Where and how are corporate IT services best located: in-house or outsourced?
Enterprises are constantly re-evaluating their IT sourcing using outcome-focused commercial models. In-sourcing allows an organisation to maintain in-house technical teams or large, single-source suppliers.
It can also be more adaptable by exploiting competitive market behaviour, which can cut costs and capitalise on innovation.
But Gartner published a study of IT sourcing capabilities in 2014, which found only 11% of respondents mastered their approach to sourcing.The remaining 89% needed to improve competencies and significantly raise their maturity levels to manage multi-sourcing successfully.
There has always been a flow of in-house/outsource use – often outsourcing for cost reasons, and then finding the consequent loss of control costs the organisation dearly. Alongside this, many executives are considering taking traditionally outsourced IT services back in-house for a variety of economic, service quality, responsiveness and flexibility reasons.
Read more about IT service management
CIOs believe organisations are missing an opportunity by not applying IT service management outside the IT department
Old MSP standbys such as RMM and backup/disaster recovery will find rejuvenation this year
Technology developments in mobility, virtualisation and cloud computing – as well as the ubiquitous “X-as-a-service” offerings – redefine the operational/capital expenditure equation and directly sway IT sourcing decisions. Similarly, business developments – such as acquiring assets from mergers and acquisitions – affects IT sourcing preferences. These strategic business changes all require the corporate IT department to have both plans and tools in place to adapt quickly to such changes.
With many more, smaller suppliers providing commodity services based on open standards and internet access, the trend towards multi-sourcing has gathered pace, resulting in average sourcing deal sizes shrinking in price and time, while the number of contracts expands dramatically.
When an organisation takes back control of its IT from a lead outsourcer, there are several tasks its IT department must accomplish. These are to:
- Establish and run its own datacentres with virtualisation and hybrid cloud – the remit of IT service management; Manage multiple suppliers, using consistent internal metrics. Experienced and qualified sourcing staff will be required to maintain the longer term supplier relationship;
- Undertake performance measurements and risk assessments to determine value for money. IT needs to regularly review its supply chain, as technology and other environmental factors disrupt established procedures;
- Maintain a wider supplier overview to replace existing providers which are underperforming.
To address these challenges consistently and over longer periods of time, the IT department needs an analytical framework. The most commonly used frameworks for best practice service management involve two major components: Service integration and management (SIAM); The information technology infrastructure library (ITIL) V3.
Of course, other frameworks related to service management may apply as well: Application service library (ASL), CoBIT5 governance, ISO/IEC 20000, Agile, SSADM, RAD, CMMI, Six Sigma quality measures, and TQM and Prince 2 for project management – but these are generally just adjuncts to SIAM and/or ITIL.
Meeting the challenges of SIAM
Unlike ITIL V3 (for IT service management), SIAM is not a formalised framework and does not yet have an established body of knowledge, due in part to a general lack of published best practice. This presents some challenges to the IT organisation. The risks include confusion between systems and service integration, confusion between SIAM and IT service management of devices and users, uninformed decisions to outsource SIAM, and the use of multiple, best-of-breed suppliers – incurring large management overhead costs and difficulty in managing end-to-end services.
SIAM is both a model and a function which manages in-house corporate applications and the migration of applications to cloud hosting. It is seen as a way for large IT organisations to better manage and control multi-sourced operations, by compiling (and then sharing between themselves) best practice and their most successful management methods. The SIAM framework covers the complete lifecycle of services, both on the service supply and service demand side. A SIAM structure relies on a set of working practices with clear bounds of responsibility.
SIAM can manage application processing and storage requirements. With cloud, there is generally considerable pay-as-you-go capacity available, but customers need to be able to scale up and down to make the best use of it. That involves setting up auto-scaling such as provided by Amazon’s AWS EC2 and learning how to optimise the cost and flexibility benefits of cloud hosting with the service levels of a fully managed service.
The task list for a full SIAM service developed by third parties – notably KPMG and ISG – is based on the ability to provide clear and concise interfaces between the service providers, users of ICT services and the contracting organisation. These may include:
- Core service integration, management and tooling;
- Service desk; IT information security support;
- Service transition planning and support;
- Service knowledge management;
- Service/provider assurance;
- Service validation and testing;
- Transformation design and change services relating to SIAM/tower service model.
The SIAM services provided by system integrators such as Accenture, Capgemini, CSC, Atos, TCS, HP and IBM may be disaggregated into service elements and these elements may be procured or delivered separately, according to individual authority requirements.
