PCQuest : Top Stories : Doing IT Right

Doing IT Right

What should you spend most of your time on? What management tools should you use? How frequently should you revisit your IT policies? These are a few questions we asked 16 key CIOs across the country to find out the practices they've adopted for a healthy IT infrastructure

Anil Chopra

Monday, August 14, 2006

The CIO or IT head today is caught in the middle of two extremes. On one side, there's the burden of managing and maintaining an IT infrastructure and its complexities. On the other are the users and the management who expect an easy to use IT infrastructure that also helps with business growth. Both of these are tough challenges, and can't be achieved without a strong vision. After all, successful projects are the result of successful leadership, and in order to be successful, you need well-defined objectives and a clear-cut vision.

In our survey this time, we started off by asking the respondents to define what their vision was for their IT infrastructure. By and large, the responses revolved around creating an IT infrastructure that helps meet business objectives. It should help reduce the cost of doing business, enhance the revenues, and enable better decision making, as one of the CIOs put it. Availability was another key objective voiced by many respondents. Likewise, scalability, keeping IT simple and user friendly were some of the other voices we heard. The point is, only after a clear-cut vision has been defined can the right set of practices be evolved. So what are these practices? This story presents some of them based on our survey.

There's no single set of practices that can be considered as the ideal set. It all depends upon what's top priority for your IT infrastructure, which in turn depends upon the nature of business that your organization is into. Not taking any names, we found that the CIO of an international hotel chain spent more time optimizing the company's WAN links and managing the highly distributed network than on other tasks. This is understandable considering that the setup would be highly distributed across the globe.

Some IT Standards

ISO 27001: Information security management specification that's a replacement for the BS7799-2 standard. It's meant to maintain, manage, and continuously improve a company's information management system.

BS15000: IT Service Management Standard, which is now called ISO 20000. It specifies a set of management processes, and relies upon the IT Infrastructure Library Framework, or ITIL.

COBIT: Control Objectives for Information and related Technology. It was to ensure that organizations remained compliant to govt. standards. Therefore, it actually defines the exact way that data should be produced so that it can be traced back.

Handling user complaints was top priority for the IT head of a large FMCG company. So the key is in understanding what's top priority for your IT Infrastructure and then finding the right set of tools, people, and practices to take care of it. Just as your body needs a variety of nutrients for staying healthy, your IT infrastructure also requires a mix of elements to stay up and running smoothly. Some of these include the right set of monitoring and management tools, skilled and efficient manpower, top management buy-in, support from colleagues and business unit heads, the right set of policies and practices, and compliance to industry standards. There would be more depending upon the nature of business that your organization is into, but the ones we've mentioned are by and large applicable to just about every organization. All these elements, combined with an overall vision, make up the recipe for a healthy IT infrastructure. Let's look at these elements in more detail along with responses from our survey.

Which tasks to spend time on?
There are so many critical elements on the network, which need to be constantly monitored and managed for uptime. It's no longer as simple as monitoring the health of a single or few core servers. The days of client/server computing, where you had distinct servers for different tasks is now passé. In client/server computing, even if a single server went down, it was still manageable because it would only affect one function. Nowadays, there's a great deal of interdependence amongst various elements of the IT infrastructure. Your ERP solution, for instance, might be running on a single server, but it might also be using the services of a database server, a web server, a separate storage device or network, the communication links, network, and various other services, depending upon the setup. So even if one of these were to go down due to some reason, it would affect the whole setup.

So which of these elements should you spend most of your time on? In our survey, most respondents said they spent most of their time on combating security threats and network management. Both of these were on top of their minds. Some of the solutions offered to address the security issue were to keep a close and constant watch on new vulnerabilities and patch releases. More importantly, these patches should be properly tested and timely deployed.

View Point: Head IT, A large manufacturing house

You've mentioned that you spend your maximum time on combating security threats as opposed to other management tasks. However, you've not mentioned how you're addressing this concern. Can you tell us why is this your organization's biggest concern, and how are you addressing it?
At present the security threat is from Viruses. Ours is a multi-location setup, with 20 branches. Even though we have addressed the anti-virus issue, we don't yet have a cost effective solution that can be rolled out and managed by the local office where we don't have IT support staff. The "central" solutions are more dependent on Internet connectivity for roll out, whose quality is improving NOW. Hence we propose to use that route and close the issue coupled with a better service contract with our service vendor.

What should be the role of top management with respect to corporate IT policies?
Top management support is required during implementation and rollouts.

How frequently do you do technology upgradations? Does it serve to keep your team motivated?
Till two years ago, the frequency of upgradations in our company was rather less. We now have yearly reviews of technology and take corrective actions immediately. In IT, working on the latest technology matters a lot to the team. It we can't satisfy this need and give it to them, it results in attrition and reduced productivity. That apart, it's also essential for the company to upgrade and be on top, rather than work with old technology and incur higher costs in maintaining the same.

