on our stand – F5, where we will be running a series of live integrated product demos, sharing our newest whitepapers and thought leadership papers. All delegates will be welcome to come and discuss with our technical experts where they think Service Management is heading and perhaps learn about new product offerings and the tools IBM has that can help organisations address the challenges they are facing.
Some ideas that we think will be the "hot topics" on our stand:
How ITUP (a free download for you!) can underpin your efforts in building ITIL processes - and how we are already ensuring it stays in line with ITIL now that the 2011 is here
How we have adapted our key SM software to cloud/SaaS. Come and see Tivoli Live!!
People are your major asset - we can help with getting your staff to 'get it' – with tools like simulator – both classroom and on-line versions
And - of course - the Smarter Planet concept - you've seen the adverts on TV, in magazines and elsewhere – now come and talk about what it really means to real people!
Throughout the two days you will also be able to Play IBM’s Watson supercomputer at Jeopardy!... can you beat it?IBM’s Watson is a real time, natural language processing
We will also be attending the annual Awards Dinner on the Monday evening, so would be more than happy to discuss things over a much needed glass (or more) of wine while listening to Lenny Henry's jokes!
Of course we hope to see you as many of you as possible at Ivor’s session on Monday; in case you have not seen the summary on the itSMF UK website, here is what he will be addressing this year:
“The need for ‘people, process and technology’ working together for successful service management is well accepted. Technology is ever more sophisticated and ITIL and COBIT ensure process is taken seriously, but the people aspect of SM does not get the attention it deserves. Successful services rely on more than creating IT applications and installing technology. Bridging the gap needs more than just adding a little extra learning – it needs a genuine change in culture, attitude and understanding.
The changes required involve focusing on every aspect of the service, how it is to be used and why – and how – it is important to the organization. Effectively, this means seeing it from the customer’s perspective. This talk will approach these issues and aims to illustrate some of the key concepts – using analogy and hopefully a little humour to explore the human elements: • what’s involved • what prevents it happening • the key aspects we should build the new culture around”
Of course will be tweeting throughout the day - @servicemgmt - so make sure you follow us and join in the debate there too!
We will continue blogging after the event, so come back and read our take on the highlights from these two fun-filled days.
Today's post comes from Veronica Shelley, Market Manager, IBM Security.
With IBM's October 12th SmartCloud launch, perhaps you're considering cloud computing for your organization. After all, the benefits of cloud computing are well known. Cloud computing is flexible, scalable, and cost-effective, and it's a proven delivery platform for providing business or consumer IT services over the Internet. Cloud computing can help you cut costs and IT complexity, provide new services to customers, and streamline business processes. Cloud computing is gaining in popularity and may be the wave of the future. Yet, many organizations hesitate to get started due to security concerns and confusion over how to get started.
Perceived risk versus actual risk
Cloud computing may seem new, but the fact is companies have been outsourcing services and technology for years. Providers already deliver hosted technology offerings that are located off-site with client access via the Internet. This is a common scenario for services such as remote storage or hosted email and other software as a service (SaaS) solutions. And just because companies may give up some control to the provider when they move to a cloud-based environment (just as they give up some control in any outsourced arrangement), it doesn't mean they have to compromise on security. By asking the right questions and adequate preparation, companies can build a "trust and verify" relationship with the cloud provider they are working with.
Questions to ask to ensure cloud security
It's important to remember that the same factors apply to ensuring security whether it is cloud-based or within a traditional IT infrastructure. The key difference in the cloud model is that it includes external elements, and those elements will be managed by the cloud service provider. This means companies need to understand the environment beyond their own data center and consider how it impacts the organization from a security standpoint. To help ensure security and peace of mind, as well as a good working relationship with the cloud provider, the client company should always identify and prioritize cloud-specific security risks beforehand. Often, companies will find they have the same amount of control, if not more, with a cloud service.
