ITSM	
  Governance	
  
ITSM	
  Meets	
  the	
  Cloud	
  
	
  	
  
February	
  13,	
  2014	
  
David Mainville
CEO / Co-founder

dmainville@navvia.com
Twitter @mainville

February	
  2014	
  

Copyright	
  2014,	
  Na...
What are you hoping to learn from
today’s presentation?!
February	
  2014	
  

Copyright	
  2014,	
  Navvia	
  -­‐	
  A	
 ...
Let’s	
  start	
  with	
  a	
  poll
	
  
What is your organization’s position
on SaaS / cloud?!
!
1. 

We do not allow Saa...
65%	
  of	
  respondents	
  are	
  either	
  using	
  or	
  
invesFgaFng	
  SaaS	
  	
  

Source: 8th annual ITSM Industry...
What	
  is	
  SaaS	
  /	
  cloud	
  compuFng?
	
  
Cloud computing most often refers to IT Services that are
provided to u...
Common	
  terms
	
  
SaaS	
  

U$lity	
  Compu$ng	
  

Private	
  Cloud	
  

Mul$-­‐Tenant	
  

	
  	
  
On-­‐demand	
  

...
Just	
  more	
  markeFng	
  hype?	
  

November	
  2013	
  
2/13/2014	
  

Copyright	
  2013,	
  Navvia	
  -­‐	
  A	
  Div...
The	
  Big	
  Switch	
  
•  The	
  new	
  “industrial	
  
revoluFon”	
  
•  A	
  watershed	
  of	
  creaFve	
  
energy	
  ...
Companies	
  are	
  invesFng	
  heavily	
  in	
  the	
  cloud	
  

App Store, iTunes…!

November	
  2013	
  

Copyright	
 ...
@	
  Navvia	
  
•  100%	
  of	
  our	
  business	
  
apps	
  are	
  cloud	
  based	
  
–  Email	
  &	
  file	
  sharing	
  ...
Some	
  ITSM	
  cloud	
  players
	
  

http://www.zdnet.com/saas-itsm-tools-forrester-delivers-market-overview-7000011865/...
Cloud	
  doesn’t	
  mean	
  beber
	
  

It’s	
  a	
  delivery	
  opFon	
  that	
  sFll	
  needs	
  to	
  be	
  
tailored	
...
ITSM	
  governance	
  &	
  the	
  cloud
	
  

November	
  2013	
  

Copyright	
  2013,	
  Navvia	
  -­‐	
  A	
  Division	
...
What	
  is	
  governance?
	
  
•  In	
  the	
  case	
  of	
  a	
  business	
  or	
  of	
  a	
  non-­‐profit	
  organisaFon,...
Governance	
  =	
  Accountability
	
  

November	
  2013	
  

Copyright	
  2013,	
  Navvia	
  -­‐	
  A	
  Division	
  of	
...
Why	
  ITSM	
  governance?	
  
•  Maximize	
  value	
  of	
  IT	
  investment	
  
•  Support	
  complex	
  regulatory	
  
...
Governance	
  frameworks	
  
•  ITIL	
  	
  	
  
–  Provides	
  guidance	
  on	
  the	
  
processes	
  

•  COBIT	
  	
  	...
ITSM	
  governance	
  roles	
  
•  Prescrip$ve	
  role	
  assigns	
  
authority	
  and	
  accountability	
  
•  Audit	
  r...
An	
  ITSM	
  governance	
  approach	
  
PROCESS	
  
CONTROLS	
  
TASKS	
  
EVIDENCE	
  

CHANGE	
  
MANAGEMENT	
  

AI6.1...
ITSM	
  governance	
  &	
  service	
  delivery	
  

Actual	
  Service	
  Levels	
  
Desired	
  Service	
  Levels	
  

— 
...
Achieving	
  ITSM	
  governance	
  
	
  	
  

•  Define	
  your	
  processes	
  
•  IdenFfy	
  the	
  Control	
  ObjecFves	...
Let’s	
  take	
  a	
  poll!
	
