Doing IT Right

author-image
PCQ Bureau
New Update

The CIO or IT head today is caught in the middle of two extremes. On one
side, there's the burden of managing and maintaining an IT infrastructure and
its complexities. On the other are the users and the management who expect an
easy to use IT infrastructure that also helps with business growth. Both of
these are tough challenges, and can't be achieved without a strong vision.
After all, successful projects are the result of successful leadership, and in
order to be successful, you need well-defined objectives and a clear-cut
vision. 

In our survey this time, we started off by asking the respondents to define
what their vision was for their IT infrastructure. By and large, the responses
revolved around creating an IT infrastructure that helps meet business
objectives. It should help reduce the cost of doing business, enhance the
revenues, and enable better decision making, as one of the CIOs put it.
Availability was another key objective voiced by many respondents. Likewise,
scalability, keeping IT simple and user friendly were some of the other voices
we heard. The point is, only after a clear-cut vision has been defined can the
right set of practices be evolved. So what are these practices? This story
presents some of them based on our survey.

There's no single set of practices that can be considered as the ideal set.
It all depends upon what's top priority for your IT infrastructure, which in
turn depends upon the nature of business that your organization is into. Not
taking any names, we found that the CIO of an international hotel chain spent
more time optimizing the company's WAN links and managing the highly
distributed network than on other tasks. This is understandable considering that
the setup would be highly distributed across the globe. 

Some IT
Standards
ISO 27001: Information
security management specification that's a replacement for the BS7799-2
standard. It's meant to maintain, manage, and continuously improve a
company's information management system.

BS15000: IT Service Management
Standard, which is now called ISO 20000. It specifies a set of management
processes, and relies upon the IT Infrastructure Library Framework, or
ITIL.

COBIT: Control Objectives for
Information and related Technology. It was to ensure that organizations
remained compliant to govt. standards. Therefore, it actually defines the
exact way that data should be produced so that it can be traced back.

Handling user complaints was top priority for the IT head of a large FMCG
company. So the key is in understanding what's top priority for your IT
Infrastructure and then finding the right set of tools, people, and practices to
take care of it. Just as your body needs a variety of nutrients for staying
healthy, your IT infrastructure also requires a mix of elements to stay up and
running smoothly. Some of these include the right set of monitoring and
management tools, skilled and efficient manpower, top management buy-in, support
from colleagues and business unit heads, the right set of policies and
practices, and compliance to industry standards. There would be more depending
upon the nature of business that your organization is into, but the ones we've
mentioned are by and large applicable to just about every organization. All
these elements, combined with an overall vision, make up the recipe for a
healthy IT infrastructure. Let's look at these elements in more detail along
with responses from our survey.

Which tasks to spend time on?

There are so many critical elements on the network, which need to be constantly
monitored and managed for uptime. It's no longer as simple as monitoring the
health of a single or few core servers. The days of client/server computing,
where you had distinct servers for different tasks is now passé. In
client/server computing, even if a single server went down, it was still
manageable because it would only affect one function. Nowadays, there's a
great deal of interdependence amongst various elements of the IT infrastructure.
Your ERP solution, for instance, might be running on a single server, but it
might also be using the services of a database server, a web server, a separate
storage device or network, the communication links, network, and various other
services, depending upon the setup. So even if one of these were to go down due
to some reason, it would affect the whole setup.

So which of these elements should you spend most of your time on? In our
survey, most respondents said they spent most of their time on combating
security threats and network management. Both of these were on top of their
minds. Some of the solutions offered to address the security issue were to keep
a close and constant watch on new vulnerabilities and patch releases. More
importantly, these patches should be properly tested and timely deployed.

View Point:
Head IT, A large manufacturing house
You've mentioned that you
spend your maximum time on combating security threats as opposed to other
management tasks. However, you've not mentioned how you're addressing this
concern. Can you tell us why is this your organization's biggest concern,
and how are you addressing it?


At present the security threat is from Viruses. Ours is a multi-location
setup, with 20 branches. Even though we have addressed the anti-virus
issue, we don't yet have a cost effective solution that can be rolled
out and managed by the local office where we don't have IT support
staff. The "central" solutions are more dependent on Internet
connectivity for roll out, whose quality is improving NOW. Hence we
propose to use that route and close the issue coupled with a better
service contract with our service vendor.

What should be the role of top
management with respect to corporate IT policies?


Top management support is required during implementation and rollouts.

How frequently do you do technology
upgradations? Does it serve to keep your team motivated?


Till two years ago, the frequency of upgradations in our company was
rather less. We now have yearly reviews of technology and take corrective
actions immediately. In IT, working on the latest technology matters a lot
to the team. It we can't satisfy this need and give it to them, it
results in attrition and reduced productivity. That apart, it's also
essential for the company to upgrade and be on top, rather than work with
old technology and incur higher costs in maintaining the same.