There are specific tactics an organization can use to enhance cloud security. For identity and access management issues, companies need to control passwords, support privileged users and enable role-based access to these cloud services. With data protection, a key concern is knowing whether or not a company's hosted data is secure, especially if data from rival companies is also being stored on the provider's cloud service. Companies should also ensure the cloud provider is deploying antivirus software on all supported systems that could be exposed to attacks, and ensuring that selected programs can identify and protect against malicious software or processes. From an auditing and monitoring perspective, companies need to determine how the cloud provider is testing and monitoring the infrastructure to meet legal and regulatory requirements.
Reaping the benefits of cloud
Organizations interested in reaping the benefits of cloud can best begin by understanding the security ramifications of a cloud deployment to their business, keeping in mind they can start small by deploying cloud in low-risk workload areas like email services. This easing-in process gives organizations valuable time to become familiar with cloud on a scale that's simpler to grasp and doesn't put them at increased security risk. And as familiarity of cloud and trust in the provider grows over time, companies can expand their use of cloud computing into other areas of business. By following this gradual path, companies can start enjoying the benefits of cloud in a way that's safe and secure.
IOD 2011 is just around the corner, and it should be no surprise that I was psyched to learn that Washington correspondent and anchor for BBC News Katty Kay is hosting the conference.
Full disclosure: I drive a Mini Cooper, I watch Doctor Who and I follow Neil Gaiman on Twitter.
So, yeah. I was also excited to see that she's going to be on stage with great IBM speakers like Jeff Jonas, Robert LeBlanc, Mike Rhodin and Steve Mills.
As if that wasn't enough (and there are a bunch of other IBM speakers not listed), guest speakers Mike Lewis and Billy Beane will also be there. Mike Lewis wrote the book Moneyball: The Art of Winning an Unfair Game and Billy Beane is the VP and General Manager of the Oakland Athletics (the subject of the book).
I know, right? It's a pretty great group of speakers.
Having attended IOD in the past, it's a great show that I know that customers and business partners are going to get a lot of value out of.
Tivoli will be at IOD, and we're looking to meet customers such as yourself who are attending the conference. Here's a list of where you can find us:
IBM Tivoli Ped (Booth 101-04): IBM Tivoli/Predictive Analytics for IT and Service Management
IBM System z Software (aka, System z Zone): OMEGAMON for z/OS Management Suite (Booth 105-05) and System z as Enterprise Security Hub (Booth 105-06)
Smarter Computing Zone (Booth 101 and Booth 515)
IBM Expo Theater (Booth 001): October 24, 05:30 - 06:00 - Consolidated Data and Application Security Management (Session: ISA-4198A)
October 25, 11:15-12:15: Securing Your Mainframe Virtual and Cloud Services With Enhanced IBM zSecure Suite (Session 4153A - Mandalay Bay North Convention Center - Mariners B)
October 25, 2:30-5:45: Predictive Business Service Management Leveraging Performance & Capacity (Session 4142A - Mandalay Bay South Convention Center - South Seas D)
October 25, 4:30-5:45: Security & zSecure at Mariners B – Mandalay Bay North Convention Center (Session #4097A)
We have a website with more details and of course you can follow the conversation on Twitter #iod11 and watch the general sessions on the Livestream.
...and speaking of Las Vegas and IBM Conferences. The Pulse 2012 call for speakers deadline is fast approaching (November 7). See Jen's Pulse blog for the details on how you can submit a session proposal.
Today, IBM has a number of exciting announcements around SmartCloud. It's such a big announcement that we might have to turn it into a national holiday (which wouldn't be cool for the one dude waiting by the mailboxes for his copy of Zookeeper on BluRay).
Why Cloud? Why Now?
When we listen to customers across industries, we hear them tell us about the bold moves they must make to stay ahead of their competition. They tell us about how they need to quickly and efficiently provide new and innovative services to their customers.
Speed to market. Efficiency. Reducing costs.
These are their watch words and they look at cloud computing as a technology that offers these advantages.
That said, there's also a requirement to ensure the same levels of governance they currently have set in place. They also want to ensure that they are reducing (not increasing) their level of risk. And, of course, it has to be done securely.