  
Do you have formal governance in place for
ITSM?!
!
1. 

Defined, implemented and enforced...
Governance	
  remains	
  very	
  weak
	
  
Only 29% of respondents have implemented and enforce, up slightly from 28%
in l...
Its	
  no	
  wonder	
  ITSM	
  programs	
  fail
	
  

November	
  2013	
  
2/13/2014	
  

Copyright	
  2013,	
  Navvia	
  ...
Does	
  governance	
  differ	
  in	
  the	
  cloud?	
  

November	
  2013	
  

Copyright	
  2013,	
  Navvia	
  -­‐	
  A	
  ...
I	
  see	
  governance	
  from	
  a	
  variety	
  of	
  
perspecFves	
  

November	
  2013	
  

Copyright	
  2013,	
  Navv...
Governing	
  a	
  cloud	
  applicaFon	
  
QuesFons	
  to	
  ask	
  your	
  Cloud	
  or	
  SaaS	
  vendor	
  
Requirement	
...
Governing	
  a	
  cloud	
  applicaFon	
  
QuesFons	
  to	
  ask	
  your	
  Cloud	
  or	
  SaaS	
  vendor	
  
Requirement	
...
Related	
  reading	
  

ISO/IEC	
  20000	
  

COBIT	
  to	
  ISO/IEC	
  20000	
  

COBIT	
  User	
  Guide	
  

COBIT	
  to...
Cloud	
  Security	
  Alliance	
  SM	
  
hbps://cloudsecurityalliance.org/	
  

Security	
  Guidance	
  for	
  CriFcal	
  
...
What	
  does	
  this	
  all	
  mean	
  to	
  me?
	
  

November	
  2013	
  
2/13/2014	
  

Copyright	
  2013,	
  Navvia	
 ...
Three	
  things	
  	
  to	
  remember
	
  
•  Cloud	
  CompuFng	
  will	
  conFnue	
  to	
  
grow	
  
•  IT	
  must	
  rem...
Navigating ITSM via our tools and services
Over 14 years of ITSM success!

November	
  2013	
  

Copyright	
  2013,	
  Nav...
Navvia Software

The Navvia Process Management Platform

Simple w	
  Social w	
  Effective

November	
  2013	
  

Copyri...
5 valuable tools for your ITSM program!

November	
  2013	
  

Copyright	
  2013,	
  Navvia	
  -­‐	
  A	
  Division	
  of	...
ITSM	
  Service	
  Offerings	
  
• 

ITSM	
  Accelerators	
  

• 

Onsite	
  ITSM	
  Services	
  from	
  assessments	
  
th...
navvia.com/tools/test-drive/!
November	
  2013	
  

Copyright	
  2013,	
  Navvia	
  -­‐	
  A	
  Division	
  of	
  ConsulFn...
Thank You!
David Mainville
dmainville@navvia.com
Twitter: @mainville
navvia.com/library
November	
  2013	
  

Copyright	
 ...
Upcoming SlideShare
Loading in …5
×

Governance ITSM meets the cloud

696 views

Published on

IT Governance can seem like a daunting challenge especially in today's complex environment with many applications migrating to the cloud. But it doesn’t have to be!

Organizations are increasingly turning to Cloud-based options in order to deliver services to the business. While you may have outsourced the delivery of these services to the cloud, the IT organization still is responsible for overall service delivery. So how do you get your arms around something so "nebulous" as the Cloud?