Application performance management followed this as the second most time consuming task, and WAN links optimization was the third most time consuming. Very few of the respondents spent time on tasks like hardware maintenance and management, managing the growing volume of storage, managing servers, and even handling user complaints. It seems these are no longer critical tasks for an IT head to look into. It's also possible that there are ample tools available for automating and managing these tasks? We tried to figure that out from another question on which management tools were our CIOs and IT managers using.

Which tools to use?
With so many different elements in the IT infrastructure, you need a multitude of tools to monitor and manage it as well. Interestingly, more than 80% of our respondents were using helpdesk management tools, and around 69% were using bandwidth monitoring and management tools. We also checked whether the respondents were using any tools to help them handle the management tasks they spent most of their time on. Interestingly, there wasn't a one to one mapping. To be more specific, of the people who said their number one priority was hardware maintenance and management, nobody was actually using any hardware inventory management or asset-tracking tool for the job. Of the people who spent most of their time doing network management, only 50% were actually using a network discovery and management solution. Likewise, of the IT managers whose number one concern was application performance management, 60% weren't using any application performance monitoring tools. This could very well be the reason for their woes.

On the other hand, there were also tasks that were not top priority, and were being handled by management tools. For instance, none of the respondents raised storage management as a key concern, even though about 25% of them were using storage resource management solutions.

Corporate IT Policies
Technology and tools aren't the only critical elements for managing the IT infrastructure. Corporate IT policies are equally essential. In general, most of the respondents were fairly satisfied with their corporate IT policies, but there were a third of the respondents who were not really satisfied and would have liked them to be better. Of the respondents who were moderately satisfied with their corporate IT policies, most were also not too happy about the level of involvement from their top management in drafting IT policies.

View Point: Abhay Goyal, Associate Director Information Systems, MindTree Consulting

Please tell about life before and after you started using a helpdesk management system
The helpdesk management tool helped us in tracking the volume and nature of calls and their closures. Call analysis details have not only helped us in sizing the team and resources, but also helped us reduce the number of calls by solving the back-end system (based on nature of calls).

The system provides better SLA and user experience as users can track the progress. We have built a system wherein users can reopen the call and even rate the performance.

Life without a Helpdesk system was more ad-hoc.

It's imperative for an enterprise to have Corporate IT policies, but more important is the need to ensure that they get enforced. Tell us some of the practices to follow for enforcing corporate IT policies?
These policies are better complied with by enforcing those using systems and tools.

Few examples can be central policies for Password/Account Lockout, System lock out, use of Web filter to control Internet traffic, use of mail filters to filter specific attachments.

How do you ensure that your IT team resolves a user's problem? What measures are taken if a problem is not addressed?
We have built an escalation mechanism wherein users can escalate their problems to higher levels in case of non-closure or non-satisfactory closure.

Users can also reopen their calls if the problem reoccurs. We have a SLA against reopening.

Hence the engineer needs to ensure that he or she provides complete resolution to the problem before the call gets closed.

We also tried to analyze the level of involvement from the top management as well as business unit heads in helping the IT team in enforcing corporate IT policies. Our results revealed that there was a similarity in the thought process of both. It's important to keep that in mind when enforcing IT policies. You might have a similar pattern in your organization.

Drafting and enforcing policies is definitely an area where buy-in from the top management and LoB managers is necessary. Even though they would not have a high degree of understanding of technology, they would help you get the buy-in from your users for using technology.

Not only that, but the responsibility of studying the feasibility of new IT projects also requires the support of business unit heads. This is essential for ensuring that IT is aligned with the business needs. Around 69% of the respondents we surveyed said they had a committee comprising of the IT department and business unit heads, which decides on new IT projects. While this is a majority figure, it's also alarming to note that a third of the respondents did not involve the business unit heads in studying the feasibility of IT projects.

Compliance to industry standards
A lot of questions are often raised regarding adherence to compliance standards. Should your IT infrastructure be compliant? If so, then what standards should be followed? We asked questions related to compliance in our survey, and found that 69% of the respondents felt that it was very critical. More than 80% of the respondents were following some national or international compliance standards. Surprisingly, a fourth of the respondents were already compliant with the BS7799 standard for information security. Other standards being followed by some of the respondents were ISO 27001, BS15000, ISO 9001, TS16946, and COBIT.

A majority of the respondents said that the CIO/IT head of the organization was responsible for ensuring adherence to compliance standards. Only a fourth of the respondents had a dedicated compliance officer.

The right manpower
Such a complex IT infrastructure, so many management tasks, and tons of different tools to manage....how do you manage all this? It's not possible without a proper IT team in place. You need the right skill sets to handle all the resources. This is a challenge in itself because people with good skill sets are difficult to find. Moreover, even if you find them, it's a challenge to retain them, due to numerous reasons.