Can all of this be done with cloud computing?
I would not joke about delaying that dude's copy of Zookeeper if it wasn't.
In all seriousness, yes it can and IBM has been helping customers do this for a while now. We've been successful with a large number of customers already and these new announcements build upon our previous success and really enforce our message: "Rethink IT. Reinvent Business."
IBM offers clients the freedom of choice to find solutions that meet their business requirements ranging from a portfolio of cloud solutions targeted directly at the enterprise to a choice of delivery models (public, private and hybrid) as well as expertise and service management capabilities.
There are a number of announcements in this launch across every brand in IBM (all of which are on the website).
For this blog post, I'm going to focus on IBM SmartCloud Foundation.
IBM SmartCloud Foundation
There's a full press release on this, but basically the SmartCloud Foundation family of private cloud solutions help companies quickly design and deploy private cloud environments with a new level of control over cloud service delivery and management.
As organizations take the next step beyond virtualized data center and begin to expand their cloud environments, they are concerned with managing what has become known as "image sprawl."
The SmartCloud Foundation portfolio contains these offerings:
A new cloud ‘starter kit’ - IBM SmartCloud Entry is prepackaged, private-cloud software that provides simplified cloud administration, standardization of virtual machines and improved operations productivity with an easy-to-use, self-service interface (highly optimized for IBM Power and System x hardware).
A new powerful provisioning engine and image management system – At the heart of cloud computing is the ability to dynamically create or "provision" virtual machines. Called IBM SmartCloud Provisioning, the software can create hundreds of virtual machines in less than a minutes and scale to more than 4,000 virtual machines in less than an hour.
New cloud-based monitoring software – IBM has applied its industry-leading monitoring expertise to create cloud-specific software called IBM SmartCloud Monitoring. It provides greater visibility into the performance of virtual and physical environments: storage, network and server resources.
Just a few kilometres from where I live
there is a great spot for walking – with or without a dog. It is quiet and
traffic free, with spectacular view across the countryside. The grand
perspective across surrounding countryside was likely more appreciated in
earlier days; it is the site of a 2500 year old hill fort with the
earthworks still very obvious and impressive despite being worn down by the
One of the things I love most about the
site is how very little we really know for sure about it, the people who built
it and how people actually lived there. There is a goodly amount that can be
inferred from what is left, but when walking around it you do feel that we can
only know a little, presume a bit more, guess a good chunk and – importantly –
accept that there is much we do not know and will never know.
It seems to me that this acceptance of what
we do not know, and more importantly what we cannot know, is a hard thing to do,
and one we as a society are getting rapidly worse and worse at. Maybe we expect
too much? Certainly if we were to take too seriously some of the criminal
investigation TV programmes we see we would believe we can know everything –
where a small nick in a 10 year old bone can lead to complete diagnosis, arrest
and conviction in a single 45 minute episode.
Of course, real life is rarely like TV, but
there does seem an increasing belief that we can know everything, which I
doubt is justified by any kind of objective assessment of our own lives. It is
almost as if we believe that we can find out anything we want – or that we can
ask an expert who will simply tell us what we need to know. In fact there are –
even now –many things we do not know, and will never know. That is true in most
aspects of life – from what our children get up to through to configuration
management – the trick perhaps is to accept that and make the best use of what
we can know. That includes realising that what we do think we know may not be
100% accurate – but that is it still useful all the same.
Way back last century, I studied Physics at
University. Well, I was supposed to
be studying Physics, I certainly recall making TV programmes and being in the
bar – somehow my memory can’t have stored all the time I spent studying.