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
696
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Governance ITSM meets the cloud

  1. 1. ITSM  Governance   ITSM  Meets  the  Cloud       February  13,  2014  
  2. 2. David Mainville CEO / Co-founder dmainville@navvia.com Twitter @mainville February  2014   Copyright  2014,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   2  
  3. 3. What are you hoping to learn from today’s presentation?! February  2014   Copyright  2014,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   3  
  4. 4. Let’s  start  with  a  poll   What is your organization’s position on SaaS / cloud?! ! 1.  We do not allow SaaS applications! 2.  We currently have no SaaS applications but are investigating! 3.  We currently use SaaS applications! 4.  Don’t know! November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   4  
  5. 5. 65%  of  respondents  are  either  using  or   invesFgaFng  SaaS     Source: 8th annual ITSM Industry Survey! November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   5  
  6. 6. What  is  SaaS  /  cloud  compuFng?   Cloud computing most often refers to IT Services that are provided to users over the internet on a pay as you go or ondemand model much like a public utility. November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   6  
  7. 7. Common  terms   SaaS   U$lity  Compu$ng   Private  Cloud   Mul$-­‐Tenant       On-­‐demand   Pla8orm  as  a  Service   Infrastructure  as  a  Service   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   7  
  8. 8. Just  more  markeFng  hype?   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   8  
  9. 9. The  Big  Switch   •  The  new  “industrial   revoluFon”   •  A  watershed  of  creaFve   energy   •  A  focus  on  core  competencies   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   9  
  10. 10. Companies  are  invesFng  heavily  in  the  cloud   App Store, iTunes…! November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   10  
  11. 11. @  Navvia   •  100%  of  our  business   apps  are  cloud  based   –  Email  &  file  sharing   –  Sales  &  markeFng   –  Finance  &  Admin   –  DEV  Infrastructure   –  PROD  hosFng   •  We  also  sell  ITSM  cloud   soaware   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   11  
  12. 12. Some  ITSM  cloud  players   http://www.zdnet.com/saas-itsm-tools-forrester-delivers-market-overview-7000011865/! Note:  a  non-­‐exhaus.ve  list,  new  entrants  con.nue  to  enter  the  marketplace   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   12  
  13. 13. Cloud  doesn’t  mean  beber   It’s  a  delivery  opFon  that  sFll  needs  to  be   tailored  to  your  needs   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   13  
  14. 14. ITSM  governance  &  the  cloud   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   14  
  15. 15. What  is  governance?   •  In  the  case  of  a  business  or  of  a  non-­‐profit  organisaFon,   governance  relates  to  consistent  management,  cohesive   policies,  guidance,  processes  and  decision-­‐rights  for  a  given   area  of  responsibility.     •  IT  Governance  primarily  deals  with  connecFons  between   business  focus  and  IT  management.  The  goal  of  clear   governance  is  to  assure  the  investment  in  IT  generate   business  value  and  mi.gate  the  risks  that  are  associated   with  IT  projects   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   15  
  16. 16. Governance  =  Accountability   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   16  
  17. 17. Why  ITSM  governance?   •  Maximize  value  of  IT  investment   •  Support  complex  regulatory   requirements   –  Sarbanes-­‐Oxley,  Basel-­‐II   •  Third  party  cerFficaFons   –  ISO20000,  SAS70…   •  ConFnual  Service  Improvement   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   17  
  18. 18. Governance  frameworks   •  ITIL       –  Provides  guidance  on  the   processes   •  COBIT       –  Widely  accepted  by  the  IT  audit   community   –  Defines  controls,  processes  and   audit  tests  (evidence)   •  ISO20000   Our  experience  shows  that  the  best  approach  is  to  use   a  combina$on  of  frameworks  for  ITSM  governance   –  Defines  a  standard  for  a  Service   Management  System   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   18  
