What do you think of when you see another data breach at a major company? After so many high profile incidents why is it so hard for these large companies to keep their customers’ information secure? Why are internet service providers some of the lowest customer satisfaction scores within the services area? Why is the old joke about software and airplanes still so true today?
A search of the Internet shows there is no lack of techniques and methods to address each of the previous issues. A search on Security operations yields over 16 million results – though every week there are more and more data extractions from commercial and government networks.
On the ACSI Website some key observations about the service industry, in general, are that satisfaction is an indicator of company financial performance, quality is more important than price, and changes in satisfaction affect the willingness of customers to buy. Out of the 43 industries tracked by the ACSI ISPs and Cable providers are tied for the last place.
All businesses and organizations have some sort of information management system they use to communicate, archive, and collaborate. The level of technology that the owners or members are comfortable dictate how complex the information technology systems are going to be. For a sole proprietorship using manual paper ledgers and cash, there are time-honored methods to perform the work. For a large multi-national conglomerate having multiple lines of business and time zones, the level of complexity is extremely high and the solution to the information management system is not easy to find or execute. Over the last 30 years of being presented many apparently dissimilar problems that either clients or my own organization need solving, a pattern of components to every problem slowing appeared after reflecting on actions that went right and what went wrong. Some of the most important observations come from when things don’t go like you expect.
The seven components of every project and system comprise of the following:
Planning
Engineering
Installation/Decommission
Operations
Security
Governance
Resources
Planning is developing a strategy and transforming it into a plan. To keep this initial introduction simple the best quote I can come up with is from George Harrison’s song Any Road “But if you don’t know where you’re going Any road will take you there”. Every organization whether for profit or non-profit has some goal that it was created to perform. In the case of most companies, it is to create value for the owners and shareholders while providing employment with social responsibility. In 1970, Milton Friedman wrote in the New York Magazine, “There is one, and only one, social responsibility of business†to use its resources and engage in activities designed to increase its profits so long as it stays within the rules of the game, which is to say, engages in open and free competition without deception or fraud.” The planning component starts with the organization’s strategy. Given the ways, means, and ends of the strategy, the information professional looks at all elements of the organization, gather the legal and governance requirements, assesses the risk profile of the organization and develops a rough timeline for execution. The planning component is iterative and should be thought of a starting from a rough outline and progressing through to fine details like a painter working on a landscape. The end of the planning component is first an understanding of the current end state for the organization. Second, it bounds the requirement space and if done correctly identifies all the policy, process, data, and risk associated with those goals. Finally, it provides guidelines in terms of resources, constraints, and restraints. Part of the strategic assessment the strategy should drive milestones, key performance indicators, an organizational architecture and general technology direction.
Engineering consists of translating plans into requirements and operating parameters. After the organization strategy is completed and a plan is approved, the next component is to develop a comprehensive set of requirements, conduct a gap analysis, and create a functional/systems view of the company’s vision. Mapping technology is normally what everyone wants to do first but most organizations including start up already have assets on hand that are underutilized or sitting on the shelf unused. A disciplined engineering approach allows a non-emotional analysis of capabilities and solutions. The engineering design plan, software features, and detailed specifications carry through until end of the technologies life cycle.
Installation/Development/Decommissioning is deploying a stable secure information environment and once the environment has become obsolete replacing with the next generation of technology. Depending on the type of system, process, and architecture, an installation or development effort requires dedicated program management attention. This is first true change that is visible to everyone in the organization. Once the engineering designs are done, the training plans developed, and management is comfortable with the direction of change the information management team has to put together the detailed checklists to make the change happen. There is a slew of techniques, schools of thought and whole religious cults formed around IT program management. The best advice is to follow a method with which you are most comfortable. If your organization has a process for program management then use it – it makes communicating with the rest of the organization easier. If your project is complex then look to use the more formal change processes either the PMI PMBOK or ITIL methods. For a small organization or project, just a detailed checklist can do. The key is to coordinate the change. Some of the critical information you need to have is the Bill of Materials/Equipment, the engineering design plan, the features required by software, the organizations’ future activities on a timeline, and finally a list of all the stakeholders affected by this change. Communications is the single biggest factor for success in this area.
Operations is delivering the network within strategic parameters, supporting company goals in a stable secure manner. Operations is all about delivering the services promised on time, in budget and within agreed parameters. The heart of operations is managing change. Almost all issues that rise up in operations at its heart was a failed change management process. Someone changed a parameter without coordination, a system overlooked when doing a patch, a gate left unlocked “for a few minutes’. Each and every one of these examples are a result of human failures. Operations have to anticipate issues human-made, nature made or just old fashion wear and tear A methodology to maintain the operations within those boundaries is always required. Under ITIL it’s continual service improvement. Using any of the various quality systems – Total Quality Management, Lean, Six Sigma, or even just a tailored method – allows everyone to have visibility on what needs to be improved, what needs to be sustained, and what is already being done well. How do keep track of how well you are doing? Do you need an operations center with big status boards and a legion of watchstanders taking in information, analyzing and then keeping the information updated on the big screens? How about pulling in the key performance indicators that were developed in the strategy component drive how you monitor on-going operations? Finding the information and
Security is about maintaining a known good environment, detecting variants, responding to anomalies, and restoring service to a known good condition. Security is all about determining the known good environment and maintaining it. Whether it’s physical security or cybersecurity the principles are the same. First what needs to be protected? To defend everywhere is to defend nowhere. Using the risk profile that was developed in the strategy component determine the
Governance ensures services are within legal and operating parameters. Policy and it’s the corresponding requirement of compliance are normally looked at only when there are problems. How can we not do that again? That’s the normal question that is the parent of most policies. If it’s a policy how do you make sure it’s being followed? Audit and compliance are the processes used to see if the policy is being followed. Remember the best policies even when enforced do not mean there not be security or operations issues. Governance is about general guidelines and future outcomes, not bullet-proof prevention. Why do we even need to talk about governance if everyone can just do the best they can. A good team has a playbook and expectations.
Resources create value for the company within an allocated operating budget. To perform any function you have to have resources – time, money, people. How to maximize return on investment, how to attract talent, and how to perform all the tasks required in the time available. Those are the key questions to answer. It is in resourcing that the comprises happen. Do you tie your decision making back to strategy or are you chasing down the latest fire? There are techniques to help reign in the resource monster but discipline, integrity, and perseverance may be the strongest traits to have to accomplish this component. Leadership not management determines the winners and the losers.
Tags: Unified+Ops,+Planning,+Engineering,+Installation/Development,+Security,+Operations,+Governance,+Resources
