The promise of ITSM

How’s this for an ambitious agenda: Cut costs, bolster security and improve end-user satisfaction. Each of those items is hard enough to address in isolation, but some federal agencies aim to achieve all three goals through an approach known as IT service management.

ITSM establishes a consistent, core set of processes for managing the delivery of IT services, and related software automates those processes. Industry executives contend that automating formerly manual activities helps organizations trim expenses, while system security and availability stand to improve with more disciplined and less reactive management approaches. Overall, standardizing IT delivery tasks should, at least in principle, ratchet up the level of quality.

Agencies have two primary options for ITSM: in-house deployment or turning to the cloud. Traditionally, vendors have offered ITSM as on-premise software, but in the past 18 months, the market has shifted toward cloud-based software as a service (SaaS). That approach could lower the cost and complexity of ITSM adoption, but buyers must first overcome security concerns.

Why it matters

Federal interest in ITSM is growing for a couple of reasons. One is data center consolidation. Multiple data centers typically mean multiple service desks and supporting technologies. Consolidation gives agencies a chance to pursue a focused ITSM effort.

“Consolidation has provided an opportunity to standardize,” said Capt. Victor Collier, information systems network officer in the Plans and Engineering section of the Army’s 7th Signal Command (Theater).

The Army uses BMC Software’s Remedy ITSM tool. In one key improvement, the number of “Remedy templates” used to respond to support requests was reduced from 800 to 270, Collier said.

ITSM templates allow IT organizations to create forms for users to fill out when requesting services or reporting incidents. The requests or reports are then routed to the appropriate technician.

The Army’s CONUS Service Desk (CSD) handles computer-related issues for 30 Army installations through a central help desk and toll-free telephone number. Collier said CSD receives and follows up on more than 20,000 requests per month.

Another advantage to data center consolidation is that it helps agencies fund ITSM tools, said John Prestridge, vice president of marketing and products at SunView Software, which makes on-premise and cloud-based ITSM tools.

“They roll up change and configuration management as part of a larger data center consolidation project,” he said. “The tools...become a line item on a much larger project.”

The desire to update technology is also spurring the current level of ITSM activity. Agencies with legacy help-desk systems want to upgrade their software and add features the older products lack.

“Most of them have a legacy solution they have there for years and years...and what they are looking for is to move to a more modern solution,” Prestridge said. “And in some agencies, they are looking to bring in solutions to support specific processes that are outside the initial implementation.”

Furthermore, legacy systems might have gotten bogged down in extensive customization, said Larry Schink, senior managing partner at CorTechs, an IT services company with an ITSM practice area. Those custom features drive up maintenance costs, while a new system offers the opportunity to set things right.

“They need to back out of customization and look at products that can be modified easily, without hard-coding customization into the product itself,” Schink said.

Rob Stroud, vice president for service and portfolio management at ITSM provider CA Technologies, said federal agencies are taking stock of ITSM software as they go through their technology review cycles.

“We are in one of those periods right now where people are looking at those systems and solutions and issuing” requests for proposals, he said.

The fundamentals

Help-desk software has been a mainstay of IT automation for a couple of decades. Over time, the help-desk function has evolved beyond its initial scope of resolving users’ technical issues to take on a broader set of services. ITSM software provides a more comprehensive set of tools as help desks become service desks.

The IT Infrastructure Library (ITIL), a collection of best practices for service management, often provides the essential framework for ITSM. Indeed, ITSM software now encompasses a range of ITIL practices, including change, configuration and incident management.

Agencies often undertake ITSM software and ITIL adoption efforts at the same time. The National Institute of Standards and Technology took that approach last year. NIST needed to replace an older ITSM system that the vendor no longer supported and decided to migrate to ITIL Version 3 “in the same breath,” said Tim Halton, chief of customer access and support at NIST.

The agency adopted ServiceNow’s cloud-based ITSM offering and offered an ITIL Version 3 Foundation training program, which more than 140 NIST employees have attended.

Halton called the training “a cultural migration to get people settling into the new norm” of ITIL practices. “We got everyone using the same nomenclature and the same terminology,” he said.

Agencies going down the ITSM and ITIL path describe a number of benefits. The Army, for instance, points to the ability to trim expenses and keep critical IT resources functioning.

“ITIL practices have been proven to reduce costs and improve efficiency in the delivery of those services,” said Lemont Powell, deputy chief of the Networks, Plans and Engineering Directorate at the Army’s Network Enterprise Technology Command.

Powell added that many Army organizations use ITIL Version 3 as the framework for delivering and managing IT services. He cited change management as one area in which ITSM can save resources. With a structured process, administrators make authorized changes that are deliberately implemented and monitored.

“Many times, unauthorized changes or incorrectly administered changes can bring a service down,” Powell said. “For a business, this is loss of profit. But for the Army, this can affect soldiers in combat or those supporting combat operations.”

Schink, meanwhile, said ITSM can help agencies reduce the person-hours involved in running IT processes. The automation of manual tasks provides the biggest ITSM bang for the buck, he said. Large IT operations that can significantly reduce the number of people performing service management chores can justify the price of the software, he added.

In addition to cost, security stands out as a plus for ITSM processes and tools.

“An organization without service management processes will simply react to unforeseen incidents,” Powell said. “An organization with more mature service management processes will execute [its] problem management process to determine the cause of any incident.”

At full maturity, an organization will deploy monitoring, capacity and availability processes to predict trouble and take proactive steps to avoid service interruption. Powell added that a properly designed ITSM system will integrate with other networking tools to track assets and firmware patches, devices’ and servers’ antivirus protection, and the health of individual IT services.

The hurdles

Perhaps the main question facing agencies is whether to go with an on-premise ITSM solution or opt for the cloud delivery model. Commercial enterprises typically favor SaaS-based ITSM, citing lower infrastructure costs and the ability to offload day-to-day application management.

Those factors attract government customers as well. “Going to the cloud freed me from the responsibility of building out a whole infrastructure,” Halton said.

In addition, disaster recovery becomes less of a burden because the vendor provides that service. When a problem arises at the vendor’s main hosting facility in Culpeper, Va., NIST’s ITSM service will switch to a backup location in Florida. “I don’t have to coordinate that type of activity or worry about if I have enough infrastructure to do that,” Halton said.

The lack of security-certified SaaS ITSM vendors, however, has hindered the government’s ability to migrate to cloud technology. “The biggest challenge we had moving to the cloud had to do with [the Federal Information Security Management Act] and meeting those requirements,” Halton said.

Fortunately, ServiceNow was willing to work with NIST to meet FISMA standards and was granted an authority to operate (ATO) in June 2012. Along the way, NIST discovered that the General Services Administration was also pursuing ATO status for ServiceNow. The agencies worked together toward a solution that could be used across the federal government. GSA granted a Moderate ATO to ServiceNow in April.

Halton said demand for cloud-based ITSM has been building and noted that about a dozen agencies have inquired about NIST’s ATO.

Nevertheless, security concerns still keep some agencies away from the cloud. Schink said the military sector, in particular, will probably stick with on-premise solutions.

“I just don’t see them moving to the cloud very fast,” he said.