Does SaaS mean the end of audits? The BSA don’t think so.

BSA document cover

In an industry which has struggled with year-on-year rises in the number of vendor-imposed software compliance audits, it can be tempting to see SaaS software, with its subscription pricing models, as a panacea. If we can replace a complex web of installation, site, and user-based licenses with a set of simple subscriptions, won’t that make the compliance challenge much simpler?

Unfortunately, it’s not as straightforward as that. This white paper (pdf, opens in new tab) by industry watchdog BSA – The Software Alliance – explores the breadth of ways it’ll be possible to breach terms and conditions of SaaS software.

A basic SaaS subscription for a simple client application might seem very easy to manage. BSA’s document, however, effectively arms auditors with a checklist of breaches to look for, including:

  • Accessing the service from prohibited geographies.
  • Sharing user accounts.
  • Allowing systems to pose as users.
  • Providing access to non-employees (e.g. contractors) where such access is prohibited.

For companies working with Cloud Service Providers, BSA goes into significant detail on the challenges they may face in retaining compliance with their existing licensing agreements: a range of challenges including IP challenges, geographical limitations, and providing auditors with required access to Cloud infrastructure environments.

BSA represents many of the most assertive organizations involved in license audits, and this document suggests, firmly, that the challenge of audits will not be disappearing soon.  As the document states, while Cloud-based software “solves some license compliance challenges, it also creates new ones”.

Advertisements

Why customer centricity is an approach, not a dogma

“Customer first” is a much debated philosophy in ITSM. Studies and reports frequently place customer-centricity high on the priority list of CIOs and CTOs. But sceptical commentators argue that IT may be falling victim to its own faddish obsession: we are not the same as some of the most high-profile service innovators such as those in the consumer marketplace, and we have different drivers and limitations.

Some attempts to deliver customer-centricity in ITSM may indeed be truly faddish: driven by fashion or the notion that something is a cool idea, without really delivering a better business result.

However, I’d argue that such actions are no more customer centric than ignoring the customer’s wishes altogether: if service is delivered on the basis of improperly considered ideas, it isn’t destined to be successful, unless we get lucky.

Customer centricity is not just about doing whatever the customer asks. It’s about marshalling the available support resources to deliver service in the most effective manner for the customer. Most importantly, it’s about methodically identifying what that “most effective manner” actually is. The IT industry hasn’t always been very good at that bit.

As an example: One of the most significant areas of debate, conflict and sheer revolution has been the “Bring Your Own Device” phenomenon. Much has been written on the subject, but occasionally a statistic appears which really illustrates the need for a more customer centric approach to corporate IT.

Last year, an APAC-focused survey by VMWare, “A New Way of Life”, contained one such gem. The gem was not the survey’s finding that 83% of employees are bringing their own devices to work. This number is not unusual; many similar surveys have produced similar figures. It was a subsequent result which stood out: 41% of of these positive respondents cited “contactability by customers” as a primary driver for their use of non-corporate items.

Let that sink in for a moment: Fully one-third of the overall respondents in this survey stated that they needed to augment the technology their employer is providing them, just to give customers adequate means to contact them (and that is before we even start to ask how many of that group are actually customer facing: the percentage might actually be much higher for the most relevant groups of users).

Surely, then, IT departments need to ask themselves why this is happening?

But this is the problem: We already did that. The IT organization already sat down and thought up the best policies it could: usually making considered judgements built on knowledge and experience, trying to find the best balance between security and customer requirements. But if more than a third of users still need to bring in their own technology to deal with customers, then something went wrong.

Maybe IT really didn’t learn enough because it didn’t get far enough away from its own desk. IT should be asking their customers why this is happening.

Even then, though, simply asking a question may not give us what we need to provide the best solutions. Customers, asked directly, may tell you what they think they need, based on their own frame of reference. Henry Ford, sadly, probably never uttered the quote widely attributed to him about giving customers “faster horses” if he’d simply followed their stated wishes, but it’s still an important point.

Instead, the best way for IT to be customer centric is to leave our desks. We need to stand with our users as they go about their job. We should shadow field support people, sit in customer service call centres, spend a day with a sales rep, observe the warehouse for a while. As technology experts, we know more about the challenges of managing evolving technology in an increasingly complex corporate environment, but we don’t know our customers’ jobs like they do.

IT deeply knows technology, but the customer knows their job most deeply. The foundation for customer-centric support is simply the combination of those two pieces of knowledge.

