So on taking orders and delivery, the food industry has got it pretty much right, but so have several others. Think Retail – where prices of products are clearly marked, product features described etc.

This is a real problem and that’s where an IT Service Catalog can show the most value. Make IT visible! Communicate! Deal with the perceptions! All great statements that echo through the Service Catalog.

From ITIL V2 where we had the concept of a static Service Catalog to the present V3 days where Service Catalogs are dynamic and real, the industry is connecting the dots and moving forward.

But then think again. The price that a fast food chain provides on its menu is the result of a careful understanding of the complexity of operations and the real costs that go into the delivery. Yes the complexity is hidden from you as a customer, but how does IT address that complexity and the costs associated with its operations. Where does one start?.

Utility consumers can subscribe to services – eg for residential power or power for businesses so can one do that for IT Services?

What about “make your own Service menu” like “make your own pasta”! Is there flexibility within IT Services to accomplish this?

Overall, as we have seen through our engagements, dealing with the IT Service Catalog Strategy is critical. What works for one organization may not really work for the other. But don’t forget the execution. That’s what will enable companies to run IT as a business. And make IT Services visible!

So is your organization ready for an IT Burger?

Apparently a lot of people and from all over the globe. And they are not your customers. Today’s conviction of 11 persons for the one of the largest ever data breach in terms of records is an indicator of this. What’s so interesting about this? Here are some facts:

This is not the plot of a technology thriller but a reality and a costly one too. It cost at least one vendor TJ Max 60 Million USD.

The spread of internet is not without these undesirable consequences. First, low resistance from the target, chances of higher yield, better and farther reach with low skill base and ease of covering your real identity in case of detection are some factors which are attracting a large set of people across the globe to try their luck on your data. Secondly a number of countries have inadequate cyber laws which make it easier to hide and sell the data online.

Add these two and you have a big collaborative internet community waiting for you to loose your oversight and make a fast buck out of it. The bad part is with low entry barriers this community will keep growing and you can’t help it. The good part is, if you have robust set of controls you are not worth spending more time on and they will move on to the target which offers lesser resistance. In other words your effective controls will make you unattractive for large set of these people who are scouting the internet for what they see as a low hanging fruit!

So if you are managing your controls effectively you may be doing better then you believe. You may not be aware but every time a news like this is public, the chances that your organization was the one where it was attempted (unsuccessfully) before the victim are real. There are lots of people around the world who are interested in the data you are trying to secure!

I have always found the term Software License Management to be quite ambiguous with regard to the features of the tools available in the market for this.  Some vendors offer very exciting features like license harvesting, and consequently cost savings. However, in the last two asset management tool implementation projects I handled for clients, Software License Management was nothing more than maintaining the records of all the software licenses of the organization in a central Asset Management tool. In one case, we integrated this with the procurement tool so as to get the financial information directly into the Asset management system. Is that all?

1. Software license inventory management - Keep a record of the Software licenses purchased by the organization with attributes like Vendor name, number of licenses, support contract etc.

2. Software license compliance tracking - Keep a check on how many instances of a software is installed across the organization and whether it is matching with the license agreement with the vendor.

3. Software metering and license harvesting - Meter the usage of the application throughout the organization, analyze the sparingly used (or unused) instances of a particular software and reuse them elsewhere.

Preferably, these functionalities should be implemented in this order to achieve complete Software License Management. Some questions to be asked before implementation:

• Which licenses are to be tracked?
• What are the licensing models (per copy, per user etc.)?
• Should we track number of instances or the actual usage of software?
• How much will it cost to track (tools and implementation effort)?

We will look at these three functionalities in detail and understand what tools are needed for implementing them, in my next post.

In the section "Managing the Money Pit", Carr talks about how the basic assumption of IT spends going down - and not up - is becoming a reality. Nothing earth-shattering there, but a simple reminder to all of us ITSM practitioners and consultants on the need to constantly sweat our ITSM investments. And where better to start than your existing ITSM tools.

In that context, I would like to introduce Yesudas Jayson Kurisinkal.

Over to you Jayson.

With the introduction of the Configuration Management System (CMS) in ITIL V3, is it time for organizations to revisit their implementation strategy? Can an organization really hope to deploy and manage a CMDB / CMS? And what does a CMDB / CMS look like - a monolithic database or an integrated multiple federated solution?

Here's introducing Gaurav Dutt Uniyal.

Some kind of dependency on one person is a way of life in most IT departments in small and mid size organizations and its not uncommon even in large organizations. We are all used to that ‘wizard’ in IT department who knows those key systems like no one does and who can do everything. Every once in a while these guys turn rogue and we start debating how imperative it is to be not dependent on one person but do we ever try going beyond this reasoning!

So what are we looking at here. Is it too much dependency on one person that was the cause? Yes and No. Apart from dependency on one person, which certainly played a part, what I am looking at is a blatant circumvention of processes/best practices and a lack of management oversight to prevent that abuse. It’s not difficult to deduce here that simple controls over access and change management are either not in place or were overlooked completely by the staff and management in IT. Had they been in place, had a proper backup was mandatory before configurations can be changed, had a proper permission required to change admin access and privileges, had a proactive monitoring for rogue devices is in place, a lot of it could either be prevented or discovered before it assumed this grave shape.

The fact that these instances are few and far between is not assuring enough. First a lot of them actually go unreported. Secondly various studies including Verizon 2008 data breach report and Information weeks 2008 strategic security study  have made it clear that insiders have potential to do a lot more damage then outsiders due to the inherent trust placed in them. If insider is in privileged position like these and you have no processes to mitigate the risks then you may be  sitting on a ticking bomb. So before you beef technology and start relying on few people to manage it ensure that you have processes in place to manage the risks from them.

