IT service management has undergone a major evolution during the past several decades. Each step forward has challenged...
the then-current status quo to integrate new technologies into the cycles of business designed to create, build and deliver IT that will enrich functional and economic efficiencies.
Today, powerful new capabilities are reshaping ITSM, including artificial intelligence, cloud-based services, machine learning, chatbots and threat intelligence services. But all of these technologies require strong, coherent governance in order to achieve their potential. Too often, when challenged to build and enforce strong ITSM governance processes, companies duck. Either the governance is not put in place at all, or the employees, contractors and the other citizens of a company's larger ecosystem of vendors, suppliers, customers and regulators fail to comply with the governance rules that are introduced.
A major cause for the difficult path facing ITSM governance when processes are built on a portfolio of new technologies is a failure to sustain trust during the critical early phases of adoption, rollout and scaling across the enterprise and its ecosystem. In many ways, ITSM confronts the same trust issues as those who engineer, build and implement systems that collect, process, store and otherwise use personally identifiable information.
In the absence of trust, there is resistance to adoption and there is skepticism about relying upon the systems and their output. How can ITSM innovations build and sustain the trust required for them to succeed, particularly at the intersections of cloud migrations, artificial intelligence and machine learning?
Building trust with designed ITSM governance
Policies, procedures, rules, contracts, service level agreements (SLAs) and technical protocols provide the discipline for any innovation to succeed. Unfortunately, with cloud migration, machine learning and artificial intelligence, a frequent challenge is that policies and procedures do not exist. That makes it very hard for the users to gain confidence that the technologies will work to the company's advantage.
Every rule, policy, procedure, protocol or SLA exists to define the necessary processes in order for technology to work, and for attendant risks to be avoided. Those are two very different outcomes. When we install governance, the substantive rules serve to discipline behavior toward consistent, intended outcomes. Reliability, consistency and resilience after untoward circumstances or events are all positive attributes for users deciding whether to place their trust in the related technologies. And as we all know, a single adverse event can offset dozens or hundreds of positive events that otherwise contributed to a level of trust.
The rules supporting new technology must anticipate, and suitably discipline, user behavior to avoid known risks -- whether threats, vulnerabilities or combinations of both. This is where conscious, intelligent design of the governance stack can be so useful at building trust. When users understand that compliance with the new rules avoids risks that endanger their company, their performance, their employment or their business relationships, the rules gain respect and adherence becomes a priority.
To succeed, professionals in charge of ITSM governance must rigorously perform their own root cause analysis even before the innovations are introduced and implement the necessary guiding documents with the technology's release. Collaboration is essential, both among the company's departments (operations, legal, audit, finance, HR, facilities) and with the related vendors that are often resistant to the need for extensive, well-designed ITSM governance. Of course, the internal costs -- both in time and money -- required for that collaboration are often overlooked or underestimated when projecting the potential costs and ROI of innovations. But ITSM professionals who do anticipate and include those expense projections are more likely to avoid unexpected, and indefensible, cost overruns.
Sustaining trust in ITSM
Sustaining trust requires additional work, but it will help realize the benefits promised by innovations in ITSM: faster speeds, lower costs, improved responsiveness, quicker remedial or corrective services. After all, any innovation has to prove it meets the promised performance goals.
But how does designing governance make that possible? First, when new rules are being authored, they should be crafted so that compliance or noncompliance can be automatically calculated. In other words, the behaviors that pass or fail need to be some actions that can be counted. This is much harder than it may seem, since the technology has to be producing event logs that hold reliable counts for the compliance calculations.
Second, the governance controls must enable enforcement, preferably by automated suspensions, diversions, embargoes or quarantines of noncompliant transactions or data assets. This step is often overlooked. If rules are authored that cannot be easily enforced, the noncompliant actors, even if acting innocently, will balance compliance against the likelihood of getting caught. Automated enforcements eliminate the calculations entirely.
Finally, there must be complete transparency. Users must know their behavior is being monitored, the types of conduct or actions that will represent compliance (and noncompliance) and the sanctions that will be imposed in enforcement. Transparency is vital to sustaining trust; users must know that the governance is working and effective.
If you are in the midst of evaluating ITSM, take a pause and try to reset the process to include the design and production of appropriate governance frameworks -- policies, procedures, protocols, handbooks, SLAs; all will become vital building blocks toward accelerating the trust with which the innovations will be adopted and respected.
If the innovations include those from third parties (vendors, service providers, cloud access security brokers, data storage services, etc.), encourage them to help evaluate your existing governance controls, identify where the innovations create gaps or conflicts, and author the suitable governance frameworks that will help assure the success and continued trustworthiness of their innovations. If those aspects are done correctly, then everyone wins.