(Image credit: doctorow on Flickr)

Cloud’s impact on ITSM tools: it’s not just about SaaS

Image of clouds in a deep blue sky

The last few years in the ITSM toolset market have been somewhat dominated by the subject of cloud delivery. Business has, of course, rapidly embraced the cloud as an application consumption option. ITSM has been no exception: new entrants and established brands alike have invested either in fully SaaS offerings, or in diversification of their offering to provide a choice between on-premise and cloud delivery models.

However, for the users of those tools, or their customers in the wider organisation using SaaS software, the delivery method alone does not necessarily change much. This is hugely important to remember. If software is consumed via a URL, it does not particularly matter whether the screens and features are served from the company’s own servers, or from a data centre halfway across the country or even the world.  There are often points of benefit for the SaaS end user, of course. But the mechanism alone? It’s a big deal for the buyer, or for the people managing the system, but it might be wholly transparent to everyone else.

It’s important, therefore, to look at what the real differences are to those real-life users: the people whose jobs are constantly underpinned by the applications. Now that we have a solid set of SaaS platforms underpinning ITSM, it seems right to focus on where cloud has already created dramatic user benefits outside the ITSM space. These huge trends show us what is possible:

Autonomy: When an employee stores or shares files using a cloud storage provider like Dropbox, they are detaching them from the traditional corporate infrastructure of hard drives, email, and groupware. When they use their own smartphone or tablet at work, as more than 80% of knowledge workers are doing, they are making a conscious decision to augment their toolset with technology of their own choice, rather than their company’s.

Collectivisation: Cloud applications have the potential to pull broad user groups together in a manner that no closed corporate system can ever hope to do. In the consumer space, this is the key difference between crowdsourced guidance and point expert advice (a battle in which the momentum is only going one way: as evidenced by numerous examples such as the disruption of the travel guide book market by Yelp and TripAdvisor). Aggregated information and real time interaction are new and powerful disruption to traditional tools and services, and Cloud is a huge enabler of these.

Communication: Facebook’s impact on social communication has been to close down distances and seamlessly bring groups of people together in an effortless manner. In a similar manner, Cloud platforms give us new ways to link disparate ITSM actors (whether customers or deliverers) across multiple systems, locations and organizations, without the requirement to build and maintain multiple, expensive ad-hoc paths of communication, and without some of the drawbacks of traditional channels such as email. Service, at least when things get complicated, is a team effort, and slick communication underpins that effort.

Cross-Platformity: Cloud underpinnings have enabled a new generation of applications to work seamlessly across different devices. An employee on a customer visit can use a tool like Evernote to dictate stand-up notes using a smartphone, before editing them on the train home using a tablet, and retrieving them on the laptop in the office the next morning. Nothing needs to be transferred: there is no fiddling with SD Cards or emails.

These are the principles which will change the game for ITSM’s front line service providers, and it’s customers. Bringing some or all of them together opens up a huge range of possibilities:

  • Integrated service platforms, connecting the customer in new ways to those serving them (think of the “two halves of Uber”, for instance: separate applications for passenger and driver, with powerful linkage between the two for geolocation, payment and feedback).
  • Fully mobilised ITSM, delivering a truly cross platform “Evernote” experience with persistent personal data such as field notes.
  • Easy application linkages, driven by tools like IFTTT and Zapier, opening up powerful but controllable autonomy and user-driven innovation.
  • Integrated community interaction beyond the bounds of the single company instance, enabling knowledge sharing and greater self-help.
  • Highly contextual and assistive features, underpinned by broad learning of user needs and behaviours across large sets of users, and detailed analysis of individual patterns.
  • Open marketplaces for granular services and quick “plug and play” supplier offerings, rapidly consumed and integrated through open cloud-driven toolsets.
  • New collaboration spaces for disparate teams of stakeholders, bringing the right people together in a more effective way, to get the job done.

Autonomy, collectivisation, communication, cross-platformity: these are four key principles that are truly making a difference to ITSM. Cloud delivery is just the start.  It is now time to harness the real frontline benefits of this technological revolution.

 

Cloud image: https://www.flickr.com/photos/aztlek/2357990839.  Used under Creative Commons licensing.

Is the lack of ITSM and ITAM alignment causing application sprawl?

Urban sprawl

I’ve written before about the negative consequences of the lack of industry alignment between ITIL-focused ITSM functions, and the IT Asset Management groups which typically evolved somewhat separately.

