Like kids in a candy store

The evolution of IT has seen CIOs elevated beyond the nuts and bolts to take up a bird's eye view position that demands a new mindset and skills.

By Johann Barnard
Johannesburg, 01 Apr 2014
Ilse Rossouw, Quintica, says CIOs may have all the necessary ITIL processes, but the issues are accountability and managing new processes and technologies.
Ilse Rossouw, Quintica, says CIOs may have all the necessary ITIL processes, but the issues are accountability and managing new processes and technologies.

CIOs can't be blamed for feeling like kids in a candy store when shopping around for the right provider to help with the delivery of IT services to their organisations. The prominence of IT service management (ITSM) being delivered from the cloud, however, is like the proverbial candy store offering liquorice of every description to a kid used to buying jelly beans.

The decision, therefore, extends beyond merely which of the sweets are going to taste the best or last the longest, and has to answer the crucial question: will this new novelty satisfy the same craving that the more familiar jelly beans are known to do?

Unfortunately for CIOs, making the wrong choice leaves more than a bad taste in the mouth. Not only is their reputation at stake, but the entire organisation can suffer unnecessary setbacks if expected services and standards aren't met.

The IT leadership team can thus be excused for shying away from a candy store offering sweets with unproven qualities, especially when they're shepherded in by their business units looking for a quick fix.

These satisfaction levels are analogous to the service level agreements that CIOs enter into with their third-party providers and which they commit to with their internal business units.

Ilze Rossouw, business transformation lead for ITSM at Quintica, suggests the changing role of the CIO demands a different approach to streamlining internal and external expectations.

An obscured view

One of the biggest challenges, she says, is that with CIOs increasingly operating at executive and board level, they don't always have a clear view of the operational level where decisions are being made. This has been exacerbated by the increasing tendency for business operations to demand services that aren't necessarily part of the IT roadmap.

"CIOs are struggling with the challenge of new technologies like cloud and they're trying to figure out how to incorporate these through the service management structures, and especially who is going to take responsibility for that," she says.

A solution that Quintica is proposing to its clients is to establish a service management office that can manage these risks and apply resource management to keep everything aligned. Such a structure would comprise the IT and business unit leadership to direct efforts and ensure they are implemented in line with IT rules as well as business needs.

"The CIOs may have all the necessary ITIL processes implemented, but the issues are accountability and managing the incorporation of new processes and technologies," she says.

When a business function like marketing utilises services from the cloud, bypassing the CIO, it creates governance and IT security problems.

Tapati Bandopadhyay, principal research analyst, Gartner

Tapati Bandopadhyay, principal research analyst in Gartner's ITSM group, says these pressures on CIOs will only grow stronger as their roles continue to be elevated to strategy and decision-making within the organisation.

Despite this changing role, she believes it's important for them to stay abreast of the operational challenges and demands from the business.

"When a business function like marketing utilises services from the cloud, bypassing the CIO, it creates governance and IT security problems," she says. "The way to do it is to work with the business functions to enable cloud services, but the governance function must be driven from the CIO's office. They need to know which function is using which cloud service, from where, and how. Otherwise the governance function becomes dysfunctional and the CIO has no visibility."

Rossouw adds that this lack of visibility is not only debilitating to the CIO and organisation, but has the added danger of sidelining the CIO from the role of directing IT policies and procedures.

"If you don't have this driven from the top, it's not going to get there," she says.


She relates how a client's creation of a service management office (SMO) has provided far clearer insight and oversight, helping the organisation combine its continuous service improvement framework with its service management system.

"What was provided was a full plan of how to manage this SMO and who is accountable so that the CIO is accountable for the plan and its implementation. This looks daunting initially, but CIOs actually do no more than they're doing already," Rossouw says.

This clearer path to the delivery of IT services across the organisation translates into clarity on the services and internal SLAs, while presenting a basis on which to negotiate agreements with outside providers. "Your contract must support your SLAs," Rossouw says.

She cautions that it's not uncommon for cloud providers to stipulate the terms of the SLAs, thereby becoming the manager of the service agreement by proxy. "They know the CIO doesn't really know what to negotiate for, so they end up having the final say."

Gartner's Bandopadhyay highlights that the question of cloud-provider SLAs is one IT executives have to pay special attention to.

"One area where cloud really hasn't matured to the expectation of CIOs or business users is that different cloud providers are in different stages of maturity in terms of SLAs," she says.

She cites the example of broad-based providers like Amazon and offering standardised SLAs that focus on the technical capabilities they offer. Rackspace, by contrast, speaks more to the enterprise-grade services that an organisation needs.

The implication is that the former may offer technically adequate service commitments, whereas an organisation's dynamic and specific enterprise needs would be better served by the latter.

The challenge for CIOs and enterprises is that they can't adopt a hit-and-miss approach. The kid entering the candy story may be able to convince the shopkeeper to let them have a taster, but entering into a service agreement is more complex and binding.

Clarity on where responsibilities lie and exactly what flavour the candy will produce is crucial.