One, the IT infrastructure is not something you would keep playing around with every day, so the challenge is primarily in building it. Once it's been built, what remains is monitoring and management, which is a fairly mundane and routine task. It can, therefore, become difficult to retain manpower for doing this kind of task on a routine basis. As a result, what's needed is some policies/practices/processes that would retain them. This could be motivational exercises and re-skilling through proper training.

View Point: Sunil Kapoor, Head IT, Fortis Healthcare

As an IT head, what's the prime objective you've set forth for yourself for your IT infrastructure? What's your vision?
To understand, define and create an agreement on the deliverables at the start itself-not only with your suppliers but more so with your customers. This is one key success factor and a differentiator between success and failure of any project.

Do you treat your IT infrastructure as a project?
The way I see it, IT infrastructure has everything to do with IT -be it software or hardware or LAN or WAN. Ultimately, there are customers (users) who use all of it to do their day-to- day activities. If you see from the customers perspective, he wants a function/solution/ process to happen from his desktop and we have to provide for it. He does not care if the LAN was down or a printer is under repair. Hence, the expectations (delivery) of the user must be defined and agreed upon. In fact that should be the starting point and ending point of any project. Ending is in terms of reviewing the completion of the project.

It's imperative to have corporate IT policies, but even more important to ensure that they're enforced. What should be the role of top management as well as individual business unit heads in helping to enforce corporate IT policies?
The CIO can put up the policies and act as a facilitator for creating and defining them. However, the compliance and enforcing of those policies sits within the domain of the HR and the individual operating heads.
The CIO can't ensure compliance at the user level. To take a small example, suppose a user feels that he/she has the right to access personal email or chat on the corporate network because he's spending most of his/her time there. He says he needs these facilities. In such a situation, according to the policy, the IT department can block chat, Hotmail, etc. However the decision on whether to block it or not is with the HR and individual business unit heads. Such situations go beyond the ambit of IT policies and into the area of discipline, ethics, overall company culture, etc. So the HR, business unit heads, and the CIO should play an equal role in enforcing IT policies.

Top management involvement is not necessary in compliance, but their guidance is definitely required during the formation and drafting of IT policies.

What factors should be taken into account when outsourcing the management of a part of the IT infrastructure?
The basic point is that the level of service being delivered to the desktops is a challenge most CIOs around the world toil with today.

There's always a gap between the service that's delivered and what the users expected. But the moment an outside party comes in and does it, the perception changes and becomes more positive.

Besides that, the trouble with an inhouse IT team is that the younger ones are always looking for setups with better technology and companies that offer better compensation. It's therefore very difficult to retain them. Giving it to an external agency is beneficial in this case because even if one engineer leaves, the agency will put in another one from its pool.

Currently, we've followed a model wherein we've outsourced certain areas as proof of concept to see how things work out.

The core parts of our IT infrastructure however, such as managing the HIS, formation of policies, IT strategies, etc still remains an in-house function.

How are you addressing your primary concern of application performance management?
We're evaluating different tools on the ERP front for this.

Interestingly, the biggest concern raised by our respondents with respect to their IT teams was not finding or retaining the right manpower, but rather updating their skills on a regular basis. Everything else was secondary. One of the reasons for this could be the growing IT services market, wherein you can outsource a host of your IT functions. That's why the data on the team structures our respondents had was also very interesting.

A good 50% of the respondents had an equal mix of inhouse as well as outsourced members in their IT teams for the job. Nearly 37% were happy having their own inhouse teams and the rest worked completely on the outsourced model. Two key reasons emerged for a completely outsourced IT management. One was to focus on the core competencies and leave the rest for an external agency to manage; second was affordability.
Having an outsourced team was more cost effective than maintaining an inhouse team. Those who had their own inhouse teams chose this path because it gave them the flexibility and control they needed of their IT infrastructure. Some respondents also had an inhouse team due to confidentiality of information.

The reasons for having an equal mix of inhouse and outsourced were need based. Where business knowledge and domains specific expertise was required, in-house staff was kept. Non-core functions such as helpdesk management were outsourced. Yet others had their IT infrastructure so distributed that an inhouse model would have proven ineffective.

Page(s) 1




	How to Remotely Manage your IT Infrastructure
	The Future of Computing
	Now You can afford a Supercomputer in your Enterprise
	Tech Trends 2006

Untitled 1

Does your business have Green Intelligence

What is SDSIASWODB?

No.1 Linux platform for SAP Applications

Magazine Subscription | RQS | Contact Us | Team PCQuest

	Other CyberMedia web sites [Dataquest] [Voice&Data] [CIOL] [Living Digital] [IDC India] [DQ Channels] [the DQweek] [CyberMedia India] [Cybermedia Careers] [CyberMedia Events] [Cybermedia Digital] [CyberAstro] [Global Services Media] [BioSpectrum] [BioSpectrum Asia] [Computer Shopper] [College Buying Guide] [Voice&DataConnect]