Having dependency on one person or a set of persons is a reality many  IT departments have to live with due to limited resources but does having some process in place to reduce the avenues of exploitation/risk really too much to ask for? Alas, we always learn it the hard way.

As we saw our turbaned colleague tethered with the fragile rope struggling to breathe and sweating profusely we were excited and thrilled, not because of the moment of doubt but on the heights he had already accomplished. We wanted him to succeed; we wanted him to ring the sound of bell at the mountain. We cheered him to continue the relentless pursuit to the top and when he made it we were all lifted to the high spirits.

At the fag ends of the Infosys Consulting N.A. rendezvous, as I saw the bodies of top brains overcoming their limitation and climbing rocks, my mind echoed the thoughts of Og Mandino ( Author and Speaker)

"Failure will never overtake me if my determination to succeed is strong enough."

What happens when top consulting brains come together?  Opportunities abound, sky is what we can do. Rewind a few months, there was some apprehension on the value of doing an all-hands meet, but I was overwhelmed by the enthusiasm of our group that put all doubts to sleep. There was a wave of exhilaration, an ocean of ideas in our 2 days meet.

Day 1

When the Infosys Leadership Institute (ILI) delivered the training program on Client Interfacing skills, all the consultants were jumping right into the thick of discussions. It is such an important area of a consultant life, that enough does not seem to be enough. The lessons on Probing Skills were very well received by the group and so was the exercise on practicing various types of questions. The Relationship Tracker is a good tool to track the client affinity for Infosys. The lesson on Polite Disagreement helped us frame our next client discussion for saying “No”.  My personal favorite is the instructor’s definition of a good client interaction that goes “It is a good interaction only when the Value is flowing in both directions”

 The 8 hours of training including the pizza lunch just flew away. We could have done for another 8 hours but for the promise of a beautiful evening at Malee’s.  As William Feather, Writer said it "Plenty of people miss their share of happiness, not because they never found it, but because they didn't stop to enjoy it.", our group made sure that they not only found their fun but also had enough of it. People were amused to see Bombay curry at the Thai restaurant. Time to booze and celebrate the bonding.

Next day started with an engrossing first half of active Business Presentation skills. It was impressive to see the creative spirits flowing when people were asked to present any topic of their interest. There was good feedback for individuals and that stays with us.

If that was not enough we had a session with Madhukar I B on future strategy and a follow up brain storming on our course of action followed by an evening of fun and excitement in the Rock Climbing. The famous part of the lunch was the compliment received by our principal Ram on his drop dead looks that made him an eligible bachelor.

To me the biggest take away of the meeting is that as a result of the all hands meeting our team members will be happier to pick up phone and talk to each other. This team spirit gives us the plank for future growth. I will leave you with another thought that epitomizes the experience –

"If you make the unconditional commitment to reach your most important goals, if the strength of your decision is sufficient, you will find the way and the power to achieve your goals." Robert Conklin Teacher, Author and Speaker

Together we surmount another rock!

So, to those still planning to go ahead with their ITIL V2 Service Manager exam, here's my compilation of nine tips to see you through. Let me know what you think.

Write, write, write
And I don't mean type Like most people in this industry, I had not written anything longer than my address since I left college. The V2 masters exam is a three hour written exam each for Service Support and Service Delivery. By the end of the first hour, my fingers and wrist were aching. The biggest trouble I faced was not what to write but getting my fingers and wrist to cooperate.

Which exam to take first?
Go for Service Delivery first. Why? Simple answer. Lesser number of chapters to read - five in Delivery as against six in Support (including Service Desk). Plus Delivery is more theoretical, so there are less chances of tricky questions  And, if you leave aside Availability Management, the Delivery processes are far shorter and less verbose than the Support processes.

Let me know what you think. And good luck.

The Data breach report 2008 from Verizon business risk team shares many useful results some of which are surprising, some commonly known and some encourage us to look at few old things in a new way. The report is debated widely among the IT security community since its release and I am picking few related results here which in my opinion give an insight on a key aspect of your IT controls eco-system:

While on my way to the airport, I noticed the fast growth taking place in and around the city in terms of the infrastructure, facilities and technology as well. With the new Bangalore International Airport located 40 miles away from city, my journey was a big long 2.5 hrs, cutting across the city gave me an opportunity to closely watch this change.

Soon I realized that in this agile environment, there is no place for slow movers. It applies to the organizations as well where all the initiatives, products and services have to be just in time, quick and at an accelerated speed. It is more prominent and prudent for IT organizations which are coping up with unprecedented pressure of being a cost effective, innovative, agile and customer focused service provider. In the course of meeting these business demands, IT organizations take on the IT Service Transformation journey.

The million dollar question in front of most of the IT organizations is: How can I accelerate my ITSM Transformation? Is there a packaged solution which helps expedite this journey and achieve the goals faster?

In this blog I wish to bring out this important aspect of ITSM transformation, where lack of a definitive approach and a comprehensive methodology makes these initiatives, out of sync, out of time and eventually out of market as well.

Please watch my next entry on this blog and post your comments..

Thanks

Shraddha Tilloo

Just three years ago, I remember even our consulting group had less than five women consultants. However, things have changed for the better now. That number today stands at a healthy 30%! One giant leap that. As one of the long-standing consultants within our group, Shraddha Tilloo should know all about the ups, downs and pressures that come along with the job of being a traveling consultant with a family.

On a personal front, she loves to travel across the world, understanding different people, cultures, preparing cuisines such as Thai, Greek & Mexican burritos. Needless to say Indian cuisine tops the list of her all time favourite cuisine. She is also a social entrepreneur of sorts and wants to create a difference in the world through e-education in remote villages.