  19. 19. ITSM  governance  roles   •  Prescrip$ve  role  assigns   authority  and  accountability   •  Audit  role  reports  on   compliance  to  process  owners,   execuFves  and  directors   •  Coordina$on  role  assigns  and   coordinates  the  governance   tasks   •  Monitor  role  tracks  governance   reporFng  for  the  audit  role   •  User/Provider  roles  execute   the  governance  tasks     November  2013   2/13/2014   An  ITSM  “Program  Office”  or  “Governance   Board”  is  the  ideal  place  to  center  your   governance  ac$vi$es   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   19  
  20. 20. An  ITSM  governance  approach   PROCESS   CONTROLS   TASKS   EVIDENCE   CHANGE   MANAGEMENT   AI6.1     STANDARDS  &   PROCEDURES     AI6.2   ASSESSMENT  &   AUTHORIZATION   AI6.3      EMERGENCY   CHANGES   Task  1   Provide  Evidence  of  Change  Mgmt.  System   Emergency  Change   Categories   November  2013   2/13/2014   Emergency  Change   Reports   AI6.4     TRACKING  AND   REPORTING   AI6.5     CHANGE  CLOSURE   &  DOC   Task  2   Provide  Evidence  of  Emergency  Change   Handling   Documented   Emergency   Procedures   Review  of   Emergency   Changes   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   20  
  21. 21. ITSM  governance  &  service  delivery   Actual  Service  Levels   Desired  Service  Levels   —  Ungoverned  processes  “wear  down”  over  Fme       —  The  result  is  service  variability  versus  consistency   —  More  effort  to  manage  /  less  customer  saFsfacFon   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   21  
  22. 22. Achieving  ITSM  governance       •  Define  your  processes   •  IdenFfy  the  Control  ObjecFves     •  Assign  Accountability  for  Control   ObjecFves   •  Require  evidence  of  compliance   •  Measure  and  report  on  process   compliance   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   22  
  23. 23. Let’s  take  a  poll!   Do you have formal governance in place for ITSM?! ! 1.  Defined, implemented and enforced! 2.  Defined but not implemented! 3.  Implemented but not enforced! 4.  No ITSM governance in place! November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   23  
  24. 24. Governance  remains  very  weak   Only 29% of respondents have implemented and enforce, up slightly from 28% in last years survey! Source: 8th annual ITSM Industry Survey! November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   24  
  25. 25. Its  no  wonder  ITSM  programs  fail   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   25  
  26. 26. Does  governance  differ  in  the  cloud?   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   26  
  27. 27. I  see  governance  from  a  variety  of   perspecFves   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   27  
  28. 28. Governing  a  cloud  applicaFon   QuesFons  to  ask  your  Cloud  or  SaaS  vendor   Requirement   Comment   Data  ClassificaFon   Is  the  Data  being  stored  public,  internal,  confidenFal,  restricted  or  highly  restricted?   Physical  Security   Does  the  vendor  meet  all  security  standards  for  datacenter  access?   AuthenFcaFon   What  are  the  policies  and  technology  are  in  place  to  limit  access  to  data  to  right  people?   AuthorizaFon   Who  at  the  vendor  site  is  authorized  to  access  the  data,  what  controls  are  in  place?   Audit  Logging   What  security  logs  are  maintained  by  the  vendor  /  what  is  logged  by  the  system?   ConfidenFality   What  policies  /  technology  exist  to  ensure  company  data  is  kept  confidenFal  –  is  Payment  Card  (PCI)  or  Personally   IdenFfiable  InformaFon  (PII)  stored  in  the  cloud  applicaFon?   Virus  ProtecFon   What  policies  and  technologies  are  in  place  to  ensure  the  data  remains  virus  free?   Security  Config   Has  the  vendors  infrastructure  been  configured  to  ensure  against  vulnerabiliFes  –  is  it  audited?   Patch  Mgmt.   What  policies  /  technology  is  in  place  to  ensure  criFcal  updates  are  applied  in  a  Fmely  manner?   Physical  Config.   How  is  our  data  segregated  from  the  vendors  other  clients?   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   28  