But one thing I do recall was that in the
lab work the answer ALWAYS had to be expressed in terms of the uncertainly –
the temperature of the liquid under examination was not 23 degrees – it was
something like 23 º
± 2º. Being realistic about your accuracy was seen as a critical aspect of
And rightly so. It
is of critical importance, because if we just think that everything we know is an
absolute black and white fact – then we will make bad choices. Being aware of
the accuracy does – or certainly should – affect our decisions. If you want a
common example of where we get it wrong then think about some of the customer
satisfaction surveys you may have seen in your time. Even a good customer
survey will show only a good indication of opinion, attitude and desires. It
will never be totally accurate but it can be useful – especially in terms of
availability is about averages, happenstance and luck – so a 99% availability
does not necessarily mean 99% customer service delivery – because you don't
know when that bad 1% will happen – and so don’t know what affect it might
have. Is it going to be peak period or quiet time? But it can help us decide how
to build and manage systems – and lead us into sensible risk/benefit decisions.
In fact getting on and using the data you do have might be a good mantra? All
too often we seem to seek data for its own sake rather than because we see a
need for it.
Those people who built that hill fort 2500
years ago certainly knew a lot less facts and data than we do. But they knew
what they needed to know to do a good job and made great use of what they did
know. Hopefully we can use the knowledge and data that we have without being
distracted by trying to get even more? And then maybe our constructions will
also still look good in 2500 years.
Maybe you can spot some places where you
are spending time, money and worry tying to get ever more precise data that you
don’t really expect to use. Or more likely you can see where – or your
management – take as absolute data that you know is actually just an estimate
within a significant range of values?
Today's post comes from Vikash Abraham, Market Manager, IBM Security.
Virtualization has proven its business worth as a technology, however there is still limited understanding about how to secure it. To many, the question still remains - why do virtual environments need separate security when we have already secured the physical environment i.e. physical servers and the network in a data center. To answer this, it is essential to understand that the virtual environment creates a totally new layer above the physical server, which in turn, acts like a mini data center with all the complexities of multiple virtual machines, hypervisors, virtual networks and virtual appliances. The biggest risk that comes with a virtualized environment is the lack of visibility into it. Thus even if the environment is being attacked it isn’t necessary that the administrators are aware of it. Hackers are also excited with the hope of unveiling a set of new vulnerabilities that this environment could come with.
Having realized this risk of vulnerability and possible loss of millions-worth of data, the PCI Security Standard Council has come up with compliance guidelines for virtual environments. In June 2011, PCI group released ‘PCI DSS Virtualization Guidelines’ that broadly describes aspects that need to be considered while securing a virtual cardholder data environment. The guidelines consider the new entities that pop up with virtualization, such as Hypervisors, Virtual Machines, Virtual Appliances, Virtual Switches or Routers, Virtual Applications & Desktops and provide the virtualization considerations across the 12 PCI DSS requirements.
It is clear that a new approach to security is required, with concepts like ‘secure by design’ making further sense in this multilayered environment. Also, a specialized security solution would be needed to provide visibility, control and proactive protection. The solution needs to protect all entities of the virtual environment and monitor data that is being shared between these entities.
While securing virtual environments, the physical components of the data center should not be ignored. These physical components should continue to be secured as it would have been prior to virtualization. The PCI guideline points out that to ensure total security, the entire infrastructure hierarchy needs to be secured. This means that even if only one Virtual Machine (VM) is carrying cardholder data, both the hypervisor and the physical server need to be secured. Since the VM sits on the hypervisor and the physical server, a compromise to either of them can lead to the VM getting compromised.
Also with the increasing buzz around Cloud computing and Cloud-based service offerings, there would be further security requirements and considerations that need to be implemented to create a secure Cloud based cardholder data environment. However, if Cloud is considered as the next level of virtualization, the additional security required would be on top of the current virtualization considerations.
An enterprise would one day need to move on to the virtualized environment, considering the pressure to carry out continuous optimization and increase utilization. This would also mean that the ever growing cardholder data would need to move into this environment. The current deterrents that hinder this move are the lack of understanding of the environment and its security requirements to achieve a PCI compliant datacenter. However, sooner or later, the compelling business advantage of virtualization would push a CIO to take that leap.
Good news from the Application Portfolio Monitoring (APM) team.