A recent CapGemini study of CIOs and IT decision makers concisely illustrated one impact this is having:

  • 48% believe their business has more applications than it needs (up from 34% over the previous three years).
  • Only 37% percent believe the majority of their applications are mission critical.
  • 70% believe at least a fifth of their company’s applications share similar functionality and could be consolidated.

The majority believe a fifth of those applications should be retired or replaced.

This shows a very strong consensus amongst IT leaders: IT is spending too much money and time on too many applications, with too much overlap. And in the rapidly evolving application landscape, this impact is by no means limited to traditional on-premise software: Skyhigh’s 2013 study on cloud service adoption found that enterprise respondents used, on average, well over 500 cloud services (the largest number of services found in one organisation was an eye-watering 1769).[Update for Q1 2015: SkyHigh now put the average at over 900]

If we want to remain serious about understanding the business services our IT organizations are managing, overseeing and underpinning, surely we can’t lose track of key assets like this?

How can IT possibly aim to control this sprawl, understand its impact, pinpoint its risks and and remove its vulnerabilities, if there is no unified overseeing function? Who is tracking which users are entitled to which services? Who ensures that users are equipped with the right services, and who removes their access once they leave, to ensure both data security and cost control? Who can identify the impact on key services if an application is removed or consolidated?

Concerningly, this does not appear to be high on the agenda in ITSM discussions. We still see two separate threads in the conference ecosystem: ITSM conferences rarely address asset management. Asset management conferences talk about suppliers and infrastructure without putting them in the context of the services they underpin. My own role involves product management of an ITAM system which is part of an ITSM suite, so I attend both sets of conferences, see both parallel tracks, and experience nagging concerns in each case that the other side of the picture is overlooked.

Recent initiatives such as the Pink Think Tank 14 are, welcomely, addressing in increased detail the multi-sourced, multi-vendor evolution of IT service delivery, but there still does not appear to be a detailed focus on the actual assets and software being supplied by those vendors.  That’s a gap. Those vendors fill the IT environment with assets, from physical kit through software services to less tangible “assets” like critical people with vital knowledge.  All those things cost money. They may have contractual associations. We may need to know, very quickly, who owns and supports them. And if a supplier is replaced, we need to know what they might take with them.

The harsh reality, as clearly shown by CapGemini’s study, is that CIOs and leaders are asking questions about consolidation that will require a detailed, holistic understanding of what we are actually spending money on, and why it is there.

Tomorrow’s Future Today 2014: The End of IT’s Monopoly on Trust

Tomorrow's Future Today logo

On 17th February 2014 I presented at the Tomorrow’s Future Today 24-hour online conference. The presentation explored the impact of Uber, TripAdvisor, Yelp and other consumer-oriented services on established (and legacy) “providers of trust such as guidebooks, regulators and establishments. In this context, it discussed the lessons corporate IT can learn from these huge trends.

You can view a recorded presentation, and my slides, here:

It was a real joy to be involved with this conference: it is a tremendous and free resource for the IT and technology field, with some great contributors.

Yale Shuts Down Student Course Selection Tool on Grounds of “Malice”

Yaleblock

Hot on the heels of my recent “Alf’s Zoo” on Trust, here’s a fine example of the phenomenon.

Yale College has blocked a website which two of its students had created.  The students, brothers Peter and Harry Yu, had created an alternative version of the prestigious institution’s own course planning tool.  “We found that it was really hard to find and compare courses when we first arrived at Yale”, one of the brothers told the media. Yale students are given tremendous flexibility to choose classes, and hence the brothers identified a key frustration with the official solution: a lack of adequate comparison data.  Their tool added students’ course evaluation ratings to the class listings – a feature which proved immensely popular.

The university’s response was heavy handed to say the least. After quibbling with the students about their product’s original name (a derivation of the official platform’s own title), they went a step further and blocked the site on campus. Students attempting to access the site were confronted instead with a Yale-branded screen, purportedly “to help guard against malicious activity on Yale networks”.

But the brothers’ product, far from being a tool of malice, is a great example of a new generation of tools and technologies aimed at making consumers of services more informed… at least to its target audience.  The university sees it differently, using one of its monopolistic powers (its complete control over its own network) to assert its sole control of the course selection process. Yale initially justified its actions on the basis that it had not permitted its course evaluation data to be used in this way. That would be a plausible (if mean-spirited) explanation, if the news had not subsequently emerged that another student-derived tool, a light-hearted random course selector, had also been blocked on the grounds of malice.

Of course Yale are far from alone in behaving like this.