  29. 29. Governing  a  cloud  applicaFon   QuesFons  to  ask  your  Cloud  or  SaaS  vendor   Requirement   Comment   Disaster  Recovery   What  policies  and  technology  are  in  place  to  address  a  disaster  and  support  resumpFon  of  service  (failover,   backups,  offsite  storage,  backup  faciliFes…)   Human  Resource   Security   What  policies  and  pracFces  are  in  place  to  ensure  the  vendors  personnel  are  a)trained  in  security  pracFces  and  b)   have  been  adequately  screened  (background  checks)   Compliance   What  audit  protocols  /  pracFces  does  the  vendor  have  in  place  to  ensure  compliance  to  their  internal  policies  and   processes   Soaware  Config   Mgmt.   What  policies,  pracFces  and  technologies  exist  to  ensure  the  vendor  has  adequate  control  over  their  source  code   libraries  and  that  there  is  a  separaFon  of  duFes  between  development  and  producFon   Insurance  /  Risk   What  levels  of  coverage  does  the  vendor  have  to  protect  from  IdenFty  Thea,  Cyber-­‐ExtorFon,  Cyber-­‐Terrorism,   InformaFon  Asset  Network  Security,  Web  Content,  Errors  and  Omissions,  Network  Business  InterrupFon   Financial  Risk   Is  the  cloud  vendor  viable?    What  protecFons  exist  if  they  were  to  become  in  solvent?   CommunicaFons   What  policies  and  pracFces  are  in  place  by  the  vendor  to  communicate  security  incidents?   Data  RetenFon   How  long  does  the  vendor  retain  the  data,  how  is  it  protected,  how  can  the  data  be  extracted  from  the  cloud   applicaFon  if  the  contract  is  terminated   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   29  
  30. 30. Related  reading   ISO/IEC  20000   COBIT  to  ISO/IEC  20000   COBIT  User  Guide   COBIT  to  ITIL  V3   Defines  the  standard  for  a   Service  Management  System   (part  1&2)   How  to  use  COBIT   Controls  to  support  ISO/ IEC  20000   Guidance  for  Service   Managers  on  the  Use  of   COBIT  to  support  ITIL  &   ISO/IEC  20000   How  to  use  COBIT   Controls  to  support  ITIL   V3   hbp://www.itgovernance.co.uk/   hbp://www.isaca.org/   hbp://www.isaca.org/   hbp://www.isaca.org/   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   30  
  31. 31. Cloud  Security  Alliance  SM   hbps://cloudsecurityalliance.org/   Security  Guidance  for  CriFcal   Areas  of  Focus  in  Cloud   CompuFng   Cloud  Controls  Matrix  v1.1  -­‐  Fundamental  security   principles  to  guide  cloud  vendors  and  to  assist   prospecFve  cloud  customers  in  assessing  the  overall   security  risk  of  a  cloud  provider.   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   31  
  32. 32. What  does  this  all  mean  to  me?   November  2013   2/13/2014   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   32  
  33. 33. Three  things    to  remember   •  Cloud  CompuFng  will  conFnue  to   grow   •  IT  must  remains  accountable  for   governing  cloud  apps   •  Understanding  the  cloud  is  crucial  to   your  career   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   33  
  34. 34. Navigating ITSM via our tools and services Over 14 years of ITSM success! November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   34  
  35. 35. Navvia Software The Navvia Process Management Platform Simple w  Social w  Effective November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   35  
  36. 36. 5 valuable tools for your ITSM program! November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   36  
  37. 37. ITSM  Service  Offerings   •  ITSM  Accelerators   •  Onsite  ITSM  Services  from  assessments   through  to  strategy  and  implementaFons   •  ITSM  tool  selecFon  &  implementaFon   •  ITSM  educaFon   November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   37  
  38. 38. navvia.com/tools/test-drive/! November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   38  
  39. 39. Thank You! David Mainville dmainville@navvia.com Twitter: @mainville navvia.com/library November  2013   Copyright  2013,  Navvia  -­‐  A  Division  of  ConsulFng-­‐Portal   39  

×