The 2011 Gartner Magic Quadrant for Application Performance Monitoring (APM) has been released, Gartner has identified IBM as a leader.
I think I speak for everyone at IBM when I say, "W00T!" (which is leet, for "awesome!")
Talking to customers, this is no surprise. The APM portfolio is a "fan favorite" among companies worldwide and IBM is delivering solutions built on innovative technologies that provide superior value for our customers and their business.
For folks familiar with our APM portfolio and for new readers (welcome), I recommend getting your hands on a copy of the Garnter Magic Quadrant for APM and see what they have to say.
Next, there a number of useful pages about IBM Tivoli monitoring solutions on ibm.com.
And, of course, contact your IBM sales rep or one of our Business Partners using the Business Partner Locator website to talk about the Magic Quadrant and how the product portfolio can meet your business needs.
In the comments section below, please feel free to talk about the APM portfolio and how you are using the products in the portfolio.
I am going to tell you a story, and the truth is it's probably pretty familiar to you already.
Here goes: in today's competitive market, your services are what make your organization innovative. They are what set you apart from your competition.
They are what have taken your IT from being seen as a "cost center" to playing a role as one of the most crucial parts of your organization's success (or failure).
The services you provide are what make your organization innovative. Failure on the part of IT can mean failure for everyone.
(No pressure. Am I right?)
By definition, a competitive market is one that is in constant states of change. New customer demands. Competitive maneuvers. New service offerings. Industry or government regulations.
Speed is of the essence. But, of course there's the need to ensure that everything stays within the governance you've put in place, your security policies and of course you're trying to be as risk adverse as possible.
Doing all of this while navigating the complexity of your IT.
(Like I said. No pressure.)
This is the story you already are pretty familiar with. So now, let's talk about what we do about this.
Today, Tivoli along with Rational and WebSphere are a part of a larger IBM Software Group launch around Business Agility.
There are a number of announcements around Business Agility - about providing you with "business agility levers" that assist with combinations of technology capabilities that accelerate the path to agility with reduced cost and greater efficiency.
This is the start of a series of blogs where we'll be discussing a number of the business agility levers. Today, I'm going to talk about one; Predictive Business Service Management. My next blog will focus on Collaborative Development & Operations.
Predictive Business Service Management
With Business Service Management solutions from IBM, organizations are able to put services in the proper business context so that both IT and the business teams can accurately see the complex relationships their services and supporting technology infrastructure have with each other.
On Tuesday, IBM announced a new version of the Tivoli Business Service Manager solution. Key to this new version (Announcement 211-444) are role-based dashboards with easy self-service, drag & drop capabilities to customize a user’s visibility into key service health indicators, KPIs, and business or IT detail required for their role or tackling a current issue.
That level of "Visibility" can be taken to a new level when organizations leverage Predictive Analytics.
Business service disruptions and outages cost organizations millions of dollars per year. Even with existing investments in infrastructure monitoring and performance management solutions, organizations are often unaware of an impending service issue…until it is too late.
Predictive Business Service Management identifies performance issues in an organization's IT and network infrastructure prior to these costly service disruptions or outages. With this type of early warning system, detection is done early enough that mitigating steps can be taken to stop the issue from ever negatively impacting critical application or business services. Put simply: it finds problems before the organization knows to look for them.
Also on Tuesday, IBM previewed a new solution for predictive business service management that will address predictive business service management (Announcement 211-468).
For more information around everything that is happening around the Business Agility launch contact your IBM sales rep or one of our Business Partners using the Business Partner Locator website.
Also, we're doing something a bit new with this announcement. The IBM Software Group Blog, Impact Blog, Rational Blog and this blog are all telling the story together. You'll be able to click across the different blogs and get more information about all aspects of this launch.
Today's post comes from Anne Lescher, Product Marketing Manager, IBM Security.
Many enterprises run their mission critical application workloads on their mainframe systems. They would like to centralize their application security controls, security policy enforcement, data protection, auditing reporting and compliance management for a consolidated view of security. They are looking for smarter security intelligence that will help them leverage the mainframe as their enterprise security hub.