Application performance management followed this as the second most time
consuming task, and WAN links optimization was the third most time consuming.
Very few of the respondents spent time on tasks like hardware maintenance and
management, managing the growing volume of storage, managing servers, and even
handling user complaints. It seems these are no longer critical tasks for an IT
head to look into. It's also possible that there are ample tools available for
automating and managing these tasks? We tried to figure that out from another
question on which management tools were our CIOs and IT managers using.

Which tools to use?

With so many different elements in the IT infrastructure, you need a multitude
of tools to monitor and manage it as well. Interestingly, more than 80% of our
respondents were using helpdesk management tools, and around 69% were using
bandwidth monitoring and management tools. We also checked whether the
respondents were using any tools to help them handle the management tasks they
spent most of their time on. Interestingly, there wasn't a one to one mapping.
To be more specific, of the people who said their number one priority was
hardware maintenance and management, nobody was actually using any hardware
inventory management or asset-tracking tool for the job. Of the people who spent
most of their time doing network management, only 50% were actually using a
network discovery and management solution. Likewise, of the IT managers whose
number one concern was application performance management, 60% weren't using
any application performance monitoring tools. This could very well be the reason
for their woes.

On the other hand, there were also tasks that were not top priority, and were
being handled by management tools. For instance, none of the respondents raised
storage management as a key concern, even though about 25% of them were using
storage resource management solutions.

Corporate IT Policies

Technology and tools aren't the only critical elements for managing the IT
infrastructure. Corporate IT policies are equally essential. In general, most of
the respondents were fairly satisfied with their corporate IT policies, but
there were a third of the respondents who were not really satisfied and would
have liked them to be better. Of the respondents who were moderately satisfied
with their corporate IT policies, most were also not too happy about the level
of involvement from their top management in drafting IT policies.

View Point:
Abhay Goyal, Associate Director Information Systems, MindTree Consulting
Please tell about life
before and after you started using a helpdesk management system


The helpdesk management tool helped us in tracking the volume and nature
of calls and their closures. Call analysis details have not only helped us
in sizing the team and resources, but also helped us reduce the number of
calls by solving the back-end system (based on nature of calls).

The system provides better SLA and user
experience as users can track the progress. We have built a system wherein
users can reopen the call and even rate the performance.

Life without a Helpdesk system was more
ad-hoc.

It's imperative for an enterprise to
have Corporate IT policies, but more important is the need to ensure that
they get enforced. Tell us some of the practices to follow for enforcing
corporate IT policies?

These policies are better complied with by enforcing those using
systems and tools.

Few examples can be central policies for
Password/Account Lockout, System lock out, use of Web filter to control
Internet traffic, use of mail filters to filter specific attachments.

How do you ensure that your IT team
resolves a user's problem? What measures are taken if a problem is not
addressed?

We have built an escalation mechanism wherein users can escalate their
problems to higher levels in case of non-closure or non-satisfactory
closure.

Users can also reopen their calls if the
problem reoccurs. We have a SLA against reopening.

Hence the engineer needs to ensure that
he or she provides complete resolution to the problem before the call gets
closed.

We also tried to analyze the level of involvement from the top management as
well as business unit heads in helping the IT team in enforcing corporate IT
policies. Our results revealed that there was a similarity in the thought
process of both. It's important to keep that in mind when enforcing IT
policies. You might have a similar pattern in your organization.

Drafting and enforcing policies is definitely an area where buy-in from the
top management and LoB managers is necessary. Even though they would not have a
high degree of understanding of technology, they would help you get the buy-in
from your users for using technology.

Not only that, but the responsibility of studying the feasibility of new IT
projects also requires the support of business unit heads. This is essential for
ensuring that IT is aligned with the business needs. Around 69% of the
respondents we surveyed said they had a committee comprising of the IT
department and business unit heads, which decides on new IT projects. While this
is a majority figure, it's also alarming to note that a third of the
respondents did not involve the business unit heads in studying the feasibility
of IT projects.

Compliance to industry standards

A lot of questions are often raised regarding adherence to compliance standards.
Should your IT infrastructure be compliant? If so, then what standards should be
followed? We asked questions related to compliance in our survey, and found that
69% of the respondents felt that it was very critical. More than 80% of the
respondents were following some national or international compliance standards.
Surprisingly, a fourth of the respondents were already compliant with the BS7799
standard for information security. Other standards being followed by some of the
respondents were ISO 27001, BS15000, ISO 9001, TS16946, and COBIT.

A majority of the respondents said that the CIO/IT head of the organization
was responsible for ensuring adherence to compliance standards. Only a fourth of
the respondents had a dedicated compliance officer.