Finnish supplier Sofigate offers an open approach to SIAM. The firm launched an open source SIAM model in 2015, focusing on enabling managed service integration through standardised processes and tools. Atos, CGI, Cognizant, Elisa Appelsiini, Enfo, Fujitsu, HCL, L&T Infotech, Sonera, Tech Mahindra, Tieto and Wipro have since joined Sofigate’s SIAM ecosystem.
The ITIL V3 contribution
ITIL V3 encompasses 35 sets of non-prescriptive best practice such as the e-competence framework and the management of portfolios. IT departments choose the parts suitable for them from system integrators such as Accenture, IBM Emptoris/Procurement, Atos, Capgemini, TCS, Cognizant and CGI.
More granular service management systems – such as contract management systems (the e-competence framework in ITIL) – are much more affordable for mid-range companies, and come from hundreds of providers, such as SAP Ariba, Agilsoft, Concord, Novatus, Gimmal and GEP. Contract management software automates the creation, tracking and monitoring of contracts and agreements. This allows for the pan-organisational sharing of contract documents for top-down control and monitoring of contract status, key dates and personnel responsibilities.
Supplier management plays a key role. This includes third parties as well as internal suppliers, and the services they provide. The aim is to ensure quality, consistency and value for money. In ITIL V3, supplier management is part of the service design process, to allow for a better integration into the service lifecycle.
Relationships are managed in a supplier and contract database (SCD) such as the Enlighta ITIL suite, to ensure consistent efficiency and effectiveness when implementing the corporate supplier policy. In an ideal world the SCD would make up part of the overall configuration management system and the united information access repository from providers such as Attivio, Search Technologies and BA Insight which extends the core capabilities of Microsoft SharePoint and Fast search. Data stored in these repositories should hold details about contracts, their length, what services are provided by suppliers and any associated configuration items
Size matters in this context – frameworks can be too heavy for small companies (for example with fewer than 200 employees), below which the overhead of incorporating formal best practice often outweighs the benefits gained. The effort spent on setting up and running internal control-based methodologies is probably better spent on giving the customers what they actually want. Conversely, the effective use of commodity standards-based IT should mean that integration and support requirements are much less onerous than managing a more labour-intensive system.
Some SMEs choose to adopt an intermediate, layered approach with a third-party service integrator such as Edifit to manage the SME’s IT suppliers. Other may adopt a tower sourcing model for different service areas – desktops, applications, hosting and networks. Each tower can have a lead supplier, with a strategic partner appointed to manage the whole group, with responsibilities from the early planning to the implementation, monitoring and support for IT services. It effectively extends the role of the third-party service integrator such as HP or Capgemini to take on more day-to-day management over the long term. Besides improving service quality, it adds the system integrator’s risk management skills, and expands the ability to scan the market for innovative suppliers.
IoT – the new entrant
There are many devices and applications making their way into corporate service management. The biggest challenge is no doubt the service management of the internet of things (IoT). With continued virtualisation, our whole understanding of “what is a service” will face a significant challenge. Next-generation service management must include IoT systems as consumers of services. Best practice will be needed to support this entirely new and massive type of support request. This will be qualitatively different from those that were developed to support the classic SIAM interaction. Best practice requires baselines and solid exchange of operations experience – and so a lot more work lies ahead for the various forums dedicated to SIAM and ITIL.
Bernt Ostergaard is an analyst at Quocirca.
Essential elements of the information technology infrastructure library V3 SCD
Populating the ITIL V3 SCD requires:
- Identifying business requirements. Produce a programme of requirements, provide agreement by documenting a strategy and policy, and finally develop a business case;
- Categorising suppliers and contracts relative to business areas and criticality;
- Evaluating existing and potential suppliers. This requires gaining references, assessing supplier abilities relative to corporate needs and also assessing the potential supplier’s financial viability and robustness. It is key to utilise the change management process to introduce new suppliers into the SCD. Other service management processes such as IT service continuity management (ITSCM), availability management and information security management will all have an interest in the new supplier and their abilities to provide service;
- Managing performance of suppliers and contracts. Typically, this is performed at the operational level and based on service level agreements (SLAs) in line with service management policies and processes and supported by an appropriate service level reporting regime. The performance of suppliers will also need to be measured and managed with appropriate action taken if the supplier is underperforming. The supplier needs to provide the service that the business requires, and if that changes, then the supplier will need to change service provision accordingly;
- Renewing/ending a contract. This is a strategic function and needs the existing contract to be reviewed as to its relevance in the future if the business model changes. If the supplier is no longer required, an accurate assessment of the repercussions needs to be carried both from a financial and operational perspective.