IBM Security zSecure suite V1.13 consists of multiple individual components designed to help you administer your mainframe security server, monitor for threats, enforce policy compliance, audit usage and configurations, and assist in compliance management and audit reporting.
• IBM Security zSecure Admin, Visual, and CICS Toolkit provide administrative, provisioning, and management components that can significantly reduce administration time, effort, and costs, and help improve productivity and response time, as well as help reduce training time for new administrators.
• IBM Security zSecure Audit, Alert, and Command Verifier provide security policy enforcement, audit, monitoring and compliance management components. These offerings help ease the burden of compliance audits, can improve security and incident handling, and can increase overall operational effectiveness.
New Security zSecure suite V1.13 capabilities offer enhancements for DB2, CICS, and IMS application security auditing that:
• Automates security analysis of CICS and IMS transactions and programs
• Provides automated determination of which System Authorization Facility (SAF) classes are being used by each active IBM DB2, IBM CICS, or IBM IMS subsystem
• Enhances Access Monitor and allows you to improve data consolidation
• Allows annotating userid displays with data from external human resource files such as department and employee number
• Adds globalization enhancements to support international language support and auditing
• Allows addition of your own sensitivity classification, audit concern, and priority to data set names and general resources
• Supports currency with z/OS V1R13, ACF2 R14 and R15, CICS V4R2, and Top Secret R12, R14, and R15
• Extends integration with Communications Server and provides various interface improvements
Today's post comes from Anne Lescher, Product Marketing Manager, IBM Security Solutions.
As the mainframe continues to extend support for
consolidated workloads on System z, enterprises should strongly consider
utilizing the mainframe as their enterprise data and security hub. Mainframes are uniquely able to protect
information with a rich collection of encryption capabilities that includes
self-encrypting tape and disk storage for data at rest, in addition to robust
access controls, file level encryption, database encryption, and communication
encryption protocols. Now with the mainframe’s ability to support virtual
workloads, organizations can create cloud environments with protected data
available for shared innovative collaborative ventures.
Encryption is the ultimate solution for protecting sensitive
data. But many practitioners are reluctant to utilize encryption due to
concerns of performance overhead, disruption to their operations and changes
required in their applications, and encryption key management complexity. But
the biggest fear of all is losing all access to encrypted data if the
encryption key is ever lost or forgotten.
In most cases, organizations have less and less choice over
when and how to encrypt information as more and more industries and governments
enact legislation and standards that mandate the use of encryption.
industry via HIPAA HITECH in the US protects sensitive patient
transactions mandate encrypted payment card information with PCI-DSS
financial information must be protected as regulated by SOX, GLBA, etc.
notification regulations include 45 US
states, national laws protecting
their citizens data such as in Italy, the recent rules
changes for the EU Directive on Privacy and Electronic Communications,
So a superior encryption key lifecycle management solution
is essential in order to implement the best end-to-end security which protects
enterprise mission critical data and sensitive personal information.This solution should include standards based
key management and help:
Centralize and automate encryption key management process
Work with hardware based encryption built into a
variety of IT components like self encrypting tape and disk drive
Reduce the number of encryption keys to be
managed through techniques like key wrapping of unique keys per device
Simplify encryption key management with an
intuitive user interface for configuration and management
Maintain performance by using hardware
acceleration and not slowing down data access paths
Facilitate compliance management of regulatory
standards with proof of encryption for safe harbor from disclosure requirements
Leverage open standards like the OASIS standard
Key Management Interoperability Protocol (KMIP) to give the choice of best of
breed components and facilitate vendor interoperability
Operate transparently without requiring code
IBM Security Key Lifecycle Manager for z/OS allows enterprises to fully exploit the security strengths of their mainframes to act as both an enterprise data hub and an enterprise security hub for the consolidated workloads that run on the newest System z platforms.
For more information, you can visit us online here.