The right manpower

Such a complex IT infrastructure, so many management tasks, and tons of
different tools to manage....how do you manage all this? It's not possible
without a proper IT team in place. You need the right skill sets to handle all
the resources. This is a challenge in itself because people with good skill sets
are difficult to find. Moreover, even if you find them, it's a challenge to
retain them, due to numerous reasons.

One, the IT infrastructure is not something you would keep playing around
with every day, so the challenge is primarily in building it. Once it's been
built, what remains is monitoring and management, which is a fairly mundane and
routine task. It can, therefore, become difficult to retain manpower for doing
this kind of task on a routine basis. As a result, what's needed is some
policies/practices/processes that would retain them. This could be motivational
exercises and re-skilling through proper training.

View Point:
Sunil Kapoor, Head IT, Fortis Healthcare
As an IT head, what's the
prime objective you've set forth for yourself for your IT
infrastructure? What's your vision?


To understand, define and create an agreement on the deliverables at the
start itself-not only with your suppliers but more so with your
customers. This is one key success factor and a differentiator between
success and failure of any project.

Do you treat your IT infrastructure as
a project?


The way I see it, IT infrastructure has everything to do with IT -be it
software or hardware or LAN or WAN. Ultimately, there are customers
(users) who use all of it to do their day-to- day activities. If you see
from the customers perspective, he wants a function/solution/ process to
happen from his desktop and we have to provide for it. He does not care if
the LAN was down or a printer is under repair. Hence, the expectations
(delivery) of the user must be defined and agreed upon. In fact that
should be the starting point and ending point of any project. Ending is in
terms of reviewing the completion of the project.

It's imperative to have corporate IT
policies, but even more important to ensure that they're enforced. What
should be the role of top management as well as individual business unit
heads in helping to enforce corporate IT policies?


The CIO can put up the policies and act as a facilitator for creating and
defining them. However, the compliance and enforcing of those policies
sits within the domain of the HR and the individual operating heads.

The CIO can't ensure compliance at the user level. To take a small
example, suppose a user feels that he/she has the right to access personal
email or chat on the corporate network because he's spending most of
his/her time there. He says he needs these facilities. In such a
situation, according to the policy, the IT department can block chat,
Hotmail, etc. However the decision on whether to block it or not is with
the HR and individual business unit heads. Such situations go beyond the
ambit of IT policies and into the area of discipline, ethics, overall
company culture, etc. So the HR, business unit heads, and the CIO should
play an equal role in enforcing IT policies.

Top management involvement is not
necessary in compliance, but their guidance is definitely required during
the formation and drafting of IT policies.

What factors should be taken into
account when outsourcing the management of a part of the IT
infrastructure?


The basic point is that the level of service being delivered to the
desktops is a challenge most CIOs around the world toil with today.

There's always a gap between the
service that's delivered and what the users expected. But the moment an
outside party comes in and does it, the perception changes and becomes
more positive.

Besides that, the trouble with an inhouse
IT team is that the younger ones are always looking for setups with better
technology and companies that offer better compensation. It's therefore
very difficult to retain them. Giving it to an external agency is
beneficial in this case because even if one engineer leaves, the agency
will put in another one from its pool.

Currently, we've followed a model
wherein we've outsourced certain areas as proof of concept to see how
things work out.

The core parts of our IT infrastructure
however, such as managing the HIS, formation of policies, IT strategies,
etc still remains an in-house function.

How are you addressing your primary
concern of application performance management?


We're evaluating different tools on the ERP front for this.

Interestingly, the biggest concern raised by our respondents with respect to
their IT teams was not finding or retaining the right manpower, but rather
updating their skills on a regular basis. Everything else was secondary. One of
the reasons for this could be the growing IT services market, wherein you can
outsource a host of your IT functions. That's why the data on the team
structures our respondents had was also very interesting.

A good 50% of the respondents had an equal mix of inhouse as well as
outsourced members in their IT teams for the job. Nearly 37% were happy having
their own inhouse teams and the rest worked completely on the outsourced model.
Two key reasons emerged for a completely outsourced IT management. One was to
focus on the core competencies and leave the rest for an external agency to
manage; second was affordability.

Having an outsourced team was more cost effective than maintaining an inhouse
team. Those who had their own inhouse teams chose this path because it gave them
the flexibility and control they needed of their IT infrastructure. Some
respondents also had an inhouse team due to confidentiality of information.

The reasons for having an equal mix of inhouse and outsourced were need
based. Where business knowledge and domains specific expertise was required,
in-house staff was kept. Non-core functions such as helpdesk management were
outsourced. Yet others had their IT infrastructure so distributed that an
inhouse model would have proven ineffective.

Stay connected with us through our social media channels for the latest updates and news!

Follow us: