ITIL is said to be the planet’s most widely adopted approach for IT service management. Originating as a set of books drawn up by the UK’s Office of Government Commerce to oversee ‘organisational effectiveness’, ITIL has always set out to provide qualitative and quantitative measurement of technology services provided at an infrastructural level.
But with cloud computing now shouldering the application and data storage needs of so many firm’s IT infrastructure, new questions are naturally thrown up. Has the ITIL standard outgrown its roots for the average company, so that now it should be applied to cloud hosting providers first and foremost? Should IT service providers still conform to ITIL and provide evidence that any cloud services they buy in also adhere to the same levels of functionality? Just where exactly do we start?
The official ITIL website defines its approach as, “A practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business.” But more than this, ITIL advocates that IT services should underpin core business processes to facilitate business change, transformation and growth. The problem today is, with this ‘underpinning power’ being increasingly supplied from the cloud, how do we now agree who owns the responsibility for ITIL compliancy?
Kevin Parker, VP and chief evangelist with application release management specialist Serena Software suggests that ITIL acts as a foundation for managing the delivery of services to end-users; and this is a situation that does not change if the services are delivered from the cloud, even if the customer sees less of the back-end infrastructure.
"For cloud service providers, there are two aspects here. Firstly at a basic level, following ITIL can help them be more efficient in delivering services to customers. Second and more crucially, the question arises as to whether they choose to use ITIL as a marketing tool; branding their services as compliant with ITIL best practices to demonstrate to customers that they are efficient organisations that can help meet their needs, says Parker. " ITIL is widely known and understood in both the public and private sectors, so this step could help convince customers to move their applications over to the cloud," he adds.
The problem it seems is that despite its worthiness, ITIL has been tarred with the slow moving brush of public sector IT lethargy. As the ‘Old Faithful’ of ITSM (IT Service Management) best practice, ITIL has traditionally been slow to react to new developments in IT including the consumerisation of technology, social media, mobile working and, of course, the cloud. Without being too non-specific, modernising our perception of and adherence to ITIL all round is clearly the answer here.
Shifting responsibilities
Pat Bolger, a technology evangelist at ITSM specialist Hornbill, asserts that this is not merely a question of removing accountability for service management, but rather one of shifting and perhaps shared responsibility.
“Managed service providers, or indeed the parts of a business responsible for managing a private cloud, will still need to have thorough ITIL best practices in place, meaning that ITIL will be essential for them. Regardless, this doesn’t mean that an organisation that begins taking its services over to the cloud can simply ignore ITIL,” he says.
According to Bolger, delivery is not the only criterion for assessing IT services and points out that most organisations will not solely be using cloud.
He adds that as a result of this companies will still need to use ITIL for those services that have not been placed on the cloud. At the same time, for any services they are handing over they need to ensure they have rock-solid ITIL processes in place beforehand. This will help ensure that any cloud provider will have a blueprint for the processes involved.
"ITIL may struggle to keep pace with the speed of technological development but its principles are still sound. Essentially, any organisation using the cloud needs to ensure that ITSM best practice is followed both before and after they switch over,” says Bolger.
A question of policy
So it seems that ITIL should not be sent to the service management hospice just yet. But to avoid the onset of early geriatric frailty ITIL needs a place to live and it needs an owner and a master.
More specifically, regardless of whether infrastructure is owned, insourced, outsourced, on-shored, off-shored, hosted in a private, public or hybrid cloud, the core elements of ITIL still need to be applied, although the burning question is by whom?
This question can best be answered by establishing formal policies. But while no governing body will logically shoulder this responsibility, it may be down to the individual implementation of service level agreements to keep deployments in line.
“In a hosted cloud based service scenario, the owner of the application or service to be hosted would still need to ensure from an ITIL perspective that the right service level agreements (SLAs) were in place for incident and problem management to ensure their customers were satisfied when things go wrong. Then perhaps they wouldn’t need to worry about the capacity management aspect so much, as that could be up to the hosting provider to take care of,” says Pat Phillips, practice director at IT professional services specialist Xceed.
According to Phillips, when organisations are considering how best to architect their services, as part of the service design, they should also carefully overlay all the elements of ITIL methodology, decide on which ones apply to them and then who is best placed to apply them most cost effectively.
However, organisations need to be careful when delegating an element of ITIL to a third party cloud service provider that they aren’t unwittingly compromised. "From a process viewpoint, it is essential that appropriate approvals processes are in place to give them a veto for anything likely to adversely affect the service to their customers,” he adds.
It’s good to talk
In line with SLAs we find SLM, or Service Level Management to afford it its full moniker.
Tim Wilkinson, director at InTechnology says that the purpose of SLM is to ensure that all current and planned IT services are delivered to agreed and achievable targets. This is accomplished through a constant cycle of negotiating, agreeing, monitoring, reporting on and reviewing IT service targets and achievements and through instigation of actions to correct or improve the level of service delivered. Or to put it another way, it’s important to talk.
"SLM will be one of the main interfaces between the business (and its requirements) and the service provider to ensure that required service levels are attained. Cloud service providers will need to illustrate their adoption of ITIL guidelines and how SLM is effectively the hub for many of the other key processes within their ITIL framework – eg financial management, supplier management, information security management, incident management etc,” says Wilkinson.
So while ITIL appears to be far from redundant in the cloud computing model of service based IT delivery, it does perhaps need a to be given a new position in the technology food chain.
To throw out a service-centric infrastructural standard, established by government and now over a quarter of a century old, purely on the basis of cloud computing’s popularity would seem irrational. To fail to evolve such a standard with no appreciation for the web, connected business and the cloud, would surely be equally foolish.
