Infrastructure Services are definitely undergoing a major transformation. How does one navigate the web of emerging technology trends and stay ahead of the game? Read on to learn more on our Infra Matters blog.

« November 2013 | Main | May 2014 »

January 27, 2014

Access management - Road to user experience nirvana?

(Posted by Praveen Vedula)

It's a bright Monday morning and today is the first day at your new job. You are excited as you are shown to your desk. After filling in all the mandatory forms, you try to get down to business....only to realize that you have to raise a multitude of requests just to get access to the necessary applications. Most of you have been there, done that already and can understand what a harrowing experience it can be.

Now consider this: It is possible to reorient this entire process in a way that is user friendly and in accordance with IT requirements; all it requires is a careful analysis of   the access product life cycle and how it overlaps with service catalogue from an ITSM point of view.

There is a thin line between role management and entitlement management. Role management deals with the administrative nature of roles while entitlement management deals with the functional aspect of access though both fall under the umbrella of Identity access management (IAM).

Control, accountability and transparency are the central tenets of Identity access management. So, how do we control or detect access violations? Most organizations depend on IT service management to have a seamless process of ordering products through a service catalogue. However, it remains a challenge to manage the user access lifecycle given the number of authorizations involved and may not be easy to manage due to its sheer volume and structure.  There are several products like Axiomatics , Securent (acquired by Cisco) in the market which manage authorizations. However, it will be a while before we have an end to end entitlement management product as pointed out by Earl Perkins from Gartner research, in his blog.

Having said that; there are three key issues which need to be addressed while managing access roles and entitlements-

  • How do we present the access roles as orderable items in service catalog?
  • How do we enforce the policies and rules for the access roles while ordering them?
  • How do we update CMDB with relevant entitlement data to drive IT service management? 

One of the most important aspects of a service catalog is the ease with which it can be accessed and browsed. The key challenge here is to transform an access product into an orderable item that can be accessed by users who have the requisite rights as determined by their roles. Given the flexibility of cloud based ITSM tools, it is quite possible to manage the search parameters on the front end while a compliance check is run by authorization tools in the back end. The governing rules of the access products can be centrally defined and managed at the application layer making it simpler to manage them at one go. In order to make life easy for business users, the orderable access items can also be grouped based on the job level or job description or any other parameter based on the organizational structure.

So, going back to the first example, a new employee has to simply select the access products required from the service catalog. This has been a success story at a large reinsurance firm in Europe that was recognized by the European Identity & Cloud awards 2013 for its project on access management using cloud and authorization tools.
Based on his or her role identity, it will be easy to assign the right levels of access to a given user. In one shot, a pleasant user experience and adherence to IT policies can be achieved.

January 21, 2014

Hybrid ITSM: Evolution and Challenges

(Posted by Manu Singh)

When you compare an ITSM solution based on public cloud with that of an on-premise solution, there is no way to determine which one is superior. Although public cloud based ITSM solutions provide an on-demand self-service; flexibility at a reduced cost is not the only factor that should be considered while choosing deployment options.

Customization has always been a major issue while deploying a cloud based ITSM solution. While every organization has its own way of handling incidents, problem, change and release management; it's the business needs that determine how the IT service management solution is deployed. Cloud based ITSM solutions can be inflexible at times - a kind of one-size-fits-all proposition. Any change / customization will go through testing across the entire user base for all the clients which will lead to unnecessary delay in deploying the required functionality.  In some cases, a release may not even be implemented at all if a few users do not approve of the change.

In other words, using a standard application across multiple users gives limited options for changes in configuration. Organizations may face a risk as requirements continue to change as dictated by a dynamic business environment. Limited options to change configuration settings may not be the best solution in such a scenario.

Another reason organizations are unlikely to stick with a cloud-only solution is that it gets expensive as the years go by. Analysts have also predicted that SaaS based ITSM tools may not be the preferred option as the amount of effort invested in implementing, integrating, operating and maintaining tools would likely result in increasing actual costs rather than reducing it.

But this does not mean that the cloud based ITSM model is likely to vanish. It will still be a good bet for organizations that have limited IT skills on-site and are only looking for standardization of their processes without much customization and dynamic integration requirements.
It stands to reason, that organizations would prefer to have both options - i.e. a cloud-based ITSM offering that can be rapidly deployed and a premise-based one which would support on-going customization and dynamic integration.

Hybrid ITSM combines best of both worlds' i.e. public and on-premise/private clouds.  It focuses on increasing the scalability, dependability and efficiency by merging shared public resources) with private dedicated resources.
However, implementing a hybrid model is not as easy as it seems, as it comes with its own set of challenges, some of which are listed below:

  • Management and visibility of resources that fall outside the scope of managed services
  • Ensuring the consistency of changes implemented between the on-premise and the cloud service provider
  • Supporting open tool access with consistency in the data / look and feel
  • Managing shared network between the on-premise data center and the cloud service provider
  • Seamless integration between on-premise and cloud infrastructure in order to share workload at peak times

Looking at the above challenges, it is clear that organizations need to do a thorough due diligence to identify:

  • Data and network security requirement (data encryption, firewall etc.)
  • Tool usage requirement, storage requirement (on-premise or cloud)
  • Robust change management in order to track and coordinate changes between the two environments
  • Fail-safe infrastructure set up so that the availability of the tool is not hampered
  • A robust asset and configuration management  to track the assets within business control and dependency with assets on public cloud
  • A framework defining governance, statutory and support requirements

Ideally, organizations need to follow an approach that incorporates the aforesaid requirements early on during the discovery and design phase.
My next post will cover the implementation approach for Hybrid ITSM along with the mitigation strategies for some of the common challenges.